I am trying to implement a website which among other things, let users invite other users to specific pages. Unfortunately the link address of those pages are fairly long, and often cross the 70 characters limit. SO when I add them to the mail, even if I start a new line before the link, still the link address is cut halfway, and then the email client (gmail, for example) assumes the link ends at the end of the line. SO when the user clicks on the link, they experience it as broken.
I am coding all this in PHP, but the problem seem to be general.
What is the standard solution to this problem?
Place the URL in <> brackets. Most mail clients will parse the URL correctly and make it clickable, even when wrapped.
<http://www.somereallylongdomain.com/somereallylongdirectory/somereallylongfilename.html>
You could use a URL shortener to redirect to the longer links. Bit.ly has an API with which your code can interface for this purpose.
I don't know if there are better solutions, but you can implement a url shortener with http://yourls.org/ or with other tools...
Create your own URL shortening solution. There are several ways you can go, depending on the complexity of your requirements:
if you're using only a few selected urls which are always repeating, use apache rewrite
if the url is user specific or changes in other ways from case to case, use a database table that stores a short url and the original url
if you don't want or can't implement your own solution, use an existing url shortening service via an API, but make sure not to expose security relevant information
Related
Is it possible to post to Google + through PHP using some kind of API? I've read many conflicting statements on various places, including here on SO.
I've read that you need an analytics account, that you need to add a website to your page, that it isn't possible, that it's a closed service and you must apply, that you need your GMail username & password .etc.
Just really looking for a bit of clarity really. Found this, but I'm not sure if it allows this functionality. The lack of documentation really makes it quite daunting looking into this as well, there is literally nothing I can find at all.
Another option I've found appears to work, however it was from a website where you must pay to download the API. I'm genuinely not sure how or if it can be done.
Google restrict this API to whitelisted partners and companies through https://developers.google.com/+/web/api/rest/pages-signup
You could however use a third party script such as https://gist.github.com/zachbrowne/3301749 which handles the posting as if it was a logged in front end user rather than a direct API update flow.
I have a hybrid WordPress plugin that fetches all data using curl from the main server. Let's call it A.
B is the client that requests for data and also can send data to A.
Now every request is encrypted and authenticated using a API access keys.
But the problem here is if I copy the plugin from B to a new client site C, the moment I use the same access keys etc. the plugin starts working.
I want to be able to restrict the access of one API access key to one domain name. How can I attain that?
I'd say to include the allowed host's IP address (B) in your access key administration.
So: when B does a call, you can validate the key and the IP it's calling from.
On A, you can use something like $_SERVER['REMOTE_ADDR'] to test the IP calling the script.
Two downsides: when sites move servers, the plugin will stop working. And of course, people can still spoof their IP, so there is a way to get around this, but at least you make it a lot more complicated and probably not worth the hassle for most cases.
A suggestion by TJHX
Make it part of the license you give your customers. The honest ones will follow it, the dishonest ones will find a way to break your DRM. This is a problem technology can't really solve confidently, especially when with things like wordpress people can just see your code - By TJHX
I have also looked into a lot of options but the mere fact is that the user always has access to the code in the wordpress plugin and can easily make amendments to the CURL request Headers even if you encrypt it.
All we can do it add it in our Licenses.
In my plugin, there are iframes that will be loading the data on the frontend so I am going to accept the domain name when the user buys the plugin and will check the referrers to my iframe to sort this issue out.
Thanks a lot guys for your help.
I have been told to work out a means of calculating whether a user has accessed a website from scanning a QR code or by accessing through normal methods. The company are using Google Analytics. Ideally the system would calculate what country the user is in when the QR code was scanned, although I think Google analytics does most of this for me.
My initial idea was to have a blank redirect page in the middle of the QR code and the full site, and put some separate analytics code in to that. Alternatively I could perhaps throw in a PHP referrer script that alters the analytics code based on the response, but this would still require a landing redirect page.
I'm a bit of a newbie, and this is quite a big client, so I thought I'd ask on here before starting anything that might not be the best method!
That’s one good option. Another would be to use a query string parameter in the URL, like this:
http://example.com/page/?from=qrcode
If you have control over the QR codes, you can add a GET variable to the URL, and then in your index page, you merely test for the QR-code GET variable and {do magic} if it is set or has a certain value.
I would use an intermediate page, as it gives you one point of entry for all QR encoded URLs.
From the QR code:
http://yoursite.com/qr.php?url=http%3A%2F%2Fyoursite.com%2Ffoo.php
Anywhere else:
http://yoursite.com/foo.php
Then on qr.php, you would simply use a header() redirect to $_GET['url'] after you're done with whatever statistics you're going to record or analyze.
Well if you can change the QR code:
-change the info to something like www.client-site.com\landing.php?referer=qr
You can check then in your landing.php
If you can't (then it is messy):
-when accessing through QR code then the HTTP_REFERER is empty and the client is using a phone with a certain browser, you can use this info to determine if he is using a phone and accessed the page directly (90% of cases people use Google before goint directly to a site- in this case you have a HTTP_REFERER)
Hope this helps...
I would build your URL for the QR code using Google's Analytics URL builder.
That way, you don't have to create custom filters are anything. Also, if you ever create new QR codes in the future on any other marketing material, you can track which marketing concept worked easily, rather than just saying that it was just a QR code that brought them to the site. Good luck.
I just added OpenID to my website using the PHP janrain libraries, and I got everything working but I have a question about how to do something.
After receiving the openid_url from the user, I pass it to the openid lib, which then processes the url and gets it ready to send to the OP. How can I retrieve that URL?
Why I ask is because my script currently sees http://mysite.com and mysite.com as different URLs. I know the library normalizes the URL, I just don't know how to extract it.
I hope I made sense, and thank you for helping.
You get the final URL you want to use for tracking purposes back with a Auth_OpenID_SuccessResponse object, in the claimed_id attribute. (The getDisplayIdentifier() method outputs a version more intended for human consumption, which may or may not be different.)
Here's the deal:
-Flair pretty much demands a Facebook app
-I'm working on learning the Facebook platform
Therefore, I've written a dinky little Facebook app to embed your Flair into a box on the side of your profile. If you're interested and on Facebook; beware that this is very much a work in progress, prone to change and has a whole bunch of rough edges.
However, I don't have an elegant way to say "this is MY Stackoverflow profile" from this dinky app. My current solution is best demonstrated this image. It is, frankly, idiotic; and there's nothing preventing impersonation.
Having no experience with OpenID, I'm wondering if there's some way (and some example of this way, please) to get a user to provide their Stackoverflow identify to a third party?
Behavior changed to that suggested by Noldorin's answer.
Request for a saner way to do this declined on UserVoice.
There's no way to get a StackOverflow ID from OpenID and to do the opposite would be possible but unnecessarily complicated (compared to your suggested method). Copying and pasting the user ID/profile URL isn't terribly inconvenient, in my mind.
However, I can suggest some sort of solution to the issue of impersonation. This may seem like a slightly silly method, but it's the simplest way of which I can think to insure that only the user themself can display the badge. Again, I don't think it's too inconvenient. (The more traditional method of using an email confirmation isn't possible, given that emails aren't public.)
Have your Facebook app generate a random (alphanumeric?) code. Something in the form A8IO45QW6T should do.
Hold this code on the server side of your Facebook app for a short time period (say, 5 minutes).
Instruct the user to edit their About Me information by adding the given code to the last line, then to return to the Facebook and confirm. Simple inspection of HTML for the profile page of the specified user would verify ownership. The user can then remove the verification code from their About Me text.
Nice idea creating this Facebook app, by the way. I may just give it a try!
Another solution that would allow for instant verification is hashing the email address and checking to see if it matches the user's Gravatar. Granted, not every user has provided an email address, but you can always perform this check first and if it fails you can fall back to the About Me section editing (or simply require that the user have an email address). This idea is not mine, so I'll let null explain:
Do you still have the source available? As I've gotten a solution to prevent other users from messing up your results. You just need to hash the email address used by the viewer and check for the gravatar image link on the page as outlined on the gravatar site. If the user id and image hash match, then record the change to the database, otherwise... just show results. I can make that change, but the source seems lost... :(