I have a problem and i think its have to do with sessions. (at least i want it to be related to sessions because i need to use sessions),
Suppose i have a list of names of people logged in, on my site .
I want that once i press someone's name, that he and I will get a game board. (No confirmation at the moment ..).
Now how do i get the game board , it's obvious. but, how to make that the other user will get one .. ?(the user that i chose from the list).
The other user, he is like a passive user, he suddenly getting a game board.
someone understands?
Thanks in advance .
Seems like you need some COMET/push technology. You may take a look at SignalR which would allow you to push contents to specified clients. Basically all clients will subscribe to notifications from the server and when a particular request comes from an administrator you could then send notification to the selected clients.
Related
I am building a web service for mobile application by Laravel 5.8. I need to get the location of online users, search on some properties and send a notification to them.
The problem is I can't find out if a user is online. My solution was to keep pushing/receiving a message to applications every 10 seconds once they get connected for the first time. Clearly this approach has a huge overload on the server and is not practical.
I would be appreciated for any help.
Thanks in advance.
Sounds like you may make use of Real-time connections such as Pusher
You would need presence channels to see who is online in JS, it works more client to client rather than the Laravel server knowing who is online.
You subscribe users to a channel and then you can see who else is on that channel.
https://laravel.com/docs/5.8/broadcasting#presence-channels
Why not make a column to your user table namely 'is_online' ? So every time the user logged in set this field to true ? and when they are logged out or inactive for a specific of time you will set it to false ?
I’m having some trouble understanding how to inplement presence channels in a real-time laravel application.
From what i’ve read in the documentation and a lot of other online resources about this, i only need to broadcast on a Presence channel and have clients listen on that particular channel. By the way, I'm using laravel 5.6 and on the front end I use Larvel Echo.
So, my problem is that channel name I need to broadcast to. If it’s something generic like “chat”, ALL the users in my application will broadcast to this channel and users who have no ideea who that user is (not a friend) receive this notification and they have to process this new information. Ofcourse I can choose not to update the UI or just do nothing if the user is not in their friends list but this just seems like a lot of useless procesaing of notifications on the client side. Doesn’t seem like a good ideea in my opinion.
Second option would be to broadcast presence to a unique channel name like “chat-[unique]” where “[unique]” would be something like the logged user’s id/hash but this just means that every client that loggs in the application has to listen for ALL friends notifications, so he has to connect to chat-5426, chat-9482, chat-4847 and so on, for all his friends. Again, this does not seem efficient. But that’s not all. The friends list is paginated so a user, after is logged in, only sees his first 20 friends (unless he scrolls down) and I have no limit on how many friend a user can have - I can implement a limit but still, it would be in the thousands so I don’t think I can get all the users from the DB in one query. I had the ideea of using this last method, to listen to each user's channel on the front end just as they are, paginated. Then, when scrolling and navigation arround, if a new user is visible in the viewport, add it to my friends object (no UI change) and start listening on his presence channel. I can see this method failing pretty easy though.
However I think about this, it always seems like online presence is verry resource consuming and almost not worth it for a small startup, I don't know. I have no ideea what a good way would be to implement it as I`ve never done it before. I would greatly appreciate any help with this because all online resources I've found on the subject implement the first method I asked about, all users connectiong to a generic channel but this always works in tutorials because they only have like 2-3 users in the DB and none mantion a user having friends. I can't see this working in the real world, but I may be wrong.
Thanks in advance
I'm working on an app that uses the Square API to react to Point-of-sale events. For example, a customer goes to a take-out restaurant. The restaurant uses Square to accept payments. The customer pays cash. At that point, Square sends a notification to a custom webhook with the PAYMENT_UPDATED flag. Then, the app I'm working on should send a push (APNS) notification to the device that just accepted the cash payment.
The problem is that I haven't found a way to single out a particular device within a Square location. So what ends up happening is that all devices registered to a Square account get the push notification.
The user registration workflow is as follows:
A business launches the app and gives permission to receive push notifications (this is where we get and save the device token).
The business registers for an account.
The business authenticates with Square (allows our app to receive Square notifications).
I feel like there should be a way to associate a device token used for APNS with a device ID linked to a Square Location (and subsequently accessed via Square's Location API), but I haven't been able to figure it out.
Any thoughts or suggestions? Thanks!
UPDATE
The code isn't really the issue. By that I mean whether we're using PHP, Java, Ruby, etc, the issue remains the same. The only solution I can think of would be to use Square's SDKs to build a completely custom POS system, but that'd be like using a sludge hammer to put a tac in a wall.
The ultimate goal is to simply create a relationship between a Square device and a user's device I have stored as a record in my sql database. Seems like it should be straight forward, but not so much.
I'm trying to figure out how Websockets works. I read some articles, tutorials, etc and I have a pretty basic understanding of how it works, but there is one element that I can't understand how to implement.
My idea is the following : One user will load a "customer" page containing all informations of that customer + a discussion thread. If an other user load that same page, they will be able to discuss in real time and if one user update the data of the customer, the second one will see the update.
The thing that is bugging me, is how can I allow users to access a customer data, but by checking that they can access it (for example, users can access the customer of their group, not all customers)
How can I be sure that the current user will access a customer he has the right (in the websocket)?
Thank you for your help!
Think of the websocket connection itself as a separate thing. A socket used by a client can subscribe to many different events.
What you're describing is topics. When the websocket connection is established, you send a message using whatever socket framework you're using to subscribe to a topic. For example, it could be a topic called customer-123. (A analogy for a topic, is a chat room)
Your application logic (server side) will verify that the currently logged in user has permission to access customer 123, and if so, permits them to join this topic. If you don't do this, it would be trivial for users to listen to any messages relating to any data.
Whenever a user updates any data that is relevant to customer 123, a message is posted to that topic. And thus, any user who is in that topic will receive the message.
An socket might subscribe to many many topics for each customer they open in your app. And topics can be combined and managed in groups depending on how you want to send messages.
In a typical large app, it's common to have a websocket subscribe to topics like user-123, team-456 by default so the server can send messages to them individually or to the entire team to which they are a member of.
For example, if a user updates customer-123, I might send a full data object to the customer-123 topic, and if customer 123 belongs to team-456, I would also send a small notification object like 'User 789 has updated customer 123' to the entire team (which is what powers Facebooks feed like system).
As your app grows, you'll use services like notification hubs to manage the fact that there could be thousands of topics each with thousands of subscribers.
The best thing to do is share a session ID and set up authentication token policies between your web application and your socket session. You could set up your own policy middleware to check the session ID.
You aren't really clear about how you're trying to accomplish this. If you're using express/socket.io, you can use this module: https://www.npmjs.com/package/express-socket.io-session
Hope this helps!
Like any other production application, you need authentication (who is allowed to use the app) and authorization (what functionality can a authenticated user perform). Authorization (ie, access control - ACL) is probably more precisely what you are looking for. Your app has to consult an authorization subsystem to see if the current user has access permission to edit/view another user's information.
This is not a trivial concern for many applications; security and privacy are important aspects of any web-based (distributed) application.
After user registers, I send an email with a guid link to click to validate the registration.
It confirms the email exists, but how does that help fight spammers?
Can't bots 'click' same link back to the site and validate registration just the same?
It verifies:
the user has typed their e-mail correctly (since this is the only way you have of contacting them, lets get it right)
the e-mail address exists
it is owned by the person requesting the page
Indeed - it doesn't prevent bots from accepting e-mails from their own e-mail account, but it stops them accepting e-mails from my account... this in turn keeps you out of the legal quagmire of being accused of spamming some random Jo. Everyone wins.
It makes sure that the user is the actual owner of the e-mail address. You don't want them to enter in just anyone's e-mail address and start having messages from your site e-mailed to random people.
You're right, it doesn't prevent spammers. All it does is create another obstacle for users trying to use your site/service/app. Is that something you really want? You should be removing obstacles, not creating them. It sounds like you're solving a problem you don't even know you're going to have or not.
I have a gmail account with a short user name and am often getting email not intended for me, often sensitive stuff like password data or shipment IDs. This happens because some people simply don't know their own email address. If there was some email verification, I wouldn't have to suffer this and their privacy would be preserved.
It all depends on how much you think your users will tollerate.
If you running an online store you want to minimize the number of roadblocks along the way or the user may drop out prior to completion of a purchase.
If it is an online forum or similar then the user may be open to going through more hoops.
If its a free online newspaper that requires validated registration to simply read, people may just go elsewhere instead of bothering.
You need to balance what the user will tollerate with the site needs and offerrings.