We're doing a site with user generated RSS feeds which can be viewed by other users who we accounts and are verified by the source user. Is there an RSS package for php around that has password protection available that's easy to tie into a user database?
if the RSS file name is rss.php then you can check in the php before generating XML if the user is authenticated or not !
RSS feeds can be protected using HTTP authentication. where you can use the following URL to access rss:
http://username:password#example.com/rss.php
you can allow acccess to the file by one of these methods:
.htaccess
using http authentication with PHP
You, on the database, create a unique key for all users.
id username rss_key
1 user_a 49f0bad29968
2 user_b 1f2414c23a7d
3 user_c 9bc46e8e52ad
Your RSS Link:
http://example.com/rss.php?Key=1f2414c23a7d
You pair the key value with the user.
<?php
$GetKey = addslashes($_GET['Key']);
//Other Rules --- Example: if(empty($GetKey)) { echo "error"; exit(); }
include("connect.php"); //Your connection file
include("session.php"); //Your session file
$Username = $User['username']; //in session file
$Match = Mysqli_Fetch_Array(Mysqli_Query($con, "SELECT u.rss_key AS 'RSSKey' WHERE user_table_name AS u WHERE u.username='".$Username."'");
if($Match['RSSKey'] !== $GetKey)
{
//Stop page
exit();
}
else{
//Your RSS Code...
}
?>
Related
I have so far integrated a multisite wordpress that uses 4 main subdomain templates in a single wordpress installation: college.mysite.com | jobs.mysite.com | advisors.mysite.com | answers.mysite.com
A wp user is only required to login once and they inmediately have acccess to any wp template.
However, What I would like to achieve is a bit more complicated than that. I don't want new users and existing members to use wordpress as their main user interface to access private content.
In fact I have disabled registration and hidden wp login altogether.
I would like a more secure and less public signup/login.
For this occassion I would like wordpress to ignore the default login credentials and use instead custom db table names and hashmethod pulled from the same wordpress database.
For instance I have a yii platform called: humhub.
For a user to use wordpress they would need to login through humhub and have wp read the db table names:
user instead of wp_users
a secondary db name would need to be read for the password because humhub uses:
user_password instead of the default value within wp_users (user_pass)
I've tried integrating yii framework with wordpress, I've tried tweaking here and about within the yii framework so that it reads two databases separately but it's far more complicated than simply redirecting the wp login credentials by changing the default login table names within the wordpress files,
please help me,
Let's assume you have some unique identifier so that one user will not accidentally collide with another (in YII/HumHub)
You can load up the WordPress API via
require_once("/path/to/wp-load.php");
//Found normally in the WordPress root directory alongside wp-config.php
You can then when creating a new user in HumHub do:
wp_create_user( $username, $password, $email );
//Where username is the unique identifier
//password is ideally a random hash
//email is their email if relevant
And then log them in (assuming you remembered the username and password!!)
$creds = array();
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( !is_wp_error($user) ) {
ob_start(); //flush buffers - otherwise login won't work or user gets redirected to dashboard
$user_id = $user->ID;
wp_set_current_user( $user_id, null );
wp_set_auth_cookie( $user_id,true );
do_action( 'wp_login', $username );
ob_end_clean();
} else {
//Handle the login error
}
They are then logged into WordPress with cookies etc without any headers interfering with HumHub
Note - the above method may not work is there is a name conflict between WordPress and YII/HumHub. You will get a php error with details of the conflict if that is the case and will have to try something else (such as Oauth plugin)
I have added custom payment method to woocommerce and its working fine . I just have one problem that it calls a callback url for saving transaction information to db. I have created new function for this in my plugin file but i cant excess it directly .
This is how i have done it:
//add_action('wp_ajax_nopriv_payment_callback_action', 'payment_callback_action');
//function
function payment_callback_action() {
echo "Its Working!";
}
I am trying to access it by :
url:"<?=site_url( '/' );?>wp-admin/admin-ajax.php?action=payment_callback_action
It seemd that it because of i dnt have privillage to use it directly but how can i do this ?.
Thanks
# for users not logged in
add_action('wp_ajax_nopriv_payment_callback_action', 'dixipay_callback_action');
# for users logged in
add_action('wp_ajax_payment_callback_action', 'dixipay_callback_action');
# Your callback
function dixipay_callback_action() {
echo "Its Working!";
}
read more: http://codex.wordpress.org/AJAX_in_Plugins
I have this panel that i'm developing at my company where i will show the user's information from Google Analytics but i don't want the user to authorize or log in with his account every time he comes to the panel.
What i would like to do is: on the first time using my panel he would connect his Google account and i would save some info and on the next time he connects at my panel i would use this saved info to log on his account so i can list the Analytics info without ask for his permission or list that info even if he's not connected on is Google account right now.
Basically i would log in his account automatically and permit the 'app' to show the information.
I already have some code that connects on the API if he is connected on is Google account, but when he's not i get the login screen where he has to provide his email e password.
What i have so far is this:
<?php
require_once 'Google/Client.php';
require_once 'Google/Service/Analytics.php';
session_start();
$client = new Google_Client();
$client->setApplicationName("Google Analytics PHP Starter Application");
$client->setClientId('KEY');
$client->setClientSecret('SECRET');
$client->setRedirectUri('RETURN URI');
$client->setScopes('https://www.googleapis.com/auth/analytics.readonly');
$client->setAccessType('offline');
$service = new Google_Service_Analytics($client);
if(isset($_GET['logout']))
{
unset($_SESSION['token']);
}
if(isset($_GET['code']))
{
$client->authenticate($_GET['code']);
$_SESSION['token'] = $client->getAccessToken();
$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
}
if(isset($_SESSION['token']))
{
$client->setAccessToken($_SESSION['token']);
}
if($client->getAccessToken())
{
$props = $service->management_webproperties->listManagementWebproperties("12008145");//~all
print "<h1>Web Properties</h1><pre>" . print_r($props, true) . "</pre>";
$accounts = $service->management_accounts->listManagementAccounts();
//print "<h1>Accounts</h1><pre>" . print_r($accounts, true) . "</pre>";
$segments = $service->management_segments->listManagementSegments();
//print "<h1>Segments</h1><pre>" . print_r($segments, true) . "</pre>";
$goals = $service->management_goals->listManagementGoals("~all", "~all", "~all");
//print "<h1>Goals</h1><pre>" . print_r($goals, true) . "</pre>";
$_SESSION['token'] = $client->getAccessToken();
}
else
{
$authUrl = $client->createAuthUrl();
header("Location: " . $authUrl);
}
?>
Is there any way to do that ? I have looked for it around everywhere and couldn't find something near it.
In google Api's, when user authenticate the first time, you receive a CODE (which you are already getting i suppose). Use this code to get refresh token (lifetime is (always), until and unless, user revokes the permissions). Save this refresh token in Database for further use. Refresh token is used to get access token(lifetime is a short time, returned in the expires in argument). Access token is to give you access to your user's data for some time. You can keep using refresh token to get access token whenever you need to access your user's data.
Whenever you want to access user's data, use refresh token to get access token and then use that access token to get user's data.
In your case, you are using google api php client, you can use Methods in Client.php like:
getAccessToken()---to get refresh token the first time. When you call this method, you get back a json in a form: let this json name be $accessToken
$accessToken = {"access_token":"TOKEN", "refresh_token":"TOKEN", "token_type":"Bearer",
"expires_in":3600,"id_token":"TOKEN", "created":1320790426}
parse json to take refresh_token($refreshToken = $accessToken.refresh_token) and save it for later use.
setAccessToken($accessToken)---call this to set the OAuth access token.
refreshToken($refreshToken)---Fetches a fresh OAuth access token with the given refresh token.
For further clearity, look at Client.php and also read:
https://developers.google.com/accounts/docs/OAuth2WebServer
I am at the intermediate level in php and am new with facebook development. I have looked through the facebook documents and Stack Overflow previous comments.
All I basically wanted to do was let the user log in with their Facebook account and display their name.
My php page has a graph, and the page auto refreshes every 2 or 5 min.
I authenticate and get the facebook first_name to put on the page.
$graph = $facebook->api('/me');
echo $graph['first_name'] to get the first name of the user .. (for which I thought that no access token was required).
After about 90 min. I have been receiving the error:
fatal error: Uncaught OAuthException: An active access token must be used to query information about the current user......
and I have no value ( 0 ), in the $facebook->getUser(); parameter
I do know that off line access permission has been depreciated, (and I have have this enabled in my apps advanced settings)
I am trying to get an extended access token. In the FB docs. I see:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
I included my information in the link(an existing valid access token and all) and received a access token:
access_token=AAADbZBPuUyWwBAFubPaK9E6CnNsPfNYBjQ9OZC63ZBN2Ml9TCu9BYz89frzUF2EnLttuZAcG2fWZAHbWozrvop9bQjQclxVYle7igvoZCYUAg2KNQLMgNP&expires=4050
Yet this token expired in about 1 hour or so.(....expires=4050)
I assume I am using server side auth because I am using PHP?
I assume you need to enable "deprecate offline_access" in your Apps Advanced Settings page. As this worked for me:
//added code in base_facebook.php inside the facebook class
public function getExtendedAccessToken(){
try {
// need to circumvent json_decode by calling _oauthRequest
// directly, since response isn't JSON format.
$access_token_response =
$this->_oauthRequest(
$this->getUrl('graph', '/oauth/access_token'),
$params = array( 'client_id' => $this->getAppId(),
'client_secret' => $this->getAppSecret(),
'grant_type'=>'fb_exchange_token',
'fb_exchange_token'=>$this->getAccessToken(),
));
} catch (FacebookApiException $e) {
// most likely that user very recently revoked authorization.
// In any event, we don't have an access token, so say so.
return false;
}
if (empty($access_token_response)) {
return false;
}
$response_params = array();
parse_str($access_token_response, $response_params);
if (!isset($response_params['access_token'])) {
return false;
}
return $response_params['access_token'];
}
The token can still be invalid for several reasons, See How-To: Handle expired access tokens.
Hope it helps
There's a bug on this:
https://developers.facebook.com/bugs/241373692605971
But, another question on SO has a workaround (user uninstalls and re-installs):
fb_exchange_token for PHP only working once user removes app
We are going to deploy a Drupal site inside company's intranet. There is a requirement for user to reset password. We have a centralized password reset mechanism (for single sign on):
user submits a password change request in system
the request is sent to a password server
the password server will reset the user's password in all systems with a new password
the password server will send the new password to user's mobile phone via sms
Now we are going to add the Drupal site to all systems. Please suggest a way to change the Drupal's logon password by an external program (assume the system can run script on the Drupal host and edit Drupal MySQL database).
For Drupal 7 -- Hope this custom function code resolves change password for anonymous user.
function password_reset(){
global $user;
$hashthepass = 'password'; /* Your password value*/
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$hashthepass = user_hash_password(trim($hashthepass));
// Abort if the hashing failed and returned FALSE.
if (!$hashthepass) {
return FALSE;
}
else {
db_update('users')
->fields(array(
'pass' => $hashthepass
))
->condition('uid', $user->uid)
->execute();
}
}
If you're using Drupal 6 then the password stored in the system is a simple md5 of the password. If you're using php scripts to trigger the password reset then use the http://php.net/manual/en/function.md5.php function.
Username and Password is stored in the users table. The md5 hash is stored in the pass column.
Another possibility for Drupal 7 is:
$user = user_load($GLOBALS['user']->uid);
$user->pass = 'the new password';
user_save((object) array('uid' => $user->uid), (array) $user);
This will automatically hash the password, without the need to write directly to the database.
Here is another more sophisticated Drupal 7 approach based on the given $username. It also supports e-mail addresses used as username.
$users = user_load_multiple(array(), array('mail' => $username, 'status' => '1'));
$account = reset($users);
if (!$account) {
// No success, try to load by name.
$users = user_load_multiple(array(), array('name' => $username, 'status' => '1'));
$account = reset($users);
}
if ($account) {
$account->pass = 'new password';
user_save($account);
}
else {
watchdog('user', 'Cannot load user: %user', array('%user' => $username), array(), WATCHDOG_ERROR);
}
There are already many nice answers in here, but I believe I add the one which I found easy for me.
// ID of the user whose password you wish to change.
$uid = 1;
// Load the user account.
$account = user_load($uid);
// Load hashing libraries.
// You can use module_load_include() if you want to make it cleaner.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
// Generate new password hash.
$password_hash = user_hash_password('enter-new-password-here');
if (!$password_hash) {
// Password could not be hashed. Handle the error.
exit('Password could not be hashed.');
}
$account->pass = $password_hash;
user_save($account);
Given everything is set up correctly, your user's password would be updated.
Note: If you have forgotten your root password, you can safely ignore the error handling, etc. Add these lines in index.php before menu_execute_active_handler(); and open any page to reset your password. Don't forget to remove the lines after you're done though!