I'm pretty new to PHP and JSON/XML, but we're forging ahead.
Our project entails logging in to a webservice (which we also built) from a handheld device and then accessing our website from that device. The point is to only allow users who have logged in on the handheld device to access the webpage.
Now, I guess this doesn't only apply to handhelds, but here's the question:
We can send an HTTPRequest from the handheld device and use a PHP script to validate login info from a database, and then return either a 'success' or 'failure' JSON object. If the user succeeds in logging in, our webservice will be opened in a browser window.
The online application relies on Session Variables for authentication every step of the way. Is there some way we can send the HTTPRequest, receive authentication, and then somehow feed the very same page we are opening some data which it will parse into session variables?
It depends on the device. Some mobile phones (like flip phones for example) will most likely not have support for AJAX. Smartphones, on the other hand, will most likely have support for AJAX.
To make it compatible with all devices, your best bet is sticking with a standard login system that posts the variables to the same page or another page for validation. Otherwise, you will be making several different websites to work on various phones.
Related
So I've start building an application for a website in Swift. The main goal is to have an iOS App which can receive notifications (in JSON from website) and can show all the features of the website.
So I can login and sign-up from the app to my database but the thing is I don't understand how to take out my session login and display it in an UIWebView. So the user has just to log-in and he can see the website with his account. The only thing I can make is to show the website as a guest.
Can someone help me please ?
As far as I know UIWebView does not store/send any cookie(session) for your web site. That means you're always not authenticated.
In order to complete your task you need to create your own cookie handling mechanism.
You need to save auth cookies sent to you by the server in response HTTP header, e.g.
Set-Cookie: JSESSIONID=ABAD1D;
Then you need to make any required request and MANUALLY put cookie header filed in your request header e.g.
Cookie: JSESSIONID=ABAD1D
Save response somewhere and render HTML in a WebView
BOTTOM LINE: All this stuff is a huge overhead to your app. Instead you need to write API of your web-site specifically for iOS(and other) apps, using different authentication approach and data transfer (well known).
What you want to do is basically create a little browser, I don't think it is a good idea.
I'm building a mobile app which will call a search engine on my website. I have PHP code to detect if a person is coming in through a Mobile device. However, I want to see if I can detect if they are coming in through my app versus a regular page browse.
In the past, I've had a hidden field on a form submission, but this is not feasible anymore.
I want to know if there is a way if somebody accesses a page on my website through the mobile app or a mobile browser?
One option is to pass a PHP $_GET parameter, but I'm looking for other solutions.
Perhaps override the user agent used in the mobile app, or send an additional header that your PHP scripts can look for
You can modify the default user agent to identify your application.
I have a booking tool which you "install" in an external website by inserting a single javascript from our server in your website and create a div node which we detect, when the javascripts loads, it executes a call to a webservice and then will load the html over a JSON response from our webservices and insert into the div node.
so basically, our tool "melds" with your website and we're very careful to namespace all our css and javascript to stop us from interfering with your website, to the point of a little paranoia :)
once our tool is installed, it runs all the webservices to our server to retrieve data.
the part I'm stuck on, is how to secure the login data, basically, we have a problem here, we don't know the people who own the external website and they are allowing people to register and login to our tool in order to buy our services, we store, process logins and give tickets to events and functions using that tool.
the problem we have is that those credentials can be stolen because the website has access to the html, javascript and probably can do some naughty jquery tricks to grab the username and password data.
I'd like to stop that if possible.
how could I secure the login, so I can embed the tool in any website (http or https) and protect the usernames and passwords entered into the tool and used to login.
any ideas?
I am developing a Flash game for Facebook that uses PHP to access MySQL to store users game info. I am a bit stuck right now though. Here is my scenario.
User logs into Facebook and starts app which calls index.php and houses my Flash game. (works fine).
I use $facebook->getUser(); to authenticate and begin gathering user information (also works fine).
Flash will then access a getdata.php file on my server that will access MySql and echo certain info (ie. fname=John&lname=Doe&age=25).
Step 3 is the problem and I'll do my best to explain it...
My getdata.php also does a $facebook->getUser(); authentication, but the user is NOT authenticated on that script, whereas within the IFRAME app, the user is still authenticated. I'm assuming it has something to do with the fact that the main page is within Facebook's IFRAME and is possibly seen as a different session than when Flash tries to connect with my getdata.php file on my server. Is this the case? And can anyone help point me in the right direction as to how I might use Flash within an IFrame app to access a script on my server to retreive variables?
EDIT: I should mention that I'm using ActionScript 3 for Flash, but I'm fairly certain the problem doesn't lie there because it will retrieve the variables, but since the user is not authenticated on the server, then it will return a success=0.
Also wanted to point out that if I access my flash game through my actual server, and not Facebook, then all works well. Another reason why I think it's a session-type problem.
This is a session problem. You should try to pass the facebook signed_request, or any data you can use to build a valid user session, into your flash file and then pass them back to getdata.php where it can be used to access the users data.
Hello I am looking to build a basic API and application/apps system on my social network something like Facebook or other sites have, my site is in php/mysql. Here are some questions.
1)
Basically what I want to do is give a user a API key and secret. After I have these how can I use them in my php app to authenticate a user request which would come from there server?
2)
I can basically build an API to send a request to my server with CURL and get the result back to the page in XML or JSON or whatever, the problem is when sending the request the user would have to know the user ID they want to send to lookup data against, this is fine for an API but I am wanting to have an Apps section where the user's app site would be using the API and would be loaded into my site in the app section with an iframe, the problem is, I need to find a good way to make it where a logged in user on my site can go to the app section and go to an app and there username should be available to that page loaded in the iframe. Facebook and myspace do this somehow and many other sites; I am lost how to get around this hurdle.
Any help on any of this is really appreciated, thank you
Update:
I just had an idea, if I require a cookie to be set when a user visit's my site, then they would have a cookie and it could hold there User ID, then my API script could look for that cookie to exist and grab it's value?
If you plane on using an IFRAME, then no, your API hosted on a separate website (the website inside the IFRAME) would not be able to grab the cookie. The cookie is only visible on the website that it was set for.
I have only used Facebook API with the FBML (not the IFRAME,) but all they do their is basically replace what's in the page with the info that the "tag" is calling. I'm not sure if there is a better way, but you could possibly call a page on the app's server (say the app is hosted at http://example.com/app/, and you called http://example.com/app/?id=28318&name=John%20Maguire,) and have your API code handle it and turn it into a variable?
Maybe you should look into the source code of the Facebook API client.