Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm developing a mobile web for android, iphone & blackberry. We should enforce license for users. Let us say this product comes with 3 types of license.
1 user 50USD
3 user 100USD
5 user 200USD
10 user 300 USD and so on...
They say "if customer has purchased application for 3 users then he should be allowed to access the application only in 3 devices, when he tries to access the same in 4th device he should be sent to some error page"
Let me explain further, we are designing a table, order selection app for restaurant, where every table(or waiter) will have a mobile, he/she opens the application and orders for the selected table. In such case a web app can be accessed in any device and customer may buy and install the app on their server and ask every one to access. That means he'll buy the product for one device and uses in many. So through PHP we need to limit the product to only one device. Remember it can be any device he's wish whenever, whatever the device he might use application should be accessed by/on x devices.
How can we do this? Any suggestions are welcomed.
Thanks in advance.
(FWIW I'd be very skeptical of buying a product licenced per device rather than on the basis of a named user).
The problem will be differentiating between devices.
While browser finger printing can provide very impressive results these datasets are predominantly filled with desktop browsers - I suspect you would see a lot less variation between mobile browsers (when was the last time you installed a new font on your android / iphone).
make a database of allowed devices, and set those devices with a cookie or track the users ip address (not recommended since it changes). You might also want to look into UNIX timestamps for figuring out time operations related to this.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
My question is about logic not api specific.
if I have an e-commerce application that consist of 2 separate components (one is for the seller and the other for the buyers) and I have, lets say, laravel php admin panel for customer support (as super admin) and amdin panel for sellers can use web browser to edit their product pages and reply to customer in realtime. (now sellers has 2 options android app and web page to do same job)
How the hosting is done for the website (admin page) and android application, according to my understanding is:
1- admin panel (webpage) will be on server hosting the Laravel and MySQL database.
2- Android application will retrieve data from database from server.
3- when sellers use their android application to add products.. Database on server will be updated.. so buyers can see the new added items.
4-When Buyers uses the chat interface in android application then this database will not use the server where the Laravel (or any framework) admin page are hosted.. instead it will connect to real time plateform like firebase.
That is my understanding for this type of application and the overall relations between web server and android app.. Is that logic is right? please any advise will be helpful.
I was using pusher for my realtime chat, you can store messages in your database and broadcast MessageSent event with pusher, listen channel on front of your website/app and append chat with received info from pusher.
You have to make 2 channels
Broadcast::channel('/user/chat/{userId}', function ($user) {
return $user->id === $userId;
});
Broadcast::channel('/admin/chat', function () {
return $user->isAdmin === 1;
});
and broadcast user messages to /admin/chat route and admin replies to /user/chat/{userId}, hope it helps
Read docs: https://laravel.com/docs/5.7/broadcasting
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I am developing an app in which there is a chatting functionality also , except chat my rest app is done now i want to integrate chat in my app for which i am trying xmpp , i have tried a sample for xmpp with my own jabbered server and its working.
Following are my question are
1.How to integrate my app php data with jabbered server to show list of user chatting with there image , name , time and last message like the whats app chat list etc. like the image below
2.Flow of xmpp , like how its works example first the message is sent to FCM then to jabbered server and then to Device or it works differentely.
How to manage chat history , do i need local database to maintain it or jabbered help for history also.
Any suggestion , link , example will be appreciated Thanks.
I think you are asking a lot of questions at once. The way you want to implement it all with your server depends on you. But the best I can say to my own knowledge is that chat storage on WhatsApp is done on the device. Messages can be stored in an Sqlite database. I use node.js to power my own server. It's not possible for me to give you the full detail of how it all links together but I can try by saying I have an xmpp client on my Node.js server. Once a user registers the xmpp client is made to register the user in the ejabbered server also with the same username. So since the user info is in the table with all of his/her details they can easily be queried for by username from the Android app.
You need to do some research on xmpp, and maybe Node.js and SQLite.
FCM is something different and you might not really need it in the flow
first sorry for my poor English.
Answer for 1st,
XMPP Provides Register using PHP Service. Basically, Register from your device if successfully then register save user data in your server database. after register user you have to register user in XMPP, right now i don't have PHP snidest code.
other way is if user successfully register then it will give you register data. Take user id as register user in XMPP from your device.
i don't know how you manage your friend list but suppose you have user id using it concatenation suffix name with it you can send message.
Answer for 2nd,
You need refer document and make message format in XML and/or son .
in Message format you have to define sender id, receiver id, sending time, message and you can define your custom attribute. sender send message in XML format and receiver evaluate message.
Answer for 3rd,
You have manage local database for individual chat because it server work is over after delivering message to you. In group it will provide history message but here also you have to manege local it's database.
hope this information help you.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I will be selling a new product that will be managed by a web application on my own servers.
The web application will allow to manage some devices.
I would like to limit the amount of managable devices to the number of licenses bought by the user.
My web app is currently allowing to manage all the devices with no quantity limitations.
I don't know where to start to implement the licensing (license key generation and checking) nor to limit the devices based on the license keys the user owns.
Any help would be more than welcome.
Thank you in advance.
FYI: I am using jquery, php and mysql.
I would implement several tables in database, as it is shown below:
There will be the following entities: User, License and Device
And these entities will be related to each other as it is shown above. Every license will contain information about qty of licensed devices.
When a device connects to your service your service recognizes it by its id, which is being sent by device upon the connection. Then you can check, is the device registered, and what license is related to this device.
Limitations on quantity of devices will be checked upon device registration.
When a user registers a device (adds information to tables: Devices and LicensedDevices), your code should check the quantity of already registered devices with this license against devicesQty field value in Licenses table.
And if devicesQty value allows to add more devices, then your code adds new device to the database.
UPDATE:
To control quantity of licensed devices you need to register these devices (for instance - using unique ids of these devices). Otherwise you cannot control quantity of devices which are using your service.
One device connects, works, disconnects, then another, then another and so on. How can you control quantity in this case? I think there is no way unless registering ids of these devices.
And if a user changes his device to a new one, then there should be a procedure to update information about a registered device.
If your customer uses only web-browser to use your services, then the only way to control license/devices is to bind userid+password+deviceId to a license. And check this information upon logging in to your web-service/web-servers.
If you are using a native application on mobile devices to connect to your web-service then there is more sophisticated way.
Implement license key generation/verification via asymetric encryption approach.
For each user generate public and private key. Then store private key in your database and do not show it to anyone.
Let say your public key is: ABC-123-456
Use Base64 algorithm to convert public key bytes to alphanumeric characters.
Then, upon selling a license generate an arbitrary unique license code.
Let say your license code is: XYZ-789-012
And provide end-users with public key and license code: ABC-123-456 and XYZ-789-012
User sets public key and license code to the custom mobile application settings. And this application encrypts all sending data with this public key. And license code is included to the data package before encrypting it.
When your server receives a data from a device, it finds appropriate user by deviceId, then it finds appropriate private key to decrypt the data package. And then it inspects this data package on correctness.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Our company works with affiliates that promote our products. They get paid based on how many sales they bring to us.
To track conversions, they ask us to put third party tracking pixels on our "thank you" page (final page where our customer is being redirected after payment through third party billing processor is complete).
So, we ended up with a ton of tracking JS code and hidden iframes on our "thank you" page.
Is it safe?
The billing processor sends sensitive data to this page via GET variables that we'd rather not make accessible to the affiliates.
Or maybe there is a better way to do this? Like, store all the tracking code from our affiliates in a database and only load the one that matches the customer's referral?
UPDATE
I'm worried about "third party tracking pixels" that are not from the "trusted" third parties (Like Google, Yahoo) but custom-made by our affiliates.
You do not have to worry about affiliates. Usually such solutions only talk to your partner and gets distributed on that end.
As for GET parameters or page content, just read the JavaScript code and see how it behaves. If it doesn't eval some response and doesn't touch DOM elements and cookies you're fine. And I really see no reason why they would need to do that. But if the partner seems untrustworthy, why deal with them at all?
Note that if you request a static resource, as an image, only cookies set by image's location domain are being sent. To see what's going on your page use Firebug or Chrome Developer Tools and check what request headers are being sent.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
ok heres my problem, im creating a site where people sign up first then pay straight after, my problem is what if the customer who signs up uses a different card to pay so for example, his wife. im trying to work out how to match the sign up info and the payment info without having to store the card details and get an ssl cert.. i need this so i can tell if they paid.. im writing it in php, it currently sends me an email when they sign up rather than straight into a database, any help?
Simplest thing that comes to mind would be to have options on the payment screen that let you:
(1) Use the billing info you supplied during registration
(2) Specify the name as it appears on the card (as most sites I've ordered from include)
Does this answer your question?
If you are concerned about matching the account to being paid if they use a different name, you most likely have some kind of $Session going on I would think. Use the user's login information from the Session() and then you can tell.
We use Authorize.Net for our payment processor. They have two different APIs which give you different levels of control (AIM - Advanced, SIM - Simple). From your description of not desiring a SSL Cert, SIM would be the best way to proceed.
We have designed our system to collect as much information as possible from the customer and then pass (via POST) to AuthNet's SIM method where they only need to enter in their card-specific information (number, expiration date, and CID). If the transaction is successful (and also in some failure cases), they notify us by a pre-defined 'silent-post' transaction and also redirect the user to a 'relay url'. We provide AuthNet with an order/invoice number as part of our original post data, so we can use it in their silent post to match up their payment with the appropriate order.
The SIM interface has worked well for us over the years and we now have it tweaked via CSS so that it closely resembles our site despite being hosted elsewhere, saving use far larger PCI-DSS compliance issues by doing everything locally.
im trying to work out how to match the sign up info and the payment info without having to store the card details and get an ssl cert
In that case the best advice is to use something like PayPal, Amazon Payments, or Google Checkout. Other than that, your question was a bit hard to decipher.
i need this so i can tell if they paid.. im writing it in php, it currently sends me an email when they sign up rather than straight into a database, any help?
Most 3rd party payment processors (PayPal, Google, Amazon), provide a way of checking payment status. Most also offer pinging a callback when the payment status changes.
PayPal IPN
Amazon IPN
Google Notifications
Many credit-card processing options will send a response to your server containing crucial information about the user that you can use to verify that they have successfully paid. For example, PayPal has an IPN (Instant Payment Notification). You can use the data returned in this to automate a process on your server that states the user has paid.
My advice is to contact whoever is processing your credit-card transactions and ask what options they provide for relaying information back to your server to verify which users have suffessfully paid for the products/services.