I want to register users on the basis of their emaild ids on my website, assuming that there is one to one relationship between users and their emailid strings. But gmail doesn't recongnize .s in email ids. That means juzerali#gmail.com and juzer.ali#gmail.com are the same users (or emaild ids).
My concern is not just this one use case, it could be overcome by simply stripping the string of dots. Different email providers might be having different policies regarding email aliases and notations.
My question to community is is there any de facto rules/guidelines for creating unique users based on their email ids as their unique identifiers? Or has someone implemented this successfully before?
NOTES: I have checked a few websites that registers on the basis of email id. They seem consider two gmail ids with different combinations with .s as different email ids. That means same email account holder can possess two accounts on the same site, which I want to avoid.
IMPORTANT: Oauth/OpenID is not an option.
Try facebook login and get username from the facebook API. But if you dont want to access any secondary service for auth, then you might as well ask users to choose a username, and constrain uniqueness there. As far as i know there is nothing more you can do!
Hotmail for example allows you to have any string after a +
for eg. abc#hotmail.com is same as abc+123#hotmail.com
Related
I am working on a function that allows a user to check if their existing device contacts are using our platform, based on phone numbers.
For privacy and security, we are hashing the user's contact's phone numbers on device (salted with the user's id) before sending to our server.
Server side, we then need to hash our entire contacts table (using the user's id as a salt), which is currently being done in a for loop.
We then check this list against the request list, and return the details for any matches.
However, I'm sure there is a more efficient way of doing this, something like computing the hash in a calculated field then including the $request->hashes in a "whereIn" clause.
Could someone give me a pointer on the best approach to be taking here?
The question is, what privacy and security are you achieving by sending hashed value of contact number?
You are hasing the contact in client side(device), that means you are using a key and salt that is available in clinet side already. How can that be a security feature?
If you want to search hashed value in database then it's better to save hashed contract number in a column in the first place. So you can directly run where query in database table.
Ideally, if you really concern about user's contact number you should:
Encrypt the user's contacts in backend/databse not in frontend.
If you need to query for a field in database then you should make a hash valued column that can be matched easily. I mean searchable fields should be hashed so you can run direct query.
Nothing to worry about user's contact security in frontend if you are already passing it trhough Secure HTTP(HTTPS).
Even it a common practice in the industry, to pass a submitted plain password via HTTPS when a user submit it in frontend. It shouln't be a concern of privacy or security.
In the Preventing duplicate Items article, it mentions that you can use a specific combination of fields to determine if there are duplicate items or not. And specifically OAuth institutions, it says the combination of fields are: customer's user ID and institution_id. I'm confused what the customer's user ID is. I'm not familiar with this identifier. Can somebody explain?
The customer's user ID would be a value in your own application's business logic, not part of the Plaid API. In most Plaid use cases, alongside an Item, you would typically store some kind of user id that associates it with a specific user in your system. The logic here is saying that if the same end user in your system has multiple Items with the same institution, they are probably duplicate Items.
Using the Google Classroom API method userProfile, I can get various information about a user, including their name and email address, but not whether they are a student or teacher. How can I determine whether a user is a student or teacher?
Classroom does have the concept of teachers and students, however the distinction between teachers and students is only meaningful relative to a particular course (it’s possible for a user to be a “teacher” of one course and a “student” of another) and so you might not be able to use these categories to apply access controls in the way you were expecting.
For example, if alice#school.edu is a member of a particular course’s courses.teachers collection, and bob#school.edu is a member of courses.students, then you can use this information to decide that bob#school.edu should not see certain content created by alice#school.edu. (For example, you might not want to show Bob the answers to a quiz that Alice has created on your website, just the questions.)
However, because by default all users can create courses, you probably do not want to show alice#school.edu sensitive information created by teachers of other courses, information intended for teachers that you provide (for example, if you are a textbook publisher), or giving her domain-wide admin features.
If you need to distinguish between “real-world” teachers and students, we recommend that you do this via a mechanism entirely separate from Classroom, such as checking that the user’s email address appears in:
a separately-maintained list of teachers (e.g. CSV uploaded by admin)
the classroom_teachers group – domain administrators can choose to verify teachers to allow them to create new classes (use the Directory API to list a user’s groups)
Classroom api dosent provide global role for a teacher or a student its vary from course to course so you can just call student/teacher api
after that you will get json output and you find a special permission for teacher "Create Course" it will help you to recognized that the person is teacher.
"permissions": [
{
"permission": "CREATE_COURSE"
}
]
in case of student this array will be null.
I am trying to get historical data for all of our Yammer posts. We are very active, and like to look back sometimes. The data is loaded into a data warehouse.
For current messages, I get a list of users and then match messages against the user list. I can then use the email address as a unique identifier for the user (our users likes to change their names on the network to goofy names, or to someone else's name) to match it up with the rest of the user information we have for them.
The problem is that I when I start going back in time with the messages, the only information I get about a user is the ID and the username for users that are suspended or deleted. I can't seem to establish a way to match the username against a person. Some of the usernames contain periods (firstname.lastname), and other don't.
Is there any way to get the email address of the suspended/deleted user?
Is there any way to allow spaces in user names Name Givenname and characters like ščťžýáíéúô (any UTF-8 characters) in CodeIgniter Tank Auth library?
I was browse code but I do not know hot to allow it? And aloso I need to allow duplicate usernames (need only email to be unique).
EDIT:
When I trying to register new user I get this error.
http://i.stack.imgur.com/jhxEO.png
I don't think Tank Auth places any restrictions on spaces/characters in the username, it's more likely to be the collation on your users table. Tank Auth uses SQL LOWER() functions to compare usernames to input, so SQL LOWER('whatever is in the DB') must equal PHP strtolower('whatever the user entered').
If your users table is not defined with collation UTF8_GENERAL_CI, try changing it to that.
If that doesn't fix it, the code in models/tank_auth/users.php is very simple, so you can easily adapt it to meet your needs.