I am on project in which user will give there site info. I will give him a widget code which he has to paste on his site.
On normal third party widget, if a user won't paste the code than it is his loss but in my project , if the code is not pasted , user won't affected rather its my loss. So I want a mechanism in which i could check if the code is pasted or not.
After a long search, I got clear view of what i want.
A mechanism/function which will check whether request from all the website(stored in my database) coming or not? If not receiving from any site , it will do some action.
A way so that that function always run in my server.
I too searched a lot and i find that my second question can be done with CRON job on the linux server but its the only way or any more secure way is there?[I only get to know about but don't know to apply that.]
We could take a example of Google Analytics. After adding a basic info, google gives us a code which he said to paste in our site. So how google checks whether the user has pasted the code or not? Is there any most secured way of doing this?
[FOR EASE] The flow of the project is --
USER SIGNUP ----> GIVE INFORMATION ABOUT THEIR SITE ---> GET THE CODE (javascript widget code) TO BE PASTED ---> GET INFORMATION FOR MY SITE FOR SOME ACTION
but if code is not pasted within specific time, user will get error in its dashboard.
For all this as a backend language, i am using PHP. Is there any other language is required or any other language which can make the task easy?
Any help is welcomed.
It is not your responsibility as a developer to ensure that the user has inserted the code on their site. It is your responsibility to ensure that your application displays an appropriate error message in the event that they nave not done so.
That's about all google does. If they don't detect any incoming data they check the site you have entered to see if the snippet is there if not they show an error.
You haven't mentioned what your wigget does but if its not sending data to you. You could check once a day to see if it exists or not.
Related
I built an integration with the DocuSign API in the sandbox environment and it is ready to move to production. We purchased the Basic API package this morning only to find that we can't set dataLabels in our template creation page. The attributes pane on the right just doesn't have the dataLabel field on it. I'm here to try to find out why. Without the dataLabel, we can't pre-fill data before sending it for signing as far as I know. I've logged out and logged back in to the admin console. I've confirmed it shows our Basic API package.
P.S. I understand this has nothing to do with actual code. I attempted to get help from a DocuSign live chat rep and he wouldn't give me anything but a canned response to come here and submit a ticket and refused to give me anything else.
I went through the live chat again with a different rep and we got it sorted out. Turns out they have to send you an email and you have to "enable" that feature through the email or they won't show up.
Since posting on the Disqus disqus forum seems to be a waste of time, maybe someone here can help.
I'm trying to use the OAuth2 flow to connect a Disqus user to my app's account system so I can monitor their activity (posts/comments/etc). I'm using Meteor for my app. I'm calling the OAuth2 authorize endpoint from my server code and passing the resulting HTML back to the client for rendering. This all works fine. But I'm seeing 2 problems on the client side. First, the HTML code returned from Disqus seems to be designed in a full page and the username/password fields extend across the entire window. I was expecting a dialog/modal popup like the one that Disqus provides when logging into a forum. I tried wrapping the HTML inside of a Boostrap3 modal window which mostly works except the username and password fields extend off the right side of the dialog box.
Ignoring the ugly UI the second problem is that when the user clicks on the submit link Disqus puts up and error page titled 'CSRF verification failed (403) - DISQUS'. I'm guessing this may be because the OAuth2 call was made from the server and the submit is coming from the client. If I copy the OAUTH2 url directly into the browser everything works fine. But I don't want to expose my API key and resulting code on the client side since that seems like a security risk.
All I really want to do is verify that the user is trying to connect their own account to my app (and not some other user). I'm not posting with their account so I don't need an access token (I'm calling user/details which just takes the API-key). So I've thought about creating a forum for my app and using the login endpoint to verify the username/password combo. But that dialog doesn't explain the scopes I'm asking for.
I've also considered building my own dialog box to prompt for the username/password, sending those back to the server and have the server "fake" the submit back to Disqus. But that is not a maintainable solution since Disqus might change the expected fields at any time. And it is ugly as sin.
Anyone have any suggestions? I didn't post any code since I don't believe it is a coding problem (and the code is a bit convoluted). But if anyone thinks it will help you help me, I'll be happy to post it. And, yes, I'm aware that not posting the code violates StackOverflow conventions. But I'm taking a chance that the powers that be will allow this post since Disqus support is non-existant and I don't know where else to reach out.
The basic problem was that I was using 'request' with forwarding enabled so that instead of getting the Disqus URL I was getting the Disqus authentication text. You need to render the authentication URL in a window, not the contents. That fixes the CSRF problem.
The next problem is that the URL returned by getAuthorizationUrl is bad. It is of the form 'nullhttps:...'. No idea where the 'null' is coming from, but stripping it off fixes that problem.
To make things easier for anyone looking to do this, there is a shiny new version of the Disqus NPM that includes OAuth authentication methods at https://www.npmjs.com/package/disqus.
All I want to do (for now) is have the end user authorize, via Oauth, permission to view email address, and have the script put that email address into my spreadsheet.
In testing, this works great. Buttons are clicked, tokens are exchanged, magic is made, all as expected when using my account, but when I publish and test with another account I get:
The state token is invalid or has expired. Please try again.
When I change...
"Execute the app as: Me"
to...
"Execute the app as: User accessing the web app"
...the second test account works, but I get no results on my end (obviously).
This makes me think that I've hit some limitation with the data exchanging across accounts, but this just doesn't seem right. This seems like a pretty normal thing to attempt. Maybe I'm wrong.
I'm happy to edit this question and share any code needed, but I'm pretty much using code straight off of googlesamples/apps-script-oauth2
I guess I'm mostly asking if I can do what I'm trying to.
Here's the web-app.
Please help
I need to get some spam messages from a set of gmail inboxes and post them to a server.
My initial idea was to write a chrome extension, which when installed would be activated every time the user visited its inbox, but I couldn't do it that way, since there is no access to spam messages (just unread ones through a XML file).
Then I discovered google APP script and succesfully wrote the script I needed.. but the problem is, how can I use that script for other accounts? At the moment a user needs a lot of configuration to make it work (script has to be shared, user has to install google app script, set a trigger for the function).
IS there a user friendly way to make this work? Even in other ways? I have no access to inbox passwords though.
Thanks in advace.
You should design a User Interface, deploy your app as a webApp with parameter 'run as user executing the app' and add the trigger creation in the script itself.
All this should not be too hard...
Feel free to ask for assistance if you meet some issue.
In this case don't forget to post your code if you want useful tips.
When you setup a google analytics profile and you specify the domain, does google make any sort of validation prior of registering a hit?
Does it check that the call comes from the specific domain, based on the key you are provided (ie UA-11580xxxx-xx)?
If I get the above analytics key and put it in another domain, will the hits on that site be registered for the domain for which the key was generated?
Thanks
Sort of.
By default, Google Analytics accepts hits to your account without ever checking where it comes from, so you could register your domain as foo.com, and still forever send traffic from bar.com without any trouble (or from a mobile app, etc).
However, Google provides an optional validation tool that will crawl the page of the website you provide, in order to validate whether or not you installed it correctly. But usage of this tool is optional, and is not a prerequisite for successfully sending and receiving data.
I believe it does. I dynamically generate my Analytics JS code just from the key, and, when I've put the wrong one in, I'm pretty sure the traffic appears to go to the wrong site.
I'll re-test one of my sites to make sure...
When you put the analytics code in the bottom of your HTML(with the key you got from google), first day you don't see anything, because Google is then already counting all visits on your website. after a day you can see result from the previous day.