I need for one of my apps to update a database on my server (likes, comments, etc...) and I thought that the only way to disabilitate bots to update it constantly is through making the user create an account and via java ask for a php script on the server side to update the records, but I don't know how to get the app to understand if a user is logged in or not...
Do you have any ideas that could help me? Thank you
In your user table add two extra column device id and token. when a
user is logged in first time generate a random token and send it to
the app and update your database.In app store that token in
persistence. every time when app starts send that token to server if
token matches with db token that means u r logged in, else not.for
logout send null or zero to server. Try with this.
Related
I have created a java program that has a login screen. It takes two inputs, discordID and key.
The discordID and key are located inside of an JSON file that is automatically updated by a Discord bot that i have. The bot is made in Python.
I want to use MySQL for handling the user login requests. So my question is...
Can i open up the server for public and handle user login requests? And if that works i want to return True or False depending if the credetials match the ones in the DataBase.
Was thinking at mongoDB for example. There you can return True or False depending if the credentials from the user equals to the ones you have in the database.
It is possible if you create another app just to accept this info over RESTful API but my concern is a different one. Have you given a thought how you would transfer the ID and Key. Are you planning on setting up SSL/HTTPS because that's what you would need to prevent man-in-the-middle attacks.
I am really rookie and need an advice.
I have read documentation, and as far as i understood if you need send direct message, follow next steps:
Make authentification, eventually you get Firebase TokenId and
userId
Send them to your server side and store it in DB
When you are going to send a message you need create json and put
inside topic text and resipent userId so on...
Send this json via HTTP to your server side
When server retrive this json, it should use Firebase API to
create new message bloc child with random name in firebase
Eventually server have to find recipent user in DB by userId that we get from message.
After server will find current recipent user by userId , next we should take firebase tokenId In order to sent notification .
And send recipent user notification with such data - name of new
message bloc child
Recipent will connect to this current bloc and retrive data
It is as i understood this consept, fix me please if smth wrong?
Your suggested approach sounds good. The most important thing to realize is that you require an app server to send a downstream message to a device. Using the database as the communication mechanism between the app and the app server is a popular approach.
You could also use Cloud Messaging's upstream capabilities. But I've never tried that approach, because the database works fine for me and I had little interest in learning yet another protocol (XMPP).
You can read how I implemented it in this Firebase blog post Sending notifications between Android devices with Firebase Database and Cloud Messaging.
I am designing an application using which the users would be able to send multiple tweets(mentions) from multiple accounts and am using Twitter4j for the same. Regarding this, I have a few questions:
Authentication: The application has an authentication part.I am able to authenticate using the PIN based authentication(oob).But I want to know if it is possible to persist the access token such that the user only needs to authenticate once at the time of installing the app and never thereafter.
Exception Handling: The application would be sending multiple tweets.So I wish to know that what would be the way to check for exceptions, particularly the suspension of user account.
Limit: What would be a safe rate(I mean minimum interval between two tweets) to send the tweets hourly or per minute. Does twitter also check for the IP of the machine for suspending the accounts? I mean suppose I need to send 60 tweets.If I am using 4 accounts to do the same with 15 tweets per account and run 4 threads for the same, will that allow me to send more tweets form my app?
EDIT
Kindly note that I am making a desktop app, not a web app.So a PIN based authentication is necessary. Also I am not sure about the validity lifetime of an access token.Will the access token once generated by using OOB authentication be valid forever so that I can save it in a database and hence enable user to authenticate only once?
Some points to note:
Authentication : It is possible to get the access token without using pin based authentication, for that when you create an application you have to specify a callback url, and so you dont have to copy and paste the pin, instead a parameter oauth_verifier is appended with the callback url which you can fetch from the url itself. With this oauth_verifier , you can get access_token and token_secret as mentioned here
Exception Handling : Nothing other than simple try catch can be more helpful here.
Limit: There are two initial buckets available for GET requests: 15 calls every 15 minutes, and 180 calls every 15 minutes. Refer here for more details.
Edit: For desktop app there is no other alternative, so you have to do a pin based authentication and since twitter works on Oauth1, so as of now, the validity of the access_token and token_secret is lifetime. So authentication is required only once and the api calls can be made using same tokens.
I am developing a web application that needs to prevent multiple login using the same user name and password concurrently.
If it happens on the same machine then we need to do something with the user session, but it should also prevent if they are login on different machines using the same user name and password.
What can be the best approach :-
1) should i store the user session,credentials,and IPAddress of the machine in the DB.
2) should we use the session tracking mechanism in the application itself.If so what is the best approach?
Also , We have to keep following things in mind:
1) If user close the browser without logout.
2) If session times out.
Hope it clears the question.
Besdies data base hits (which could fail if your server is broguth down without updating db) : A data base friendly way is not to hit the data base for every re login or you could get denial of service attacks that brig you dowm. Instead implement a session listener in J2EE and check if same user is logged in by looking up the user id in a cache.
If you have more than one app node then need a distributed cache with a time out same as session time out in web.xml.
Simply have a field in your database that has text that says online or offline for each user, according to whether they are logged in or not. So when someone tries to log in with that username, check the database if the field says online for that given user on submit. If the field says online, don't allow log in. Otherwise permit it.
without using a database
you can store if a user is online in a text file
$check= "onlineCheck.txt";
$fh = fopen($check, 'a') or die("can't open file");
$nowOnline= "USER678 \n";
fwrite($fh, $nowOnline);
I am making a module for a server software that is allowing support for facebook.
The problem is with the callback URL. If one client start the authorization proccess, then another client starts the proccess at the same time, or before the first user finish. How could I check what user finished first?
I need a way to check what client's callback I'm getting. One solution would be to lock other from register until the first one has finished, but I don't want to do that. Is there another way? I have thought about including ?client=clientid at the end of the callback, but I heard facebook only allows the exact url specified in the app on facebook.
UPDATE
It didn't work to add client="clientid" to the callback. Any other ideas?
After some more searchig I figured facebook will allow a parameter: state. (thanks to #jacob https://stackoverflow.com/a/6470835/1104307)
So I just did ?state=clientId.
For anyone using scribe the code is this:
service.getAuthorizationUrl(null) + "&state=" + clientId;
I think there is no problem on adding and GET parameter like client=clientID. Facebook will redirect you to the URL you have specified and using the REQUEST parameters you can check who completed the request. The problem exist if you have specified URL as http://yoursite.com and pass redirect to http://some-sub-domain.yoursite.com or entirely different location.
if you are using the server-side flow then the oauth 2 flow will be:
redirect user to facebook
facebook then rediects the user to your specified callback
your server uses something like curl to get the access token
your server does some more curl to get maybe more user data or update the user's data
my recommendation would be to set a session cookie in step 1 and simultaneously store this session id on your server. then the session cookie will automatically be sent to the callback url in step 2 and you can identify the session in the database this way.
this will work for all service providers (google, twitter, linkedin, etc) and is the preferred way of maintaining session continuity.