I want to set up my Drupal site to embed private videos from YouTube. I am the owner of these videos, and I have marked them as private to protect them from the general public.
From the documentation, I have seen how to do an authentication where the user is taken to youtube, has to log in to his account, and consent to give my web app access. Instead, I just want to always be logged in to a designated youtube account that has the necessary permissions. What would be the best way to go about doing this?
It appears that I could use the ClientLogin auth method to get what I'm after, although the documentation sternly warns this is only to be used for desktop applications. I'm guessing it's only for security reasons, because they don't want services storing user's credentials. Obviously that's not the case here, as I just want to log in myself. I'll see how it goes.
There was a discussion on this issue a few months back in the Drupal forums.
The third comment is of interest as it specifically says that private videos can be embedded in your Drupal site and will be accessible once you login to Drupal. I have no first hand experience, so can't confirm or deny.
On a tangent, I've just finished working with developers in a situation where we had two sites, both pwd protected, and we wanted just one login gateway (i.e., once you login to either, you've logged into both). The solution of choice (and this may be way over the top for your needs) was simpleSAML.
try Dash Player for Drupal. What I did is host the videos in the site and this is how they look with Dash Player http://www.salvation123.com/node/35
You can actually add YouTube videos on a playlist just RTM on that ;-)
Related
I research about encryption/decryption mechanism & found many solutions like AES Encryption/Decryption. But, I want to secure my video just like videos secured in Hotstar, IMDB, Amazon Prime etc. For this I got a solution related to DRM mechanism. I understood its working process but, how it will be integrated from php side & connect it with mobile apps. Is there any other way to achieve security like apps that are mentioned above.
This is not an encryption question.
It's an authorization question.
I suggest using some login mechanism. like wordpress/drupal have.
The first user will share the video to his friend (his friend email address)
The friend gets an invitation email, to register an account and watch the video.
The friend, register with the account, and logs in.
in the page "Videos shared with me" he can see videos that the original sharer, shared with this particular e-mail address. (this information comes from some database)
Now for the streaming part,
make sure that the folder you hold the videos is not accessible from the internet. (some other folder, higher than public_html or use .htaccess on a private folder to restrict access directly.)
when viewing the page "Videos shared with me" generate a link to the video that goes to your PHP controller. something like www.mywebsite.com/watchvideo/620
when someone asks this video, you check if this person is logged in, and his account has access to this video again. if so, stream the video with the php buffer. learn more about: php output buffering and stream the video using readfile
If you find this answer helpful, consider to accept it.
I'm using the plugin Like 2 Unlock for jQuery.
I'm creating WP plugin and adding this plugin to lock some settings content.
When liked, it will be unlocked and people able to manage settings.
The facebook App need the website added to the Facebook App for it to work. Since this is going to be WP plugin, it will be hosted on others people domains. Well, in this case it will not work because their domain won't match with my domain in FB app.
Do the facebook app settings have something where you don't need to specify your website and this way no need to be tied to a specific domain?
Like Gating is not allowed and not possible anymore: https://developers.facebook.com/docs/apps/changelog
You must not incentivize people to use social plugins or to like a Page. This includes offering rewards, or gating apps or app content based on whether or not a person has liked a Page. It remains acceptable to incentivize people to login to your app, checkin at a place or enter a promotion on your app's Page. To ensure quality connections and help businesses reach the people who matter to them, we want people to like Pages because they want to connect and hear from the business, not because of artificial incentives. We believe this update will benefit people and advertisers alike.
I've been working on an app for IG, and was looking at other websites which use the IG API. I came across this website which allows the user to login by entering their username and password directly into the site. It is then able to access the IG API and fetch things like follower count, however without the user authenticating an IG API Client as would normally be required. The app can even perform functions such as liking pictures using your account, which as far as I know also requires you to authenticate an app with elevated privileges.
My question is, how is this app able to login users without using OAUTH which appears to be the only method of authentication?
They probably use a web automation framework like Selenium to take actions like auto-linking content by actually logging in to the Instagram web site with the accounts credentials and simulating mouse clicks, etc. to get the job done. In other words their "script" just looks like a very active user to Instagram because it's all coming from interactions between a web browser and their site.
They definitely are not using the API. Several reasons you can know this:
no OAuth flow to get an access_token
they don't appear in the authorized applications section if you log in and manage your profile
what they are doing is a violation of the API Terms of Use. See the following under "shall not"
Use the Instagram APIs to post automated content to Instagram, including likes and comments that were not initiated and entered by an Instagram user.
I'm no lawyer and I have no inside information, however it seems clear enough to me that Instagram does not want this type of "bot" activity.
They claim that they have the timing set up in a way that they go undetected, but I think it's a safe bet that there are algorithms at Instagram trying to detect and prevent this type of activity and if they do, accounts would be at risk of being disabled, etc. I have not inside knowledge here, just speculation.
The Instagram application that you use from your cellphone uses HTTP/HTTPS communication with their application server. The link that you provided on the question uses to simulate those http calls to mimic as an Instagram application.
You can redirect your cell phone's Internet connection through the proxy(your own proxy server). From your proxy server catch the web requests those are being sent by the Instagram application when you are doing login, liking, etc.
It will be easy for you if the requests are through http channel. But if its through the https, then it will be really difficult to capture those. You can try with Fidler or some sort of similar softwares for this.
What I THINK is happening is the following:
They are logging your PHPSESSID and using that so you have the ability to like pictures and whatnot. They are doing all of the back-end work directly in index.php.
If you track the requests that are being sent to index.php through the Network tab in Chrome, you will see that "Cookie:_ instamacro_advcontent=1; PHPSESSID=" on the index.php file "Headers" tab.
I'm doing the same with my website that uses Vine's API(not public, btw). In a PHP file I created called api.php, I use Vine's API to perform actions. I do not use OAUTH at all. I simply use the users "x-vine-session" cookie.
I have a protected twitter account but I want to be able to show a list of my most recent tweets on my website.
I'm prepared to dive in to the twitter docs but I just wanted a heads up to know if its possible?
Would my script have to autenticate with my account or is there a way to allow access to my twitter account from a particular IP?
Thanks
Yes, definitely possible. I don't know if there is a simpler solution, but one way would be to create a new app on Twitter which your account authorizes. In the authorization process, Twitter will give you access tokens for your specific account. Store your access tokens in a database. Read your tweets from a PHP widget say, which uses the Twitter PHP API, and uses your access tokens to display it.
When you are retrieving your tweets, it doesn't matter if it is protected or not as long as you have authorized that specific application.
Simply put, the widget that displays your tweets is a Twitter application that you have authorized. (one-time authentication)
Well I don't think so you can read anything from Protected account.
I was reading few articles about the same issue and here is the alternative solution if you would like to give a try. (I personally didn't tried it so leaving up to you to give shot)
http://www.ehow.com/how_6474863_protected-twitter-updates.html
I've read quite a bit of documentation, and it's all based around on setting up full blown Facebook integration on your site to the point where you're completely relying on Facebook.
All I want to know is 2 things:
1) How do I allow my users to find out which of their Facebook friends have already joined my site
2) And what's the easiest way to let them invite Facebook friends to the site?
The site that does it perfectly and exactly how I want to duplicate is Gowalla at http://gowalla.com/friends/find
Note: I've never used Facebook Connect, however I have an API key somewhere.
You need to become best buddies with the Facebook Developer Documentation, especially the web guide.
Where you can start is the Login With Faces plugin, although the Facepile could apply as well. But understand this: If you're not using Facebook to authenticate your users (i.e., using Facebook Connect*), these plugins will be worthless to you.
In terms of inviting people, there's not going to be a great way to do that. You can implement request forms through the XFBML ServerFbml tag, but that's really for inviting people to other Facebook entities, not your own site. There's the share button but that's not really the same thing as an invite.
**Note: It's actually no longer called Facebook Connect - they are slowly moving away from that moniker. They are moving to the terminology "single sign-on". However, the "Facebook Connect" name still pops up in many places.*