Search Results

Search found 1701 results on 69 pages for 'cookie'.

Page 60/69 | < Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67 | Next Page >

retrieve events where uid is the creator and application id is the admin - Facebook API

- by Anup Parekh

I would like to know if there is a Facebook API call to retrieve the events (eids) for all the events a user has created using my facebook connect application. The events are created using the following REST api call: https://api.facebook.com/method/events.create?event_info=' . $e_i . '&access_token=' . $cookie['access_token'] $e_i is the event info array where the 'host' value is set to 'Me' as follows $event_info['host'] = 'Me'; On Facebook events under the "Created by:" section it lists "My user name,Application Name", I presume this is because I am the creator and the application is the admin as stated in the REST api documentation http://developers.facebook.com/docs/reference/rest/events.create/ Unfortunately I cannot seem to find out how (neither REST nor GPRAPH API) to return a list of events where I am the creator and the application is the admin as in the above scenario. If this is possible I would really appreciate some assistance with how it is done. So far I have tried: REST API events.get using uid=application_id. This only returns events created by the application not those including the user who created them GRAPH API https://graph.facebook.com/me/events?fields=owner&access_token=... this returns all the events for 'me' but not where the application is also the admin. It seems strange that there's no reference to the linkage between the event creator and the event admin through the API but in Facebook it is able to pull both and display them on the event details.

Read the article
Submit WordPress form programmatically

- by songdogtech

How can I let a user access a WordPress protected page with a URL that will submit the password in the form below? I want to be able to let a user get to a password protected WordPress page without needing to type the password, so when they go to the page, the password is submitted by a POST URL on page load. This not intended to be secure in any respect; I'll need to hardcode the password in the URL and the PHP. It's just for simplicity for the user, and once they're in, the cookie will let them in for 10 more days. I will select the particular user with separate PHP function that determines their IP or WordPress login status. I used Wireshark to find the POST string: post_password=mypassword&Submit=Submit but using this URL mydomain.com/wp-pass.php?post_password=mypassword&Submit=Submit gives me a blank page. This is the form: <form action="http://mydomain.com/wp-pass.php" method="post"> Password: <input name="post_password" type="password" size="20" /> <input type="submit" name="Submit" value="Submit" /></form> This is wp-pass.php: <?php require( dirname(__FILE__) . '/wp-load.php'); if ( get_magic_quotes_gpc() ) $_POST['post_password'] = stripslashes($_POST['post_password']); setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); wp_safe_redirect(wp_get_referer()); ?> What am I doing wrong? Or is there a better way to let a user into a password protected page automatically?

Read the article
asp.net mvc and portal like functionality

- by richard-heesbeen

fHi, I need to build an site with some portal like functionality where an param in the request will indentify the portal. like so http:/domain/controller/action/portal Now my problem is if an portal doesn't exists there must be an redirect to an other site/page and an user can login in to one portal but if the user comes to an other portal the user must be redirected back to the login page for that portal. I have something working now, but i feel like there must be an central place in the pipeline to handle this. My current solution uses an custom action filter which checks the portal param and sees if the portal exists and checks if the user logged on in that portal (the portal the user logged on for is in the authentication cookie). I make my own IIndentiy and IPrincipal in the application_postauthentication event. I have 2 problems with my current approach: 1: It's not really enforced, i have to add the attributes to all controllers and/or actions. 2: The isauthenticated on an user isn't really working, i would like that to work. But for that i need to have access to the params of the route when i create my IPrincipal/IIndenty and i can't seem to find an correct place to do that. Hope someone can give me some pointers, Richard.

Read the article
C# client to Java web service

- by tomislavg

I have received wsdl file from outside company. I'm using VS2005 c#. With wsdl.exe I have created class containing methods and types for the given web service. To connect to the service outside company requires that certificate from the smart card is inputed in the header. I think i have achieved this with service.ClientCertificates.Add("Path to exported cert" - at least for now, after probably later i will take it from Certificate Store When service is called there are three steps that are taken and visible by the Fidller(Web Debugging Proxy)). service is called on the url http://test.company.com/webservice.wsdl service redirects the request to certificate server and pin needs to be inputed to get cookie for the server service is again redirected to url http://test.company.com/webservice.wsdl At point 1. I can see that my request send to the server contains .... but at point 3. i can not see request` just a empty string. The exception is thrown Msg: Possible SOAP version mismatch: Envelope namespace http://schemas.xmlsoap.org/wsdl/ was unexpected. Expecting http://schemas.xmlsoap.org/soap/envelope/. Does somebody have an example how to connect to java web service with certificate and AlowRedirect enabled for the web service? Any ideas what i am doing wrong are more that welcome.

Read the article
Thread Local Memory, Using std::string's internal buffer for c-style Scratch Memory.

- by Hassan Syed

I am using Protocol Buffers and OpensSSL to generate, HMACs and then CBC encrypt the two fields to obfuscate the session cookies -- similar Kerberos tokens. Protocol Buffers' API communicates with std::strings and has a buffer caching mechanism; I exploit the caching mechanism, for successive calls in the the same thread, by placing it in thread local memory; additionally the OpenSSL HMAC and EVP CTX's are also placed in the same thread local memory structure ( see this question for some detail on why I use thread local memory and the massive amount of speedup it enables even with a single thread). The generation and deserialization, "my algorithms", of these cookie strings uses intermediary void *s and std::strings and since Protocol Buffers has an internal memory retention mechanism I want these characteristics for "my algorithms". So how do I implement a common scratch memory ? I don't know much about the rdbuf(streambuf - strinbuf ??) of the std::string object. I would presumeably need to grow it to the lowest common size ever encountered during the execution of "my algorithms". Thoughts ? My question I guess would be: " is the internal buffer of a string re-usable, and if so, how ?" Edit: See comments to Vlad's answer please.

Read the article
Use the output of logs in the execution of a program

- by myle

When I try to create a specific object, the program crashes. However, I use a module (mechanize) which logs useful information just before the crash. If I had somehow this information available I could avoid it. Is there any way to use the information which is logged (when I use the function set_debug_redirects) during the normal execution of the program? Just to be a bit more specific, I try to emulate the login behavior in a webpage. The program crashes because it can't handle a specific Following HTTP-EQUIV=REFRESH to <omitted_url>. Given this url, which is available in the logs but not as part of the exception which is thrown, I could visit this page and complete successfully the login process. Any other suggestions that may solve the problem are welcomed. It follows the code so far. SERVICE_LOGIN_BOX_URL = "https://www.google.com/accounts/ServiceLoginBox?service=adsense&ltmpl=login&ifr=true&rm=hide&fpui=3&nui=15&alwf=true&passive=true&continue=https%3A%2F%2Fwww.google.com%2Fadsense%2Flogin-box-gaiaauth&followup=https%3A%2F%2Fwww.google.com%2Fadsense%2Flogin-box-gaiaauth&hl=en_US" def init_browser(): # Browser br = mechanize.Browser() # Cookie Jar cj = cookielib.LWPCookieJar() br.set_cookiejar(cj) # Browser options br.set_handle_equiv(True) br.set_handle_gzip(False) br.set_handle_redirect(True) br.set_handle_referer(True) br.set_handle_robots(True) br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=30.0, honor_time=False) # Want debugging messages? #br.set_debug_http(True) br.set_debug_redirects(True) #br.set_debug_responses(True) return br def adsense_login(login, password): br = init_browser() r = br.open(SERVICE_LOGIN_BOX_URL) html = r.read() # Select the first (index zero) form br.select_form(nr=0) br.form['Email'] = login br.form['Passwd'] = password br.submit() req = br.click_link(text='click here to continue') try: # this is where it crashes br.open(req) except HTTPError, e: sys.exit("post failed: %d: %s" % (e.code, e.msg)) return br

Read the article
Is it possible to unstick a remote IIS ASP server after an exception hangs the session?

- by user89691

I have been coding an app in classic ASP that accesses 2 Access databases. I had a page I was working on throw an exception, which is normal during development and causes no lasting problems. This time however, after the exception any attempt to open either of the databases would freeze the session with an infinite script timeout. If I delete the session cookie I an able to access ASP pages again until I try to open the database again. The database that was open when the exception was thrown is left open. There is a LDB lock file and I can't rename or delete either the LDB or MDB file, though I can download the MDB file with FTP. The 2nd access database is not open but any attempt to read this also hangs the session. Accessing HTML pages is fine. The site is hosted with Hostway and they are not interested ("Coding problem = Your problem" even though it leaves my site dead in the water, I suspect until the next reboot, whenever that might be). Here is the dump from the relevant ASP page that threw the exception: Active Server Pages error 'ASP 0115' Unexpected error /translatestats.asp A trappable error (C0000005) occurred in an external object. The script cannot continue running. Active Server Pages error 'ASP 0240' Script Engine Exception /translatestats.asp A ScriptEngine threw exception 'C0000005' in 'IActiveScript::Close()' from 'CActiveScriptEngine::FinalRelease()'. Is there any way I can unstick the site / force close the database remotely ?

Read the article
Password Confirmation Overlay

- by Alasdair

Hello, I'm creating a J2EE web application that uses jQuery and Ajax to help with some of the presentation for a user-friendly interface. I've done a lot of work ensuring security around persistant login cookies, and I've decided to request the password from any user that logged in using a persistant login cookie before being allowed to make any changes that could be malicious. This request would only happen once to confirm the user is who they say they are and will last throughout the session. At present, any requests that meet this criteria has their request information stored in session and then the user is forwarded to a page to confirm their password. Once confirmed, the user's original request is then performed and the requestion information removed from session. What I would like to do is avoid all this redirection and minimize what's held in session (even if it's just for a small time), thus improving usability and convenience for the user. I believe that a jQuery overlay could allow me to prompt the user for their password (if required) and then continue to submit the request if successful. I would of originally used ThickBox, but since that's now deprecated I don't see the benefit in implementing it in an application at this development stage. However, I have tried to create an overlay using jQuery but I've scrapped every attempt as I can't seem to make it all come together. My main problem is preventing the submission when the user incorrectly types a password or cancels the overlay. Desired Flow Persistant Login Sensitive Page Submit Password Confirmation Overlay [Continue Submit | (Cancel | Incorrect] I have already created JavaScript code to encrypt the password to be sent in a parameter, but all I need now is a method of controlling the overlay and how best to use Ajax for this purpose. Please ignore the fact that this is a J2EE web application when answering as it is irrelevant really. Thanks in advance, Alasdair

Read the article
How to troubleshoot PHP session file empty issue?

- by Morgan Cheng

I have a very simple test page for PHP session. <?php session_start(); if (isset($_SESSIONS['views'])) { $_SESSIONS['views'] = $_SESSIONS['pv'] + 1; } else { $_SESSIONS['views'] = 0; } var_dump($_SESSIONS); ?> After refreshing the page, it always show array 'views' => int 0 The environment is XAMPP 1.7.3. I checked phpInfo(). The session is enabled. Session Support enabled Registered save handlers files user sqlite Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On When the page is accessed, there is session file sess_lnrk7ttpai8187v9q6iok74p20 created in my "D:\xampp\tmp" folder. But the content is empty. With Firebug, I can see cookies about the session. Cookie PHPSESSID=lnrk7ttpai8187v9q6iok74p20 It seems session data is not flushed to files. Is there any way or direction to trouble shoot this issue? Thanks.

Read the article
php sessions not working

- by Elwhis

Hey guys, I have a problem, tried to google some sollutions but without success. I am working with wamp2.0 - PHP 5.3, apache 2.2.11 but my sessions are not storing data. I have a page that accepts a parameter, which (simplified version) I wanna store in a session, so I when I come to www.example.com/home.php?sessid=db_session_id the script looks like: session_start(); $sessid = @$_GET['sessid']; if ($sessid) { $_SESSION['sessid'] = $sessid; } var_dump($_SESSION); and outputs: array(1) { [0]=> string(13) "db_session_id" } which is fine, but then, when I go to www.example.com/home.php (without the sessid parameter) the $_SESSION array is empty. I've event tried to comment the $_SESSION['sessid'] = $sessid; line before going to the page without the parameter, but still it didin't work. I've checked the session_id() output and the session id remains the same. Session settings from phpinfo() Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path c:/wamp/tmp c:/wamp/tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 EDIT: $_SESSION and $_COOKIE var dumps right after session_start() Session: array(1) { ["sessid"]=> string(0) "" } Cookie: array(6) { ["ZONEuser"]=> string(10) "3974260089" ["PHPSESSID"]=> string(26) "qhii6udt0cghm4mqilctfk3t44" ["__utmz"]=> string(91) "1.1294313834.54.3.utmcsr=u.cz|utmccn=(referral)|utmcmd=referral|utmcct=/registered/packages" ["__utma"]=> string(48) "1.1931776919.1287349233.1294266869.1294313834.54" ["__utmc"]=> string(1) "1" ["__utmb"]=> string(18) "1.49.10.1294313834" }

Read the article
Whats wrong with my cookies?

- by William

For some reason This php script won't echo my cookie variable: <?php require 'connection.php'; require 'variables.php'; $name = $_POST['name']; $pass = $_POST['pass']; if(($name == $admin_name) && ($pass == $admin_pass)){ setcookie($forum_url."name",$name,time()+604800); setcookie($forum_url."pass",$pass,time()+604800); } else echo 'Failed'; ?> heres the html that gets sent to admin_login.php <form method=post action=admin_login.php> <div id="formdiv"> <div class="fieldtext1">Name</div> <div class="fieldtext1">Pass</div> <input type="text" name=name size=25 /> <input type="password" name=pass size=25 /> </div> <input type=submit value="Submit" id="submitbutton"> </form> here is the index, where I want the info echoed <?php echo $_COOKIE[$forum_url."name"]; ?> What am I doing wrong?

Read the article
How to cache an HTTP POST response?

- by KARASZI István

I would like to create a cacheable HTTP response for a POST request. My actual implementation responses the following for the POST request: HTTP/1.1 201 Created Expires: Sat, 03 Oct 2020 15:33:00 GMT Cache-Control: private,max-age=315360000,no-transform Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 9 ETag: 2120507660800737950 Last-Modified: Wed, 06 Oct 2010 15:33:00 GMT ......... But it looks like that the browsers (Safari, Firefox tested) are not cacheing the response. In the HTTP RFC the corresponding part says: Responses to this method are not cacheable, unless the response includes appropriate Cache-Control or Expires header fields. However, the 303 (See Other) response can be used to direct the user agent to retrieve a cacheable resource. So I think it should be cached. I know I could set a session variable and set a cookie and do a 303 redirect, but I want to cache the response of the POST request. Is there any way to do this? P.S.: I've started with a simple 200 OK, so it does not work. Thanks,

Read the article
PHP (CodeIgniter) Pass Object Through Session

- by FranticPedantic

I am using PHP5 and CodeIgniter and I am trying to implement a single-sign on feature with facebook (although I don't think that facebook is relevant to the question). I am somewhat of a novice with PHP and definitely one with CodeIgniter, so if you think my approach is just completely off telling me that would be helpful too. So here is in short what I am doing: //Controller 1 $this->load->plugin("facebook"); $facebook = new Facebook(array ( 'appId' => $fbconfig['appid'], 'secret' => $fbconfig['secret'], 'cookie' => true, ) ); $fbsession = $facebook->getSession(); //works fine $this->session->set_userdata('facebook', serialize($facebook); Now I would like to grab that facebook object in a different controller. //Controller 2 $facebook = unserialize($this->session->userdata('facebook')); $fbsession = $facebook->getSession(); Produces the error: Call to undefined method getSession. So I look up more about serialization and think that maybe it just doesn't know what the facebook object's attributes are. So I add in a $this->load->plugin('facebook'); To controller 2 as well and I get a "Cannot redeclare class facebook." I am strongly suspecting that I am misunderstanding sessions here. Do I have to somehow tell PHP what kind of object it is? Thanks for the help.

Read the article
Problem pulling data from website in .NET and C#

- by Cptcecil

I have written a web scraping program to go to a list of pages and write all the html to a file. The problem is that when I pull a block of text some of the characters get written as '?'. How do I pull those characters into my text file? Here is my code: string baseUri = String.Format("http://www.rogersmushrooms.com/gallery/loadimage.asp?did={0}&blockName={1}", id.ToString(), name.Trim()); // our third request is for the actual webpage after the login. HttpWebRequest request = (HttpWebRequest)WebRequest.Create(baseUri); request.Method = "GET"; request.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)"; //get the response object, so that we may get the session cookie. HttpWebResponse response = (HttpWebResponse)request.GetResponse(); StreamReader reader = new StreamReader(response.GetResponseStream()); // and read the response string page = reader.ReadToEnd(); StreamWriter SW; string filename = string.Format("{0}.txt", id.ToString()); SW = File.AppendText("C:\\Share\\" + filename); SW.Write(page); reader.Close(); response.Close();

Read the article
facebook javascript api

- by ngreenwood6

I am trying to get my status from facebook using the javascript api. I have the following code: <div id="fb-root"></div> <div id="data"></div> <script src="http://connect.facebook.net/en_US/all.js"></script> <script type="text/javascript"> (function(){ FB.init({ appId : 'SOME ID', status : true, // check login status cookie : true, // enable cookies to allow the server to access the session xfbml : true // parse XFBML }); }); getData(); function getData(){ var query = FB.Data.query('SELECT message FROM status WHERE uid=12345 LIMIT 10'); query.wait(function(rows) { for(i=0;i<rows.length;i++){ document.getElementById('data').innerHTML += 'Your status is ' + rows[i].message + '<br />'; } }); } </script> When i try to get my name it works fine but the status is not working. Can someone please tell me what I am doing wrong because the documentation for this is horrible. And yes I replaced the uid with a fake one and yes i put in my app id because like i said when i try to get my name it works fine. Any help is appreciated.

Read the article
First site going live real soon. Last minute questions

- by user156814

I am really close to finishing up on a project that I've been working on. I have done websites before, but never on my own and never a site that involved user generated data. I have been reading up on things that should be considered before you go live and I have some questions. 1) Staging... (Deploying updates without affecting users). I'm not really sure what this would entail, since I'm sure that any type of update would affect users in some way. Does this mean some type of temporary downtime for every update? can somebody please explain this and a solution to this as well. 2) Limits... I'm using the Kohana framework and I'm using the Auth module for logging users in. I was wondering if this already has some type of limit (on login attempts) built in, and if not, what would be the best way to implement this. (save attempts in database, cookie, etc.). If this is not whats meant by limits, can somebody elaborate. 3) Caching... Like I said, this is my first site built around user content. Considering that, should I cache it? 4) Back Ups... How often should I backup my (MySQL) database, and how should I back it up (MySQL export?). The site is currently up, yet not finished, if anybody wants to look at it and see if something pops out to you that should be looked at/fixed. Clashing Thoughts. If there is anything else I overlooked, thats not already in the list linked to above, please let me know. Thanks.

Read the article
how to get the source code as register user.

- by nir143

hi. i downloaded a sourcecode of a site,but i downloaded it i saw it identify my program as a guest,i search at google and figure out that i can send a cookie when i "ask" the source code. that what i have managed to do and it still dont identify me as register user: CookieContainer cj = new CookieContainer(); string all = ""; HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Url); req.CookieContainer = cj; HttpWebResponse res = (HttpWebResponse)req.GetResponse(); CookieCollection cs=cj.GetCookies(req.RequestUri); CookieContainer cc = new CookieContainer(); cc.Add(cs); req.CookieContainer = cc; StreamReader read = new StreamReader(res.GetResponseStream()); all = read.ReadToEnd(); read.Close(); return all; what is wrong here? tyvm for help:) (if that help,i can have a simple details of a register user of the site).

Read the article
Automated testing for Facebook SDK wrapper

- by Andree

Hi there! In my Facebook application, I have one Facebook wrapper class to encapsulates some call to Facebook API. I want to to write a unit test for this wrapper class, but since it depends on a so called "access token", which we should get from Facebook dynamically, I'm not sure if it's possible to write one. But apparently the Facebook SDK itself has a PHPUnit test class. After studying the test code for a while, I know that involves a creation of dummy cookie-based session key. private static $VALID_EXPIRED_SESSION = array( 'access_token' => '254752073152|2.I_eTFkcTKSzX5no3jI4r1Q__.3600.1273359600-1677846385|uI7GwrmBUed8seZZ05JbdzGFUpk.', 'expires' => '1273359600', 'secret' => '0d9F7pxWjM_QakY_51VZqw__', 'session_key' => '2.I_eTFkcTKSzX5no3jI4r1Q__.3600.1273359600-1677846385', 'sig' => '9f6ae89510b30dddb3f864f3caf32fb3', 'uid' => '1677846385' ); . . . $cookieName = 'fbs_' . self::APP_ID; $session = self::$VALID_EXPIRED_SESSION; $_COOKIE[$cookieName] = '"' . http_build_query($session) . '"'; What I don't understand is, how do I get the "access_token", "sig", "session_key" etc? As far as I'm concerned, it should be dynamically exchanged from Facebook and involves user action (logging in).

Read the article
requesting ajax via HttpWebRequest

- by Sami Abdelgadir Mohammed

Hi guys: I'm writing a simple application that will download some piece of data from a website then I can use it later for any purpose The following is the request and response copied from Firebug as the browser did that... when u type http://x5.travian.com.sa/ajax.php?f=k7&x=18&y=-186&xx=12&yy=-192 you will get a php file has some data.. But when I make a request with HttpWebRequest I get wrong data (some unknown letters) Can anyone help me in that.. and if I have to make some encodings or what?? I will be so appreciated.. Response Server nginx Date Tue, 04 Jan 2011 23:03:49 GMT Content-Type application/json; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.2.8 Expires Mon, 26 Jul 1997 05:00:00 GMT Last-Modified Tue, 04 Jan 2011 23:03:49 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Content-Encoding gzip Vary Accept-Encoding Request Host x5.travian.com.sa User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie CAD=57878984%231292375897%230%230%23%230; T3E=%3DImYykTN2EzMmhjO5QTM2QDN2oDM1ITOyoDOxIjM4EDN5ITM6gjO4MDOxIWZyQWMipTZu9metl2ctl2c6MDNxADN6MDNxADNjMDNxADNjMDNxADN; orderby_b1=0; orderby_b=0; orderby2=0; orderby=0

Read the article
Server side form validation and POST data

- by tomcritchlow

Hi, I have a user input form here: http://www.7bks.com/create (Google login required) When you first create a list you are asked to create a public username. Unfortuantely currently there is no constraint to make this unique. I'm working on the code to enforce unique usernames at the moment and would like to know the best way to do it. Tech details: appengine, python, webapp framework What I'm planning is something like this: first the /create form posts the data to /inputlist/ (this is the same as currently happens) /inputlist/ queries the datastore for the given username. If it already exists then redirect back to /create display the /create page with all the info previously but with an additional error message of "this username is already taken" My question is: Is this the best way of handling server side validation? What's the best way of storing the list details while I verify and modify the username? As I see it I have 3 options to store the list details but I'm not sure which is "best": Store the list details in the session cookie (I am using GAEsessions for cookies) Define a separate POST class for /create and post the list data back from /inputlist/ to the /create page (currently /create only has a GET class) Store the list in the datastore, even though the username is non-unique. Thank you very much for your help :) I'm pretty new to python and coding in general so if I've missed something obvious my apologies. Tom PS - I'm sure I can eventually figure it out but I can't find any documentation on POSTing data using the webapp appengine framework which I'd need in order to do solution 2 above :s maybe you could point me in the right direction for that too? Thanks! PPS - It's a little out of date now but you can see roughly how the /create and /inputlist/ code works at the moment here: 7bks.com Gist

Read the article
tipfy for Google App Engine: Is it stable? Can auth/session components of tipfy be used with webapp?

- by cv12

I am building a web application on Google App Engine that requires users to register with the application and subsequently authenticate with it and maintain sessions. I don't want to force users to have Google accounts. Also, the target audience for the application is the average non-geek, so I'm not very keen on using OpenID or OAuth. I need something simple like: User registers with an e-mail and password, and then can log back in with those credentials. I understand that this approach does not provide the security benefits of Google or OpenID authentication, but I am prepared to trade foolproof security for end-user convenience and hassle-free experience. I explored Django, but decided that consecutive deprecations from appengine-helper to app-engine-patch to django-nonrel may signal that path may be a bit risky in the long-term. I'd like to use a code base that is likely to be maintained consistently. I also explored standalone session/auth packages like gaeutilities and suas. GAEUtilities looked a bit immature (e.g., the code wasn't pythonic in places, in my opinion) and SUAS did not give me a lot of comfort with the cookie-only sessions. I could be wrong with my assessment of these two, so I would appreciate input on those (or others that may serve my objective). Finally, I recently came across tipfy. It appears to be based on Werkzeug and Alex Martelli spoke highly of it here on stackoverflow. I have two primary questions related to tipfy: As a framework, is it as mature as webapp? Is it stable and likely to be maintained for some time? Since my primary interest is the auth/session components, can those components of the tipfy framework be used with webapp, independent of the broader tipfy framework? If yes, I would appreciate a few pointers to how I could go about doing that.

Read the article
Facebook graph API post to user's wall

- by Lance

I'm using the FB graph api to post content to the user's wall. I orginally tried using this method: $wall_post = array(array('message' => 'predicted the', 'name' => 'predicted the'), array('message' => $winning_team, 'name' => $winning_team, 'link' => 'http://www.sportannica.com/teams.php?team='.$winning_team.'&year=2012'), array('message' => 'to beat the', 'name' => 'to beat the',), array('message' => $losing_team, 'name' => $losing_team, 'link' => 'http://www.sportannica.com/teams.php?team='.$losing_team.'&year=2012'), array('message' => 'on '.$game_date.'', 'name' => 'on '.$game_date.''), array('picture' => 'http://www.sportannica.com/img/team_icons/current_season_logos/large/'.$winning_team.'.png')); $res = $facebook->api('/me/feed/', 'post', '$wall_post'); But, much to my surprise, you can't post multiple links to a users wall. So, now I'm using the graph api to post content to a user's wall much like the way spotify does. So, now I've figured out that I need to create custom actions and objects with the open graph dashboard. So, I've created the "predict" action and gave it permission to edit the object "game." So, now I have the code: $facebook = new Facebook(array( 'appId' => 'appID', 'secret' => 'SECRET', 'cookie' => true )); $access_token = $facebook->getAccessToken(); $user = $facebook->getUser(); if($user != 0) { curl -F 'access_token='$.access_token.'' \ -F 'away_team=New York Yankees' \ -F 'home_team=New York Mets' \ -F 'match=http://samples.ogp.me/413385652011237' \ 'https://graph.facebook.com/me/predict-edit-add:predict' } I keep getting an error reading: Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING Any ideas?

Read the article
Is a GWT app running on Google App Engine protected from CSRF

- by gerdemb

I'm developing a GWT app running on the Google App Engine and wondering if I need to worry about Cross-site request forgery or is that automatically taken care of for me? For every RPC request that requires authentication, I have the following code: public class BookServiceImpl extends RemoteServiceServlet implements BookService { public void deleteInventory(Key<Inventory> inventoryKey) throws NotLoggedInException, InvalidStateException, NotFoundException { DAO dao = new DAO(); // This will throw NotLoggedInException if user is not logged in User user = dao.getCurrentUser(); // Do deletion here } } public final class DAO extends DAOBase { public User getCurrentUser() throws NotLoggedInException { currentUser = UserServiceFactory.getUserService().getCurrentUser(); if(currentUser == null) { throw new NotLoggedInException(); } return currentUser; } I couldn't find any documentation on how the UserService checks authentication. Is it enough to rely on the code above or do I need to to more? I'm a beginner at this, but from what I understand to avoid CSRF attacks some of the strategies are: adding an authentication token in the request payload instead of just checking a cookie checking the HTTP Referer header I can see that I have cookies set from Google with what look like SID values, but I can't tell from the serialized Java objects in the payloads if tokens are being passed or not. I also don't know if the Referer header is being used or not. So, am I worrying about a non-issue? If not, what is the best strategy here? This is a common enough problem, that there must be standard solutions out there...

Read the article
Facebook new js api and cross-domain file

- by vondip

Hi all, I am building a simple facebook iframe application. I've decided since the code is separate from facebook none the less, I will also create a connect website as well. In my connect website I'm trying to figure out the following: I am using facebook's new api and I am calling the init function. I can't seem to figure out where I combine my cross-domain file. There's no mention of it in their documentation either. http://developers.facebook.com/docs/reference/javascript/FB.init I am referring to these lines of code: <div id="fb-root"></div> <script> window.fbAsyncInit = function() { FB.init({appId: 'your app id', status: true, cookie: true, xfbml: true}); }; (function() { var e = document.createElement('script'); e.async = true; e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js'; document.getElementById('fb-root').appendChild(e); }()); </script>

Read the article
Did anyone have this issue with a simple Facebook app or know how to solve it?

- by Jian Lin

I have a really simple few lines of Facebook app, using the new Facebook API: <pre> <?php require 'facebook.php'; // Create our Application instance. $facebook = new Facebook(array( 'appId' => '117676584930569', 'secret' => '**********', // hidden here on the post... 'cookie' => true, )); var_dump($facebook); ?> but it is giving me the following output: http://apps.facebook.com/woolaladev/i2.php would give out object(Facebook)#1 (6) { ["appId:protected"]=> string(15) "117676584930569" ["apiSecret:protected"]=> string(32) "**********" <--- just hidden on this post ["session:protected"]=> NULL ["sessionLoaded:protected"]=> bool(false) ["cookieSupport:protected"]=> bool(true) ["baseDomain:protected"]=> string(0) "" } Session is NULL for some reason, but I am logged in and can access my home and profile and run other apps on Facebook (to see that I am logged on). I am following the sample on: http://github.com/facebook/php-sdk/blob/master/examples/example.php http://github.com/facebook/php-sdk/blob/master/src/facebook.php (download using raw URL: wget http://github.com/facebook/php-sdk/raw/master/src/facebook.php ) Trying on both hosting companies at dreamhost.com and netfirms.com, and the results are the same.

Read the article

< Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67 | Next Page >