I am trying to get the address from a public event, sometimes it returns the geocoords, sometimes the full address and sometimes just the venuename. I found on another thread, that there is some issue on the app auth token. so the user-auth-token could get the address and the app-auth-token not. is there any way to get the address always?
For temporary purpose before the bug fix (https://developers.facebook.com/bugs/554303337923393), you can do this:
select location from page where page_id IN (SELECT venue.id from event where eid=533009473416123)
Graph API Explore example:
https://developers.facebook.com/tools/explorer?fql=select%20location%20from%20page%20where%20page_id%20IN%20(SELECT%20venue.id%20from%20event%20where%20eid%3D533009473416123)
You MUST use User Access Token, because APP access token sometime only return venue name instead of venue id, such as event id 634540989894031.
Related
I have posts, where users able to delete or edit them. And when I redirect them I was sending url with id number, like: test.dev/delete/15, where 15 is my id of post which should be deleted. Then I tested sending id in route like route('delete',['id' => $post->id]). In the end I realized that both methods include id number in url. I mean, for url it shows url test.dev/delete/15 and for route it shows test.dev/delete?id=15
So I was wondering if we can send id, without showing them in url, I am afraid that curious users may try to get use of these flaws
As you will always have to display the id somewhere on the page to send it through either a hidden field or id in the url all of which a user can change. That is why you should check in the Back-End if the user has privelege to delete that post or not
I have been unable to return any UserDefined/custom fields for a contact. I'm not even wanting to create or update an existing entry as per Programatically adding "New Custom Field" To Google Contacts using Google contact API
I have followed the guide here https://developers.google.com/google-apps/contacts/v3/reference, but still to no avail.
I've called both
https://www.google.com/m8/feeds/contacts/default/full?alt=json
and
https://www.google.com/m8/feeds/contacts/default/full/DEADBEEF?alt=json
in an attempt to get ALL of the values returned. I thought I might have to call each contact id specifically to get the full details, but that doesn't work either.
DEADBEEF is clearly replaced with a valid contact id in my scenario.
/contacts/default determines that request should return contacts for the current auth'd user, which is myself in this case.
Has anyone managed to return custom values, is this even possible?
Thanks
I found the answer, add the ?v=3.0 to the url string eg
https://www.google.com/m8/feeds/contacts/default/full/DEADBEEF?alt=json&v=3.0
However, you should use the preferred method of adding a GData-Version header.
I am new to RESTful URLs and I have a general question. Let's say I have a URL that I use to retrieve student records: somesite.com/students/123 which retrieves the details for the student with ID 123.
I then do the following to load an empty form for adding students: somesite.com/students/0 where zero indicates that I want to display an empty student detail form (or somesite.com/students/new).
The question I have is that after I add a student record I get back a new Id. However, if I add the record using AJAX without submitting and refreshing the page, my URL still shows somesite.com/students/0. If a user clicks refresh then the empty form is displayed again rather than the new student record.
How should that be handled?
It's not like your server can't respond to AJAX requests, right?
All you need to do is send back the newly generated ID, and then:
Use window.location = 'new_url' to redirect the user
Or even better, use history.pushState() (if available) to change the URL without any redirection (and reloading) happening at all
One thing that seems off, though, is the use of GET page/students/0 to get an "empty record", or, as I understand it, a "template" for new records. I don't think that's how RESTful services work, but then again, I'm not an expert in REST services.
I am developing an ASP.Net MVC 3 Web Application. Within some of my Views I display tabular data to the user, and beside each record in the table there is an Edit link. When the user clicks this link it takes them to an edit page where they can edit and update the record.
My issue is that once the user clicks the edit link, the URL becomes something like this
http://www.mytestsite.com/myData/edit/3
The '3' is the ID of the record to be updated, however, there is nothing stopping the user from changing the '3' to another digit, and this then means they can edit potentially a record which does not belong to them.
Does anyone have a solution on how I can prevent this from happening?
Thanks for you help.
You need to introduce Authentication and Authorisation into your application. Here is one article of many out there on how to get started with this. You will additionally need to work out how to store logged on user identity and then how to attach this to the record when it was created in the first place. You must then validate, on the server, that the subsequent edit request is being made by the user who created the record in the first place (or by a user who has a role on your system which allows them to do this, such as an Administrator).
Even if the ID wasn't being displayed on the URL a malicious user could still manipulate the HTTP Request to pass an ID of their choice. In any secure system you should always, always, always validate that the currently logged on user genuinely has permission to carry out the requested action. You should never rely on what comes back from the browser to determine this (aside from the authentication context which is managed securely by the MVC framework. Usually).
I believe you should have the information about who have the edit permission on this purticular resource, in your tables. Ex : in your table you might have the "CreatedById" column where you store the ID of the user who created this record. Now in your edit action method, you check the "CreatedById" of the current Item is same as of the "UserId" of the Current user (you maye get this from the session, if you stored it there). Something like this.
public ActionResult Edit(int id)
{
int currentUserID=1; // TO DO : get this value from session or somewhere
ProductVieWModel product=myRepo.GetProduct(id);
if(product!=null)
{
if(product.CreatedById==currentUserID)
{
return View(product);
}
else
{
return View("NotAutherized");
}
}
return View("ProdcutNotFound");
}
You should try using the GUID data type as it helps in these kind of situations, and the user cannot easily guess the next value
I'm using Azure ACS in my ASP.net MVC 3 website (hosted in Azure too), the scenario is this:
A user first enters my website and fills a one field form, then they need to chose a provider and login, but first I want to store the field value so when they come back from login I'm able to create a profile with this value for the loged in user.
So I believe when they first enter the site and then leaves to login and enters the site again those are two different sessions am I right? and that's the reason the stored data using session state (through SQL Server) is not present when they come back after login am I right? if this is true what would be the best approach then? if not then I'm doing something wrong storing temp data right?
Thanks
UPDATE:
I have discovered that HttpContext.Application state works keeping the data, still I'm not sure if it's a good idea to use it in a controller considering it's in Azure, will it work on production properly??
You can pass state around in the WS-Federation redirect sequence using the wctx URL parameter. In the action that handles the initial POST request, you should get hold of the form parameter you want to keep, then redirect to you identity provider selection page (this will have to be a custom page) with the form parameter appended to the URL. When the user selects an IP on your page, you can pass the parameter on again using the wctx parameter. The WS-Federation passive requestor profile says that this should be returned to you eventually when the IP redirects the user back to your site.
This has some details
http://msdn.microsoft.com/en-us/library/bb608217.aspx
Edit: To get the wctx parameter out of the request when the user finally comes back to your app. Put something like this in the action code:
var fam = FederatedAuthentication.WSFederationAuthenticationModule;
if (fam.CanReadSignInResponse(System.Web.HttpContext.Current.Request, true))
{
string wctxValue = this.HttpContext.Request.Form["wctx"];
}
My preference is to have the wcxt parameter represent a redirect URL (URL encoded) with your parameter as a query parameter in that so it be a URL encoded version of this:
wctx=https://yourserver/yourapp/yourpage?yourparameter=foo
Then the action that was receiving the redirect from the ACS would simply pull out the value of wctx and do a redirect to it without any more processing. This keeps things simple.
Another approach would be to save whatever data you need to pass around in the Database, and just pass around some ID that refers back to the database record. You'll pass this ID to IP and back through wctx (as Mike mentioned above).
This will solve the issue of limited length of URLs (in case your data is very large). Of course you would need to manage deletion of this data, but this shouldn't be hard.