I send invitation by mail to users with a encrypted email to know which user respond to invitation. Something like:
Hello, click on this link to start learning: https://example.org/start-learning?e=fwTreaN0WybffXdDfZZUNYB3FTFfZObCb7QFF5C4AFJvTjXabIPtRfcoXLkFYMUvD4FIZsmrDdEFN2OPKcTrAOSQLZfuKdfwcic1WtBxWSXWR1GEJD6we213A3BEPBpca0BxaaQ4GGMPFeRyXp6fPrG9WnTgWogwXUcnVtdwSEEdNHGuZsClTxR2AtD2JZN8VAEsRQKpFFShEDR2SET4KxGhLGM3M0FdDelrJtO8KXS2YRaddH==
The encrypted email is the long string above. I encode mail like this in a Mailable class:
$url = 'https://example.org/start-learning?e=' . encrypt($this->to[0]['address']);
Then this $url is added in a mail template like this:
<a href="{{$url}}>click me<a>
Then, when user clicks the link, it routes to a controller and the controller decrypts the payload:
decrypt($request->input('e'));
Then, it works for about 99% of people clicking link. But for about one percent, it does not work, I have an error decrypting. And I don't know why. This is the same Laravel application which encrypts and decrypts. Is there an reason for such a weird behavior?
Side note: I know decrypt always work and has not a random behavior (BTW I tested it on 10000 entries, it's OK). There must be something else with the mail process I don't understand.
I think you should use urlencode() when creating link so instead of:
$url = 'https://example.org/start-learning?e=' . encrypt($this->to[0]['address']);
you should use:
$url = 'https://example.org/start-learning?e=' . urlencode(encrypt($this->to[0]['address']));
to make sure it will be valid.
Related
I have encountered an issue regarding Laravel 8 routes.
And I am unable to find a solution to this problem.
For example, I have this route format in Laravel:
$domain/password_reset?$email
Where it will look like this:
http://test-website.com/password_reset?test#gmail.com
I am aware that query parameters have ?key=value format. However in my case, the provided route format is what is expected (by client). Not the conventional key=value way. Also, the url link is clicked from an email. Wherein the link in the email uses the exact route format given (not url-encoded).
The sample request query that is fetched in the controller is as follows:
If you would notice, the email became a key (which is expected). And since it is a key, . has been changed to _. Instead of gmail.com it became gmail_com.
Would there be a better solution to get the exact email address from the url (not url-encoded) in this route format? Hopefully someone can help me with this. Thank you very much in advanced!
You should get the request query and parse it yourself:
[$path, $query] = explode('?',$request->fullUrl())
In the exemple above $query should hold everything after ? on the URL.
Alternativelly you can just get the key of the array you already have:
$email = array_keys($request->all())[0]
All Viewers I am New in Codeigniter, I need your guide to done my work, I want to Encrypted full URL like below example.
For example this is my url www.example.com & my controller is home, so full url is www.example.com/home
now I want to encrypted all controller, function like below
www.example.com/5115784bef2514430e7f74d9a71d4142a942efb0f7cc428626bda7633326f9d015fbacc60d93cd6b858f9b6e05c1e56263acb24297cecc720467eb4f222d81e5hdn5B
I can encrypted & decrypted the text well, but I just don't get how can I decrypted from url & make understand which controller or function its called, I want to decrypted everything after base_url.
please don't suggest me about using common controller, because I already know that & anyhow common controller its hide everything so its not required the encryption as I believe.
Waiting for your positive response, hopefully my problem will be solve soon. T.I.A
Well i never encrypt any URL before but you can use a php function url_encode
And "str_replace" function.
the reason for using "str_replace" beacause url_encode only encode special character in URL.
Hope I help some.
Try the code below.
urlencode(str_replace("your_domain.com/YourCOntrollerName/YourMethodName" , "SM5ah52" , yor_domain.com . "YourCOntrollerName/YourMethodName/YOuData"));
If not this. There is an library in CI Framework called Encryption.
You can get help from there Encryption.
Go with URI Routing and define one controller to decode whatever you are passing, and call proper controller / method from it.
You can use URI Routing with regular expressions.
$route["other_controllers/method"] = "other_controllers/method"; //you can add this kind of lines to not to affect other controllers
$route["([a-zA-Z0-9]+)"] = "home/decrypt/$1";
In the home controller, You can
Redirect to the page
Or
Load a view
public function decrypt($token){
//geting the page according to the token from database.
$desired_page = $this->some_model->get_page($token);
//if you want to redirect
redirect($desired_page);
//if you want to load a view
$this->load->view($desired_page);
}
I have a Laravel app sending emails via MailGun. For Gmail addresses it works right of the bat, but for Outlook/Hotmail they are marked as spam and have broken formatting. I have identified some issues but not sure how to best fix them.
I am aware this post is broad but the common thing is how to please outlook/hotmail.
Multipart messages
According to MailGun help:
It is best to send multi-part emails using both text and HTML or text only. Sending HTML the only email is not well received by ESPs.
Given my Mailables' build function below, how can I achieve that?
public function build()
{
return $this->from('name#mysite.com')
->subject('Welcome to mysite!')
->view('emails.welcome_new_user', [
'updateLink' => env('APP_URL') . '/subscribers/' . $this->subscriber->id . "/edit/" . $this->subscriber->token,
'deleteLink' => env('APP_URL') . '/subscribers/' . $this->subscriber->id . "/delete/" . $this->subscriber->token
]);
}
Headers
According to MailGun help:
Make sure you are using unsubscribe links and headers in your emails. Many ESPs (particularly Hotmail) pay attention to this and if they are not there, you are likely to get filtered.
In the view I have two unsubscribe links, one as a button in the body and one in the footer as plain text link so that should be fine. But how do I supply Headers and which headers? I assume it is done similar to this section in Laravel docs:
$message->getHeaders()->addTextHeader('Custom-Header', 'HeaderValue');
Other tips on specific Outlook/Hotmail requirements
Also most appreciated
I want to send email value in parameters in ajax. I am using following code it is working properly, but I want to make it secure. no user can check or pass invalid value from calling this action in query string or in any other way. How can I make it secure?
$.ajax({
url: '/Application/UserInfo/',
type: 'POST',
data:{email:emailid},
success: function (result) {
var json = eval(result);
}
});
If you dont want anyone to be able to see the value of the email parameter, you should consider using HTTPS.
But for passing invalid values, you should do some validation server side where this value is used
It may help if you are doing it with two steps at all:
First you can check the email having the right format with a regular expression:
/^\w[\w|\.\-\_]+#\w[\w\.\-äöüÄÖÜ]+\.[a-zA-Z]{2,18}$/.test(email);
Then you may crypt the mail and then you can send it safely.
I am using blowfish. On page loading I generate a key that is set to the javascript of my page. Both, javascript and php have a blowfish controler that can crypt and decrypt any value. I am crypting the value on javascript and send it to the server.
There I decrypt it and check it again with regular expression. The key is not sent to server again, its stored somewhere in the session or so.
To take care that the email is correct you can check whether the domain is reachable through curl or so, but I prefer sending a confirmation mail to the adress and wait for an accept with a generated unique token.
If you just want to get sure of a user signed in with google plus account you may get use of the google plus api and check if the user is logged in. If not you don't accept it.
I am sending email to user, in that email one link is there to redirect that user to rails application. I want that link to be in encrypted form with domain name for example:
https://www.domain_name.com?hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr
when user click on this link, he should directly redirect to controller method we specified in that URL which is not visible.
Controller and methods given in URL may vary according to user.
So my question is how we can do this in rails.
If I encrypt controller name, method name and parameter we passed. How routes file come to know where to redirect this URL? How to decrypt this in routes file and redirect internally to decrypted URL?
Life will be easier if you can do a slight modification to your url, something like:
https://www.domain_name.com/enc/hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr
Then you can create a route for that path to redirect where you want.
get '/enc/:encoded_path' => "controller#action"
This would give you access to params[:encoded_path], which would equal hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr in this case. From there, you could decode in the controller and then redirect however you want.
That's not the right approach. Here's what you can do instead:
Create a new controller action, say for instance, activate.
def activate
activation_token = params[:auth_token]
....
your logic to do whatever with this token
end
Create a corresponding route:
match '/activate' => 'your_awesome_controller#activate'
Now, when you email your users, I'm guessing you're sending some sort of activation token. If not, create two new fields in your users table:
activation_token:string
activated:boolean
Use some unique string generation algorithm to generate your activation_token and email it to your user:
yourdomain.com/activate?auth_token=user.activation_token