I've accidentally made (and distributed) a QR code to a URL (important: not a VCARD data set like below). So now I need to redirect visits from the URL "directly" to the VCARD data:
BEGIN:VCARD
VERSION:3.0
N:Doe;John;
FN:John Doe
TEL;TYPE=CELL:54321
END:VCARD
I say "directly" in the sense that iPhones happily offer to save the contact if the URL is to a .vcf file but, based on my tests, androids don't and instead need to have the QR code go "directly" to the data set (I don't know another way to get an android to directly prompt to save the contact?).
I studied some related posts but they talk about getting the android user to first download a VCARD file or an app or generate a .vcf file which is not my situation as my URL already goes straight to a .vcf file.
I don't know for sure whether it's possible to get the android to prompt to save a contact if I return the VCARD data set through redirecting to a page with some magical PHP functions.
Because the androids don't prompt to save a contact upon visiting xyz.com/jd.vcf, I need to "redirect" that to the VCARD data set - but given that it isn't a "URL" I can't redirect to it.
I did it in PHP! The below works for iphone and Android, so no need to split the URL visits by device either!
# Send correct headers
header("Content-type: text/x-vcard; charset=utf-8");
# Set variables for contact information
$family_name = "DOE";
$given_name = "JOHN";
$additional_names = "";
$prefix = "Mr";
$suffix = "";
$formatted_name = "$prefix $given_name $family_name";
# Output vCard data
echo "BEGIN:VCARD\r\n";
echo "VERSION:3.0\r\n";
echo "N:$family_name;$given_name;$additional_names;$prefix;$suffix\r\n";
echo "FN:$formatted_name\r\n";
echo "END:VCARD\r\n";
Related
When I paste my website link at a social network (Facebook or Twitter for example), the social network access my site to show a preview to the user.
I want to separate this access from real access at my reports, but to do this, I need to identify this cases.
This kind of access send any kind of information that is default for everysite that I can identify that this access is not a real user, but a robot?
You should be able to identify those robots from their user-agent string.
For example, Twitter uses the User-Agent of Twitterbot. And Facebook crawler identification is documented here.
You can use the User-Agent to do that.
if (strpos($_SERVER["HTTP_USER_AGENT"], "Twitterbot") !== false)
echo "TwitterBot";
else if (strpos($_SERVER["HTTP_USER_AGENT"], "facebookexternalhit") !== false)
echo "Facebook";
else
echo "regular user";
https://developers.facebook.com/docs/sharing/webmasters/crawler
I'm trying to make a request to post / upload a new media with WP API v2 (WP 4.7.3). I'm using a Node client (https://github.com/WP-API/node-wpapi) to deal with this.
As I'm only getting errors 400 rest_upload_no_data, I'm trying to find which fields are required to perform this action.
What I'm doing:
wp.media()
.file( uri )
.create({
title: 'My awesome image',
alt_text: 'an image of something awesome',
caption: 'This is the caption text',
description: 'More explanatory information',
status: 'publish'
})
.then(function( response ) {
...
I checked the docs (https://developer.wordpress.org/rest-api/reference/media/), but I can't see which param is required or not.
Any help?
The issue is likely that the .file() method expects a Buffer or local file system path (if running in node) or else the file object from an input field (when running in the browser). A URI string cannot be interpreted as an image, so no image data is sent, causing the "no data" error.
If you are running this library in a browser, you can send an image using the files object of an input:
var data = document.getElementById( 'file-input' ).files[0];
wp.media().file( data )...
The WordPress REST API does not (to my knowledge) support side-loading images, so to upload a remote image you would first have to retrieve it, and then forward that data up to the API yourself.
Edited to include a link to the file upload documentation for the node-wpapi library:
http://wp-api.org/node-wpapi/guides/2016/08/15/create-a-post-with-featured-media.html#client-side-media-handling
http://wp-api.org/node-wpapi/using-the-client/#uploading-media
First of all, I'm not a security expert and new to form validation, password storing and wp plugin development. Any wp plugin tutorial I've been looking at never had a chapter about API passwords. Googling for wordpress password issues didn't return any satisfying results. So that's why I'm asking here.
I want to create a custom Wordpress Plugin which works with a Soap API of another page. To use the Soap API a login is needed. So the Wordpress built in functions add_option(), update_option() and get_option() are all working with plain text.
But I know that in the wp_config file authentication keys can be saved. But how to use them in an option page form to encrypt the password? And would it be possible just to store them in the database, decrypt it and use it in the backend but not showing it on the options page if the user visits that page again. So that the password field just has some black spots in it (not the same amount of the chars of the pass) and the password option only is updated if something is written into that field.
Normally the code is like this:
register_setting( 'my_plugins_option', 'my_options', 'my_validation_function' );
$options = array(
'user' = > 'name',
'password' = > 'pass',
//... other options
)
update_option( 'my_plugins_option', $options );
But how could I make this more secure? I've seen many plugin examples but nothing was about storing passwords. I'm looking for something like this:
function my_validation_function($input){
if($input['password']=='•••••'){
//use the default value of the database if nothing was changed
$old_options=get_option('my_plugins_option');
$input['password']=some_decrypting_function($old_options['password']);
}
else{
//use the password sent from the form
$password=esc_sql(some_encrypting_function($input['password']));
}
// ... validate the other inputs
update_option( 'my_plugins_soap_api_pass', $password );
}
P.S.: This code is not tested yet of course because I don't know how to work with passwords in wordpress plugins and so I wanted to ask for the best practices first.
The other question is: If the modified version of the code from above would work and the password is saved once and never loaded into the Dashboard frontend again (just showing this: '•••••' once typed in) would it be save to work with the get_option() function, decrypt the password and use it in the backend?
Here are a couple recommendations. They aren't specific to WP, but can apply.
1) Save an encrypted password in the options table (use whatever encrypting function you want, just don't write your own)
2) In the options page, simply do NOT output the password. Leave that field blank, and don't require it to be entered if there is already a password stored in the database.
3) Only decrypt the password retrieved from the options table just prior to actually needing it in code.
I am trying to log onto a website using python and requests. I'm pretty sure I am logging on properly. The next part is I go to a different page and try to download a file from that page. However, in order to download the file you have to be logged in. When I go to download the file, however, it redirects me to the log-in menu saying I haven't logged in. I am stuck and don't know what to do! By the way, the website is grabcad.com, what I'm basically trying to do is press the download all button featured on such a page
http://grabcad.com/library/apple-ipod-touch-5th-gen-1
payload = {'member[email]': 'username', 'member[password]': 'pass'}
with requests.Session() as s:
rObject = s.post('http://www.grabcad.com/login', data=payload)
cookies = rObject.cookies
rObject = s.get('http://www.grabcad.com' + downloadUrl, cookies=cookies)
#download URL is something I obtain early and I know it's correct. It's the URL for when you press the downloadAll button
path = 'C:\\User\\Desktop\\filename
with open(path, 'wb') as f:
for chunk in rObject.iter_content():
f.write(chunk)
So I took an altogether different route to solve the problem, I simply used mechanize which is an automated browswer tool for python.
#how to use mechanize to log-in, specifically for grabcad
b.open('http://grabcad.com/login')
b.form = list(b.forms())[1]
control = b.form.find_control("member[email]")
control2 = b.form.find_control("member[password]")
control.value = 'username'
control2.value = 'pass'
b.submit()
#Download Part
path = 'C:\\User\\Desktop\\filename
b.retrieve('https://www.grabcad.com' + downloadUrl, path)
#downloadUrl is obtained earlier and is simply the URL for the download
How are you ensuring that you're logged in correctly? I would print out the html after sending that post request from the session object & ensure it isn't a login page or an invalid password page. Cookies are automatically persistent across requests made on the session object, so I believe that the initial login isn't successful (http://docs.python-requests.org/en/latest/user/advanced/#session-objects).
Personally, I would use selenium for this though.
I have correctly logged into grabcad with the following code:
import requests
s = requests.session()
payload = {'member[email]': 'yourEmail', 'member[password]': 'yourPassword'}
p = s.post('https://grabcad.com/login', data=payload) # Ensure you're posting to HTTPS
My client has a website with many subdomains, each representing a different "client":
http://www.store.com <- Main store; also the default OpenX "Website" host in admin.
http://client1.store.com <- Client store
http://client2.store.com <- Client store
...
http://client222.store.com <- Client store
A lot of the banners are internal links. For those internal ads, they use relative URLs in that banner's "Destination URL" field, in hopes that the link will use the host of the page the ad is being displayed on. But to no avail, the ads seem to always use the host of the OpenX "Website" that that zone is connected to.
So for these local ads I need the host of the destination URLs to match the page the ads is being displayed on. Any suggestions?
The answer to this question was to set the Banner's URL to something like this:
http://{currenthost}/shoes-half-off
Then pass extra, custom variable currenthost into the invocation code.
If the zone is in Local Mode
Set the variable like this, somewhere before your call to view_local():
$_REQUEST['currenthost'] = $_SERVER['HTTP_HOST'];
$raw = view_local($what, $zoneid, $campaignid, // ...
If the zone is in Javascript Mode
Pass it into openx/www/delivery/ajs.php as a part of the GET string. Turn this:
// ...
if (document.mmm_fo) document.write ("&mmm_fo=1");
document.write ("'><\/scr"+"ipt>");
// ...
Into this:
// ...
if (document.mmm_fo) document.write ("&mmm_fo=1");
document.write ("¤thost="+window.location.href); // <-- Added
document.write ("'><\/scr"+"ipt>");
// ...