Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
So my company wants to do a small experiment and generate an email that'll be sent to about 50 workers. The email will include a link to a website (stored on our local server) and I need to be able to determine exactly who clicked the link (I have a list of all email addresses) and add the email address of the "victim" to another list. I think there's a way to do that with Node.js and Express but I'm not sure exactly how to track those clicks. Any ideas?
I'm aware that a script like that should come before the user enters the actual website and I can deal with most HTML, CSS and JS programming myself.
Thanks a bunch!
...and I need to be able to determine exactly who clicked the link...
It depends.
If you have some form of single-sign-on implemented across your intranet, then you can at least know what user account was signed in when they followed the link (which doesn't guarantee you what user it was, but people really shouldn't leave their workstations unattended and unlocked), assuming your Node.js application gets that information.
Otherwise: You can't, reliably. What you can do is make the link slightly different for each recipient (perhaps a code at the end in the query string), keeping track of which code you sent to which recipient, and then when they follow the link look at the code in the link they followed.
It's unreliable for at least a couple of reasons:
A user could remove the code
A user could share their link with other users, who then use it
Similarly, trying to use the user's IP address or MAC address only tells you...what the IP address or MAC address of the connection was, not who the user was.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 months ago.
Improve this question
I'm fairly new to coding, and when I try to find a way to lock my website behind a username and password field, every tutorial just hides them as a plain variable in some random file. I'm wanting to make the website only accessible once a username and password have been entered, but I want the usernames and passwords to be made and managed by myself, so only people I know can access it. If this is a really obvious thing I apologise, but if it's something that I can specifically look up please let me know so I can do more independent research.
There's no good way to do this on the frontend alone.
every tutorial just hides them as a plain variable in some random file.
Sounds like some pretty shoddy tutorials. Anyone could look at the source code of the site and get in.
The right thing to do would be to:
Hash the passwords (one-way encryption so that the original password text cannot be recovered, even if someone gains access to the hash)
Save the passwords in a database or (if there aren't many) in environment variables on your server
Set up routing on the server so that if the user isn't authenticated, none of the protected content gets sent to them in the first place - redirect them to the login page. (Don't serve the HTML of a protected page and then try to do validation from that page; with that approach, users would still be able to open up the developer tools and bypass your restrictions, by inserting their own code and removing your own).
Anything on the client-side can be tampered with and bypassed; gate requests behind the server instead, which is (or, has the potential to be) much more secure.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am using express,react and mysql. I want to create like/dislike system for the comments. I googled it and most people recommended to disable the button after single click. But I don't want that. Even the user refreshes the tab or access his profile from another device. When he sees that comment again, he should see that he already liked that comment and he should not be able to like it again. I am thinking of storing all the likes and dislikes in the mysql database for each user. Does it decreases the number of queries to database and affect the performance? What is the proper solution?
If you want to show the users who liked/disliked a post (or a comment), you will have to insert a new row along with the user-id for each like/dislike. And regarding the multiple-likes problem, you will have to check whether or not there is a row with the same user-id and comment-ids as the ones you are getting from the post request, if so, just ignore the request and tell the user something like "cannot like more than once", otherwise insert a new row.
Another thing to consider is, what do you plan to do in cases where a user likes a comment and immediately unlikes it ? If you are sending real-time notifications, then the target will get a false notification (that is, if you don't tackle this problem). That was something I hadn't considered and there simply was no way (but i am sure there is a trick).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I can't explain what I want to do in the correct terminology but I'll give an example.
A website has on most pages a 'quick contact' form in a sidebar. Once the form is submitted on any given page that contains it, it fades and a confirmation message appears. How can I allow the website to identify that the form has already been submitted and then just display the confirmation message on all areas which would have contained it (throughout the whole site). Ideally, this would only occur for a limited period of set time (such as after 1 day or close of browser it resets and the form is present when that specific user access' the website again.
Honestly, I have no idea where to even start with this, but an important thing to note is that the form submission is just a 'dummy submission' and is not actually sending any data to the server (I know this is wrong but this task has the specific requirement of predominately client side access).
Edit: A cookie was what I was after.
You have several options to store flags in the client-side, like cookies and local storage to name a few. If this functionality is bound to a user account, you can also set a flag in the DB table or column that's related to that user.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I have a contest site, I want it to prevent people going on it when they have submitted the form on the page. Is this possibe?
Thanks
You could build system where users are required to enter their email address, and enter a verification code which is sent to them. But they would only be able to enter this verification code once. Therefore, the only way of cheating would be to use two separate email addresses (and they would have to have access to both).
Cookies would not be the best option for this as anyone could clear their cookies.
It's not necessarily possible to stop users requesting a page, however you can either redirect them to another page or show some kind of error message to them, to tell them that they can't resubmit.
Presuming you have some kind of user registration in place already (and are tying competition entries to those users with an ID) then all you would have to do is check for the existence of a competition entry in the database and then, if one is found, either force a redirect (likely in <script> tags) or replace the rendering of the page with the notice that you can't resubmit.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
What is the best script to use for showing the current visitors or guests Online?
Thanks!
As #Ryan Smith suggested, this greatly depends on the implementation details of the website. I'm sure that there is a off-the-shelf framework offering a storefront application with all the bells and whistles (such as the types of scripts you are mentioning); however, these can range anywhere from being free and open source, or very expensive.
Implementing a script like this yourself isn't very difficult. Assuming that you're keeping track of the users on the website in some form of data store (typically a backend database) you could do something like this:
When the page loads, fire a JavaScript that makes an Ajax request
Have the page that's the target of the Ajax request select a count of the number of rows in the table storing the active users. Return this result.
When the request completes, have the Ajax callback insert the number into the DOM in whatever place you'd like.
You can set this process to repeat at certain intervals so that the pages containing the script are dynamically updated showing a relatively up to date count of the number of users online.
I think it all depends on how your tracking who's online within your application.
Usually, when someone logs-in, you create a session for them that you could iterate through based on whatever language you are using.
You have to keep in mind that HTTP is a stateless environment, so determining when someone is online is largely subjective as to your opinion as to how long ago they logged in.