I am grabbing some data to put in my iOS app by visiting an url. But now, given the URL, the users can access the content of my application without using it. Is there a way to hide the info on this URL from public?
The content I get is through a php script to get the database queries.
You can set up a security system on your website and connect to it using a special URL with an encoded variable.
For example you can make your iOS application connect to :
http://mywebsite.com/somepage.php?id=yuw7262
Then in your PHP page, you can get the value of "id", decipher it and if it is valid, allow the user to go forward. It is pidgin security but it will work.
Put some security in your php scripts.
Use $_SESSIONs to verify that a user is logged in and is using your app correctly
Related
I'm doing a soap request to an external API using Laravel & Guzzle. All other calls have succeeded to get the actual response but for the redirecting user to the external page has failed because the external API web service only allows my server IP to access that page.
I have tried:
windows.location (javascript)
location header (PHP)
return redirect URL (PHP)
This is their documentation on how to redirect in VB language :
redirection code in VB
All of these methods only use the browser redirection which is using user IP not the server IP.
Any method that I can use to redirect user using my server IP that you guys can recommend?
Thanks in advance.
Extra context/information:
Example screenshot for the fourth call which include get the quotation number and generate the url parameter
That is the code for VB that they provided in API documentation. So why I want to bring the user to the page? It is because when the GetQuotation (fourth call) is already submitted to their database and it will return QuoNo that will be used in the URL parameter. When the user gets redirected to the external page with parameter QuoNo=12412194149124, their backend will query for the quotation details that the user fills in my side (mydomain.com/form) and auto filled it on their side (otherdomain.com/form).
If you see from the screenshot, the System.Diagnostics.Process.Start will execute the url once the Quotation number (QuoNo) is generated. So once the user click on the 'buy now' button on our end (mydomain.com/form), it will call the fourth call (GetQuotation guzzle function) and generate a Quotation Number (QuoNo) then it will be populated in http://otherdomain.com/main.a5w?tokenid=wm-9Kj-14e-Fa4-I1adlXrQ00weqwe3S&QuoNo=QUO022348921312301623. Based on what my understanding on VB code, System.Diagnostics.Process.Start will force the url to be opened.
I'm sorry if it's still lacked of info given. Feel free to ask more. Thank you
What you want can not be achieved sadly. The only thing you can do with the redirect is tell the browser where to go, you have no control over the IP here since this would pose all kinds of issues regarding security and identification. The only way to achieve what you want is to wrap the html of the resulting webpage in your website or remove the restriction of the ip addresses. Another solution could be to build a simple page which is accessible to everyone and limit the API routes to specific IP addresses. For example:
Let's assume the payment gateway is at: example.com/checkout, this one would be accessible to everyone and would contain a form to which you can perform the redirect and fill this form with the passed data.
This form would then post the information to example.com/api/v1/checkout which will process your form data and return if the transaction was succesful. Based on this return the user will be redirected to another page. This is assuming you have control over the other domain since only with your server IP you can access this site.
If this is not the case there is no other way than to post the data to an endpoint via guzzle and use these return values to provide feedback to the user.
I hope this answers your question, if anything is unclear please let me know.
I'm building a web application using PHP & MySQL. A user profile displays MySQL data using a select query like so:
SELECT a.name_first,a.name_last,b.bio_category,b.bio_short,b.bio_full,b.profile_img
FROM stars_login a, stars_data_bio b
WHERE a.id_s=b.id_s
AND a.id_s='$select_id'
The $select_id variable is defined using ?id= in the URL like so:
http://localhost/public_html/profile/profile.php?id=1
I'm also looking at turning the web application into a phone app. I don't have much experience creating native apps as I'm more of a web designer.
I have however used Adobe PhoneGap before (cheating kinda, I know).
My question: is there a way to display a user profile in an Adobe PhoneGap app using a similar method to my exploded URLs in PHP?
Eg: there will be a search bar on my PhoneGap App home screen, where a user can search for a username. When they hit the search button they will be redirected to the profile view (similar to the profile.php page on my website). The PhoneGap profile page will then show the SQL data for the corresponding user.
I'm not sure if this is possible, but if it is, could you let me know how to go about it?
Also - how would I display the data that is stored server side on my local app?
I'm fairly new to all of this - I'm 18 and self teaching for a personal project of mine. All help is appreciated!
You can do this in your Hybrid app:
Create an HTML form which will serve as the front end to user
Use AJAX to send input from the user to your server
Process whatever pass parameter/s in that ajax request (such as the query you mentioned).
Return the result as json/jsonp then display the result back to the front end (no.1)
I want to make an app for this website: https://my.iusd.org/LoginParent.aspx
I wanted someone to just list the steps that I need to take to make an app that will let the user enter a username, password on the iDevice, and then pass those variables from the iDevice to that site ,so that if the authentication is correct, I can parse the data once the user logs in to show his or her grades.
If I need to make a separate php script to modify/pass variables to the site, how can I run the script for free without having to manage a server?
Thanks in advance.
How do you retrieve the username of someone on Youtube who is using your application with PHP? I'd prefer to do this without the API but if needs be point me in the right direction because i don't know what to download , I've visited the google developers site / place already.
I found some code from 2009 but it was to retrieve usernames from a youtube video and it didn't work. I tried reading the contents of page with the fopen() and file_get_contents() but it always appears as if I'm not signed in whereas I am signed in via FireFox.
Don't know if this makes a difference but I was running this on EasyPHP via localhost
Thanks
You can't, by design. You do not have their session cookie server-side where you're using fread. Youtube determines whether you are or are not signed in based on that session cookie, and you do not have one on your server.
If you want their YouTube user name, use a client-side API in JavaScript or simply ask them for it with a text input field. It is impossible to find it server-side, as it should be. Your server has no business finding out my Youtube username without my express permission and interaction.
I am developing a Flash game for Facebook that uses PHP to access MySQL to store users game info. I am a bit stuck right now though. Here is my scenario.
User logs into Facebook and starts app which calls index.php and houses my Flash game. (works fine).
I use $facebook->getUser(); to authenticate and begin gathering user information (also works fine).
Flash will then access a getdata.php file on my server that will access MySql and echo certain info (ie. fname=John&lname=Doe&age=25).
Step 3 is the problem and I'll do my best to explain it...
My getdata.php also does a $facebook->getUser(); authentication, but the user is NOT authenticated on that script, whereas within the IFRAME app, the user is still authenticated. I'm assuming it has something to do with the fact that the main page is within Facebook's IFRAME and is possibly seen as a different session than when Flash tries to connect with my getdata.php file on my server. Is this the case? And can anyone help point me in the right direction as to how I might use Flash within an IFrame app to access a script on my server to retreive variables?
EDIT: I should mention that I'm using ActionScript 3 for Flash, but I'm fairly certain the problem doesn't lie there because it will retrieve the variables, but since the user is not authenticated on the server, then it will return a success=0.
Also wanted to point out that if I access my flash game through my actual server, and not Facebook, then all works well. Another reason why I think it's a session-type problem.
This is a session problem. You should try to pass the facebook signed_request, or any data you can use to build a valid user session, into your flash file and then pass them back to getdata.php where it can be used to access the users data.