I'm having a problem with my Facebook competition where users are entering multiple times. The required fields to enter are first name, last name and email. They can not enter the same email more than once, but they are just using different email addresses. I can not delete their entries however because there is no way to "prove" that it's the same person, even though it's dead obvious (exact same first and last name, all entries within 30 seconds of one another).
Our terms and conditions say that only one entry is allowed per person, per competition but apart from the email validation I can't find a way to enforce this.
When a user likes our page (which is required to enter the competition) is the ID of that user available from the signed request? Would it be within the Facebook guidelines to store this ID along with their entry details?
Thanks
no, you need to authorize the users then you get the Facebook ID.
You then can display a diffrent page as you know this user already taken part in the competition - so you dont give them the change to submit more than once for one Facebook ID.
as this will probably to late know, you can store a cookie. but be aware that users can delete this cookie.
Related
Background of my specific environment: I am trying to set up GA to track the user journeys around an iOS native app written in React Native. The app is in-house only and all users consent to being tracked in this way.
As I understand it, the measurement protocol allows either Client ID (cid) or User ID (uid). In the docs, both are optional, but at least one is required. Makes sense so far. Client ID is an anonymous UUIDv4 that tracks a browser or device, but not necessarily a user. User ID on the other hand is some uniquely-identifying value for a user, but may cross devices/browsers.
Initially I wrote my application using cid (as I hadn't yet read the docs on uid). Every time a user logged in the user's uuid would be stored and sent as the cid parameter. I also used session control sc. This worked - I saw sessions coming in, the User Explorer showed me the individual user uuids and sessions, etc. But upon rereading the docs, this seemed like an incorrect use of cid. It seems like cid is meant to be consistent and not something that changes as you log in and out.
As people on my app can log in and out (and possibly will - staff members may well share devices), using a long-lasting cid that is specific to the device won't allow me to track the habits of individual users and changing it per login-session, as mentioned above, feels wrong.
So I switched out cid for uid. The docs say both are optional and one is only required if the other is not used, so I figured I could just use uid and use the user's uuid in that field and it's otherwise act the same.
However, when doing it this way no hits seems to be registered at all - in "real time data" as well as the User Explorer.
Am I doing something wrong or is this by design? (If by design, are the docs wrong to say cid and uid are both optional or am I reading it incorrectly?)
Either way, best-practices-wise, do I:
Just go back to using an ephemeral cid that only changes when people log in and out. Individual sessions in the app don't change the cid but I do use sc to explicitly start and end sessions by navigation inference (click 'home' = sc=end, navigate from 'home', sc=start).
Use uid as I am trying to (i.e. switching out the current cid for uid), but also include a random cid that never changes (regardless of session lifetime, logging in and out, etc.).
Something else?
I have seen this question and its answer but it does not really answer my actual question regarding how cid and uid should actually be used, and if my issue is me or the way that GA works.
Oki so client-id is randomly generated value and must be sent with all hits.
In a non-User-ID-enabled view, Client-ID is used to calculate unique users. In a User-ID-enabled view, User-ID is used to calculate unique users
In reference to your app, you can send the unique Device id value in place of random value for client-id. This will resolve all your problems and ensure that the client id is sent with all the hits, otherwise it wont get registered in GA
Google Analytics now has UserID tracking to better track individual users across devices. Is it possible to add a tracking variable (like utm_campaign) specifying user_ID so that GA will associate those links with the user?
I'm looking for a solution that'll work even when the user isn't logged in (mainly for email link tracking).
No. Of course you can append the user id yourself and set it in your tracking code. But that would not uniquely identify a user (links get bookmarked or passed around e.g. when the email is forwareded to somebody) and someone else might end up with that id. The idea of the user id is that the CMS or CRM takes responsibilty for uniquely identifying users so we don't have to rely on the somewhat fragile client side mechanisms.
If you use it for email tracking it should IMO be enough if the user id is set in the first call of the tracking code if you have session unification enabled, so you'd just need to tag the link in the mail and read the id from there, without needing to persists the user id via the links. While I haven't tested this extensively the documentation seems clear on the point:
Session unification is a User ID setting that allows hits collected
before the User ID is assigned to be associated with the ID, so long
as those hits happen within the same session in which a specific ID
value is assigned for the first time.
Please note that the user id feature does not expose data for individual users via the interface, insofar the idea that it "better track[s] individual users" is not quite right (it will recognize users across devices but will still aggregate the data). If you want individual user you need to store the user id (or some other unique id) as custom dimension.
I'm creating a members only Parent Directory for my son's high school International Baccalaureate website. This directory will contain contact information (names, street addresses, phone numbers, email addresses) of parents from each grade who have students currently enrolled in the IB program. I need to be able to authenticate a parents access to the directory against a valid student ID (which is a number).
I have a spreadsheet that contains the names of each student, their student ID, and their parent's names. There are some instances where a family has more than one student/student ID.
I'm trying to figure how I should be thinking about this, as a general approach. I have a few ideas but I need to distill them down to a more succinct inquiry.
One thought would be to bulk create wp subscriber accounts for all students. Their student IDs would somehow be appended to the user record. Parents would be directed to a login page, where they would login with the username of their child, password(which could be reset), and a fixed student id. If validation passes, they are redirected to the directory page.
Another thought would be to create user accounts on the fly that references a separate table which includes the student ID. So long as that unique student ID is part of the registration and it authenticates, anyone who has that number can register a profile.
In either scenario, once an account is created, the contact profile could either be pre-populated with the users info or updated at that time.
So my question is: Am I thinking about this in the right way? If so or if not, how can I better define this idea to get a more accurate scope? And then, ultimately, I need some direction on some possible options for getting it done in DIY way.
Sorry for the long word count. Your feedback is greatly appreciated. Below are some links that seem to be in the neighborhood of what I'm trying to do.
https://wordpress.stackexchange.com/questions/45900/adding-extra-authentication-field-in-login-page
Integrating wordpress authentication with an existing user database
I have a tricky requirement where I need to categorise documents attached to a product, available for download, based on the status of the user viewing the product. I.e. my site displays a list of products, clicking on one displays a product details page, and this page includes a list a documents related to the product, such as data sheets, user manuals, etc.
I have been asked to group documents into three classes of availability, v.i.z. those available freely to all users, including anonymous; those available to logged on users; and those available to anonymous users that provide contact information before downloading the document, presumably to boost sales leads.
The anonymous and logged on availabilities are quite easy, but the third seems a bit tricky to me. My first question is, is there a way I can filter documents for only logged on users without hooking into ItemDataBound or something, and my second question is, what is recommended for the case where a user must supply contact information to download a document?
In the second question, it has crossed my mind to actually register the user, but without them having to visit the new user registration page, and then I have role based filtering of documents. Currently the new user registration process automatically adds the Member role to all new users. Users I register 'quietly', just so they can download a document, wont be assigned the Member role, distinguishing them from normally logged on members. What other approaches could I take?
A lot of this implementation will depend on exactly what you want to accomplish and how you go about doing it.
For example, if I don't have access to the document, should I see the link?
If your implementation is that all users should be able to see it, but that the actual act of 'getting it' is dependent upon the individual role or membership, you could solve it fairly easy by implementing a "handler" to download the secured documents, that way you are not presenting a direct file link. That handler could then validate security, if they were not allowed, it could then take them to the login or register page as needed.
If the users don't see the documents until they meet the requirement, I would then filter BEFORE you bind to your repeater.
I want to create a simple user registration form with First / Last name, email, and password. We have used captcha and email verification in the past to ward off bots, but is there another way without using those techniques? I thought about encrypting the field ID names so that they aren’t names username, password, etc. we tried openID, but 1% of our users had an ID they could use. Any thoughts?
You might be able to use Akisment (you don't have to have WordPress to use it) in order to determine if it's spam. Though I think Akismet is best suited to situations when there is text to validate, it might be able to help validate emails and names.
At the very least, if you want to remove a CAPTCHA, you should have some sort of throttling to ensure that a single IP address can't register more than x number of times during y period of time.