tdlib get notifications settings for (another) user - telegram

I'm using tdlib and currently trying to create another user's profile screen like this one:
There is usually a field on this screen called "Notifications" containing information on whether or not notifications for given user are muted and if so then for how long. All other fields seem easy to retrieve, but this one is a head-scratcher for me.
All other field are stored in User entity, but what am I supposed to do with this one? Call createPrivateChat only to get one field (namely notificationSettings)? This seems like overkill to me. Isn't there easiest ways to get this? In this issue sapelkinAV states that "chatID is equals UserId". Is it correct? Even if so it might just be an internal thing that we shouldn't rely on, and I can't find neither proofs nor restrictions on abusing this "feature".
If it is fine, than I could use getNotificationSettings and pass notificationSettingsScopeChat as scope parameter. Would it be the right solution? Any thoughts and advices are appreciated!

Official answer (obtained from TDLib bot):
Your usage of createPrivateChat is absolutely correct. To get correct NotificationSettings you need to get information about the corresponding chat.
So I ended up doing exactly that.
Call createPrivateChat only to get one field (namely notificationSettings)?

Related

Is there way to be absolutely sure that access came from QR code scan? [duplicate]

I have this project where I need to know if a visitor legitimately arrived from a QR code. Document.referrer value from a QR code shows blank. I have looked at some answers suggesting to put parameter in the query string (e.g. ?source=qr), but anyone could easily add the parameter into the URL and my code would believe it is from a QR code (e.g. www.project.com/check.page?source=qr) . I have thought of adding codes to make sure it is from a mobile phone / tablet as secondary way to authenticate but many browsers have add-ons to fool websites.
Any suggestions would be greatly appreciated.
Thanks in advance.
I think the best solution for you is creating your regional QR Codes pointing to:
Region 1) http://example.com/?qr=f61060194c9c6763bb63385782aa216f
Region 2) http://example.com/?qr=731417b947aa548528344fab8e0f29b6
Region 3) http://example.com/?qr=df189e7f7c8b89edd05ccc6aec36c36d
if the value of the parameter qr is anything other than f61060194c9c6763bb63385782aa216f, 731417b947aa548528344fab8e0f29b6 or df189e7f7c8b89edd05ccc6aec36c36d, then you can ignore it and assume the user didn't come from any QR Code.
Of course, any user can remove the source parameter. But at least he can't add a valid one, unless he really had access to the code.
...but anyone could easily add the parameter into the URL and my code would believe it is from a QR code
Well, anyone could also scan the QR code, view the link, and remove the source=qr from it.
Data collection is never 100% reliable. Users can change their browser's user agent, inject cookies with some strange values, open your page through a proxy server, and so on.
You could create your own device or App for scanning the QR-code. If you read the post I've linked, you will see that this is a waste of time and resources.
So, what is left is to make a solution which will work for most of the users. Appending a source=qr parameter to your URL seems to be the simplest solution. You could also link to an entirely different domain and redirect the request, so it would be more fraud-safe. But it will never be 100% accurate.

Recursively get members of an AD group

The MS Graph API has the possibility to list the direct members of an AD group using
/groups/{id}/members
Is there a way to get both direct and indirect members, i.e. member of members of members and so on and so forth.
I would like to avoid the need to implement some recursive logic on the client if it can be done another way, possibly through the use of OData query parameters?
I have tried the following using $expand and $level, but unfortunately the 'members' navigation property doesn't exist on the child groups for some reason and I guess that's why they are not expanded.
https://graph.microsoft.com/v1.0/groups('{group-id}')?$expand=members($levels=max)
Unrelated to the question, could someone with the necessary SO permissions please make the ms-graph and the microsoftgraph tags synonyms?
Update: The feature request mentioned below is in beta now.
I found a feature request on uservoice.com for this, so it seems like it does not exist yet. If you came here looking for the solution, I encourage you to go and vote for the feature.

Paypal Button creation/encryption

I've search for this online but couldn't find anything conclusive, yet.
I wish to make a large (yet unknown) number of paypal buttons, different prices, currencies, etc.
I have been following the encryption methodology and I came to a stop/point of additional research when I discovered that each encrypted button must be created on the command line and copied to my website.
This doesn't seem feasible if I require a large number of buttons, and due to this (apparent) absurdity I feel that I must be missing something obvious? Some sites have 100s/1000s of different prices/buttons which must be dynamically created.
Or is the correct procedure to leave the buttons unencrypted, thus dynamically created, and then use the IPN Listener to validate payments?
I'd be happy if someone could just point me towards a few tutorials/webpages.
Thank-you kindly for the help
Joseph
This will give you a start:
https://www.paypal.com/us/cgi-bin/webscr?cmd=_pdn_xclick_techview_outside
I use custom created buttons all the time.

Drupal Views api, add simple argument handler

Background: I have a complex search form that stores the query and it's hash in a cache. Once the cache is set, I redirect to something like /searchresults/e6c86fadc7e4b7a2d068932efc9cc358 where that big long string on the end is the md5 hash of my query. I need to make a new argument for views to know what the hash is good for.
The reason for all this hastle is because my original search form is way to complex and has way to many arguments to consider putting them all into the path and expecting to do the filtering with the normal views arguments.
Now for my question. I have been reading views 2 documentation but not figuring out how to accomplish this custom argument. It doesn't seem to me like this should be as hard as it seems to me like it must be. Leaving aside any knowledge of the veiws api, it would seem that all I need is a callback function that will take the argument from the path as it's only argument and return a list of node id's to filter to.
Can anyone point me to a solution or give me some example code?
Thanks for your help! You guys are great.
PS. I am pretty sure that my design is the best I can come up with, lets don't get off my question and into cross checking my design logic if we can help it.
It's not as easy as you would like to make it.
In views, arguments are used to return objects, fx user, node, term, custom object. So you could make some custom code, to get the "query object". That would only be first step. You then need to get the info from the query object. You could either try making a custom relationship bond with the nodes or build your own filter to make the SQL needed. This can quickly become a confusing time sink.
Instead, I would suggest that you use hook_views_query_alter, which will allow you to alter the query. Since you already have the SQL, it's just a matter of checking for the hash, and if it's there, alter the query. Should be a pretty simple thing to do. Only thing that is a bit tricky, is that you have to make the query with the query object that views uses, but it's not that hard to figure out.

So why should we use POST instead of GET for posting data? [duplicate]

This question already has answers here:
Closed 13 years ago.
Possible Duplicates:
How should I choose between GET and POST methods in HTML forms?
When do you use POST and when do you use GET?
Obviously, you should. But apart from doing so to fulfil the HTTP protocol, are there any reasons to do so? Less overhead? Some kind of security thing?
because GET must not alter the state of the server by definition.
see RFC2616 9.1.1 Safe Methods:
9.1.1 Safe Methods
Implementors should be aware that the
software represents the user in their
interactions over the Internet, and
should be careful to allow the user to
be aware of any actions they might
take which may have an unexpected
significance to themselves or others.
In particular, the convention has been
established that the GET and HEAD
methods SHOULD NOT have the
significance of taking an action other
than retrieval. These methods ought to
be considered "safe". This allows user
agents to represent other methods,
such as POST, PUT and DELETE, in a
special way, so that the user is made
aware of the fact that a possibly
unsafe action is being requested.
If you use GET to alter the state of the server then a search engine bot or some link prefetching extension in a web browser can wreak havoc on your site and (for example) delete all user data just by following links to your site.
There is a nice paper by the W3C about this: URIs, Addressability, and the use of HTTP GET and POST.
1.3 Quick Checklist for Choosing HTTP GET or POST
Use GET if:
The interaction is more like a question (i.e., it is a safe operation such as a query, read operation, or lookup).
Use POST if:
The interaction is more like an order, or
The interaction changes the state of the resource in a way that the user would perceive (e.g., a subscription to a service), or
The user be held accountable for the results of the interaction
Because, if you use GET to alter state, Google can delete your stuff.
When do you use POST and when do you use GET?
How should I choose between GET and POST methods in HTML forms?
If you accept GETs to perform write operations then a malicious hacker could inject somewhere links to perform an unauthorized operation. Your user clicks on a link - and something is deleted from a database. Or maybe some amount of money is transferred away from the user's account if he's still logged in to their online banking.
http://superbank.com/TransferMoney?amount=1000&recipient=2342524
Send a malicious email with an embedded image referencing this link, and as soon as the document is opened, something funny has happened behind the scenes.
GET is limited by the length of URL the browser/server can handle. This used to be as short as 256 characters.
There is atleast one situation where you want a GET to change data on the server. That is when a GET returns data, and you need to record which data was given to a user and when it was given.
If you use complex data types then it must be in a POST it cannot be in a GET. For example testing a WCF web service in a browser can only be done when the contract uses simple data types.
Using GET and POST where it is expected helps to keep your program understandable.
When you use POST, you can see the information being "posted" in the address-bar of the web browser. This is [apparently] not the case when you use the GET method.
This article was somewhere on http://www.w3schools.com/ Once I've found the exact page it was on, I'll repost. :-)

Resources