I run a social networking / blogging website ( http://www.obsidianportal.com ), and currently the users are identified by their unique (and unchangeable) username everywhere. Many have requested the ability to have a display name as well that they can choose. I'd like to support this, but I'm worried about spoofing and identity theft. So, I'm wondering if anyone has dealt with this and has any advice?
Here's what I'd like to avoid:
I'm known as Micah on the site. I don't want anyone to be able to choose my name as their display name and then impersonate me to others on the site. Similarly, I don't want people to be able to impersonate each other.
Here are some possible avenues I've identified:
Let them choose whatever name they want (within reason: profanity, racism, hate speech, etc.)
Don't allow users to choose a display name that overlaps with an existing unique username
Don't allow users to choose a display name that overlaps with an existing unique username OR an existing display name.
Am I being too paranoid? Should I just chill out and let users pick whatever names they want?
I'd go with the principle of least astonishment, in this case "Don't allow users to choose a display name that overlaps with an existing unique username OR an existing display name." Otherwise you could have 10 different people with nickname Piskvor talking to each other ;)
If the account is linked to a profile with some statistic I think you doesn't require to have to be unique username. If at StackOverFlow someone try to use my name and he is under 1 000 reps, I think it's obvious that I am the real. Of course, someone can use my name here and try to be me, in that case I would require assistance from administrator so maybe you should have a système to report abuse.
In the other way, I have a system that validate the username to be unique. That way, it's simpler. I do this because registered people doesn't have any profile page so it would be hard to know who is the real one.
Hope that help you.
Related
I find that the nickname and reference_id fields work differently across platforms and I'd like to get clarification on how they should be used.
With the API, I can retrieve and set both these fields.
In the web-based dashboard, both fields are displayed and can be edited if present, but there's no way to enter a nickname when creating a new customer.
In the Register iOS app, none of these fields are shown or editable. They're also absent when creating a new customer.
What I want to do is map Square Customers to our existing members, but we're facing three problems:
reference_id seems to map perfectly with our existing member numbers but, as mentioned, it's nowhere to be seen in the Register app.
Searching customers in the Register app only searches in names and emails. It would really help us if it searched in reference_id as well.
CustomerGroupInfo is read-only via the API (and not even an endpoint). We would map these to our membership levels.
As of now, I'm looking at ugly workarounds, but I wanted to know if something in the roadmap could help us out. Thanks in advance to the people at Square!
I'm looking for a way to add a drop down for a customer's address (during registration, editing, checkout, etc..) that indicates whether or not it is a Residential or Business address. I have spent hours going through tutorials but they are all out of date or poorly written. I have read 6 different ones telling me how to do the same thing 6 different ways. Can someone outline a simple process that you need to do in order to add a custom attribute to an address? I'm on Magento 1.6
Try something like this tutorial at Fontis: Know More About Your Customers - Adding Custom Signup Attributes
Whilst this was written for 1.3.2.4, most (if not all) is still relevant for 1.6. I've done a very similar thing by allowing a customer to choose the customer group they wish to belong to, by following these directions.
Oh, and there are some great comments on the post as well.
These tutorials should give you a good idea how to do what you want:
http://www.unexpectedit.com/magento/add-new-customer-attribute-onepage-magento-checkout
http://www.excellencemagentoblog.com/magento-adding-custom-field-to-customer-address
Best regards
I am using cancan and trying to get it to limit equipment shown for a specific company.
I have a company with many users that should only see equipment that belong to that company.
I thought cancan could do this based on this:
Rails 3 company account with many users, restrict access to data
So I tried this code:
can :manage, Equipment do |equipment|
user.company == equipment.company
end
In the equipment controller I have #equipment = Equipment.all which I figured would just pull the equipment for that users company, but of course it pulls them all. Is there an easy way to do this or do I need to do #equipment = Equipment.find_by_company_id(current_user.company) anytime I want to pull just that companies equipment. To make this worse I want to eventually break it down by groups and departments, but would rather not have to force myself into more big find queries. I am open to anything, plugins, suggestions, whatever will be the fastest way to fix this.
I could have added more code to this question, but I don't know that adding it all would really help the question.
Thank you very much
Toby
Try Equipment.accessible_by()
https://github.com/ryanb/cancan/blob/master/lib/cancan/model_additions.rb
To be short, It's a website for an investigations lab.
I need to display specific content (lab report) to specific user. Users will be given a username and a password when leaving and will be asked to login on the website to access his/her report with the credentials given to him.
So , it's a "specific content" for "specific user" - Moving to 1.6 is not an option.
I have a solution in mind but involve a lot of core hacking and will take some time ... If any one been in a similar situation or have an idea in mind I would appreciate your help.
Ok, this can be done but it's going to take a little trickery to get there. First, you are going to need a way to post the lab reports and associate them with a user. I would use K2 for this since you can add the report as an attachment to an item. You can also add extra fields to K2, which would be the next step. You'll need an extra field where you can enter a user ID number that you will use to determine if a user is allowed to view the content.
There are several steps you will need to take to now filter the content so only the associated user can see it.
You will need to get the user ID once the user is logged in:
$user =& JFactory::getUser();
$usr_id = $user->get('id');
You'll need a menu item that links to a K2 Category where all the lab reports go.
You'll need a subtemplate with a modified category_item.php for that category that only displays the associate reports:
if($this->item->extra_fields[USER_ID_EXTRA_FIELD_NAME]==$usr_id){
all the category item stuff
}
You'll need a subtemplate with a modified item.php for the category that again blocks users other than the associated user, basically the same code as #3 to either display the content or an error message.
The only other way I can think of that you can accomplish this would be to use an ACL component with a group for each user.
The K2 method with subtemplates would not require any core hacks and will work with a little work.
You can achieve what you want with Flexicontent http://www.flexicontent.org/ and Flexiaccess
Flexicontent is a K2 type component and I use them interchangeably. With Flexiaccess you can create items that are only available to certain users.
No hacks required.
Bad News: That cant be done with standard Joomla 1.5 (without hacking)
Good News: You can use one of the free or commercial Extensions for Joomla to accomplish that. I would suggest for example:
Admin-User-Access
http://extensions.joomla.org/extensions/access-a-security/backend-a-full-access-control/9040
Or you can search for yourself:
http://extensions.joomla.org/extensions/access-a-security/backend-a-full-access-control
Anyone know how to get a user's short user name, eg. "johnsmith", given their full name, eg. "John Smith"?
Note I'm interested in any user, not the current user, so functions like NSUserName are irrelevant.
Why? I am authenticating a username and password using Authorization Services. This allows people to enter either their short name or their full name, which is nice, but I then need to know who they've actually logged in as (ie. short user name and/or user id).
Nasty hacks like [NSHomeDirectoryForUser(username) lastPathComponent] don't work consistently.
You need to use the Collaboration Framework :).
Link this framework to your project, and then you just need to do the following:
CBIdentity* identity = [CBIdentity identityWithName:#"John Smith" authority:[CBIdentityAuthority localIdentityAuthority]];
NSLog(#"Posix name: %#", [identity posixName]);
And voilà!
EDIT: If you need to find only users that are bound on the network, you need to use +managedIdentityAuthority instead of +localIdentityAuthority.
And if you need to find both local users AND network users, use +defaultIdentityAuthority.