i making route for updating user profile data i come with this solution
Router.route("/login").post(userController.Login);
Router.route("/register").post(userController.Register);
Router.route("/profile/update/cover").patch(userController.UpdateProfileCover);
Router.route("/profile/update/details").patch(
userController.UpdateProfileDetails
);
Router.route("/profile/update/photo").patch(userController.UpdateProfilePhoto);
Router.route("/profile/update/email").patch(userController.UpdateProfileEmail);
Router.route("/profile/update/password").patch(
userController.UpdateProfilePassword
);
the app will allow user to upload images and verfiy email and password
is this a good practice or there are alternative when it come to this type of situation
You are basically doing the following
SELECT entity from User -> Validate -> Update User's Entity
On every time user is calling the API, why not adding save button to on your UI and send all changes all at once, this will help reducing queries and resources needed, this is crucial especially when you scale.
other than that it is acceptable.
Related
this question has been posed in many flavours, but no one fits my needs.
I'm working on a partially complete Razor project; the original developer has left our office, and he wasn't much concerned about securing password fields, as he left all of them in clear.
These passowrd fields authorize several aspects (Ftp primary and secondary access, Ftp on AS400 and mail sending), so nothing related with login/submit forms. When I changed these fields from text to password, they revert to blank fields, regardless the content of the View Model, and this should be the correct behaviour, as per the numerous answers I've seen googlin around.
My problem is this: the user needs to know at least if a password has been configured (seeing a string of * or any other mask character the browser use), so I need to show him that value to let him know if the service is configured, and the best would be to let him also reveal the password to check if it's correct. The option to not update the particular field in the DB if it's left blank is not an option.
This site works only on Intranet, so there is no concern about hackers monitoring the connection or similar.
I've tried all (I think) the possible combinations, including building the input element manually through html, using the #Html.TextFor and #Html.PasswordFor helpers, decorating the corrisponding member in the view model with [DataType(DataType.Password)]. The data is binded when the page is loaded, so no ajax calls help me retrieving data.
I'm relatively new to Razor, as my last two projects are entirely in PHP.
Thanks for any suggestions.
Ok, no other solution found than issuing an ajax call to a dedicated HttpGet controller method to retrieve only the password fiels, then populating the dedicated fields when the controller returns the object containing all the password I need.
I'm making a web app where users can create pages, edit them, and delete them. In developing the prototype, I have a user access a route such as:
localhost:8000/mypage/1
The "1" in the URL refers to the ID in the database, so that the controller can fetch the appropriate associated data and populate the page accordingly.
The obvious problem here is that a user can plug in any number to that URL and edit someone else's page.
One obvious fix would be to add logic that checks whether or not page '1' belongs to the Auth::user(). But this would be an if statement that I have to add to every controller that carries out such function.
When I think about other sites, they never have ID's in the URL, or if they do, they look 'encrypted' in some form. What is the best practice for changing an ID into some uninterpretable string that I frequently see done on other websites?
Thank you for any help.
why don't you just use a middleware that check if the route can be acceded by the user? then you can call it with
$this->middleware('middlewareName');
in the controller that you need it or even in the web.php if you want a whole set of routes protected
I made OnBeforeinitialize hook. I need place there code which register new user if user doesn't exists in database.
Which MediaWiki class and functions should be used?
If you need to create users, chances are you are doing something wrong. Users should be created on login/signup (use a PrimaryAuthenticationProvider to tell the system to create them), or when they are authenticated based on request data (use a SessionProvider). There is also User::newSystemUser but it's only meant for scripts.
Even if I don't know, what you really want to do, where the data for the user should came from, and why you want to do this in the BeforeInitialize hook (so, in fact, any useful information to really know and understand what you want to achieve is missing, therefore, you'll get an answer to your concrete question without any guarantee, that it works like you expected in your use case). However, to create a new user, you can use the createNew function of the User class. You should check, if the user is already present in the database.
EDIT:
An usage example:
$user = User::createNew( 'Testuser', [ 'email' => 'email_from#external_source.com' ] );
Ok so here is what is happening:
I have a client that I am building an application for. My client has a flowchart that they would like posted on the front page of their application. Check. My client then wants this flowchart to be set up as an image map so that a user could click one of the boxes in this flowchart and be taken to a report in another part of the application. Check.
All of that is elementary and, in a technical sense, works. The issue is, and it is an issue I have encountered before with APEX, is that every time a user clicks one of these links it takes them to the login screen. It seems that linking directly to a page's URL breaks the session and requires you to login again, even if you are linking from one page in the application to another in the same application.
I have played with all of the authentication settings in a hopes of fixing this and tried to determine what is breaking the session exactly but with no luck.
Has anyone else had this problem and could share their method for fixing it? I really cant have users logging in every time they click a link and I also cannot simply remove the authentication on the pages. Thanks in advance.
You should pass on the session id in your links. If you don't, then apex will see this as a new session. You can tell from the url: take note of the session id in your url when you are on your image map. When you select an application, take another look at the session id part in the url. If they are different, then you are starting a new session each time.
/apex/f?p=190:90:1674713700462259:::::
190 -> application id
90 -> page id
1674713700462259 -> Session id
To pass on the session, it depends where you construct your links.
In PLSQL, you can find it through :SESSION or :APP_SESSION
For example, in a plsql dynamic region: htp.p('the session id is '||:SESSION);
In javascript code you can use $v("pInstance") to retrieve the value dynamically, or use &APP_SESSION. which will have the value substituted at runtime.
Small example:
function printsome(){
var d = $("<div></div>");
d.text('&APP_SESSION. = ' + $v("pInstance"));
$("body").append(d);
};
So you probably just need to alter the construction of your link somewhat to include the session!
I was assuming the binding variables will do the job. But they were helpless.
Best way is to pass the current session id to an item then use the item value in the link.
f?p=&APP_ID.:32:&P31_SESSION.:::P32_CUSTOMER_ID:#CUSTOMER_ID#
Hello,
I'm looking for advise on how to share certain bits of data (i.e. post-submit confirmation messages) between individual requests in a web application. Let me explain:
Current approach:
user submits an add/edit form for a resource
if there were no errors, user is shown a confirmation with links to:
submit a new resource (for "add" form)
view the submitted/edited resource
view all resources (one step above in hierarchy)
user then has to click on one of the three links to proceed (i.e. to the page "above")
Progmatically, the form and its confirmation page are one set of classes. The page above that is another. They can technically share code, but at the moment they are both independent during processing of individual requests.
We would like to amend the above as follows:
user submits an add/edit form for a resource
if there were no errors, the user is redirected to the page with all resources (one step above in hierarchy) with one or more confirmation messages displayed at the top of the page (i.e. success message, to whom was the request assigned, etc)
This will:
save users one click (they have to go through a lot of these add/edit forms)
the post-submit redirect will address common problems with browser refresh / back-buttons
What approach would you recommend for sharing data needed for the confirmation messages between the two requests, please?
I'm not sure if it helps, it's a PHP application backed by a RESTful API, but I think that this is a language-agnostic question.
A few simple solutions that come to mind are to share the data via cookies or in the session, this however breaks statelessness and would pose a significant problem for users who work in several tabs (the data could clash together). Passing the data as GET parameters is not suitable as we are talking about several messages which are dynamic (e.g. changing actors, dates).
Thanks,
M.
It sounds like type of user messaging system is needed. By this what I mean the process could look similar to the following:
The user submits the form
The system could register the user for a set of notifications/messages (store in a DB table or something along those lines.
The system send the redirect response to the user
On the next page load for the user the system would check to see if the user had any pending messages.
If they do then remove them from the pending list/table and add them to the page
This keeps you from having a page state issue while still providing the user with the messages to be displayed, note that you might need to tweak the specifics to your needs.
Hope this helps.
ASP.NET
Since the question is presented as language agnostic, you might be interested in ASP.NET's Server.Transfer which does exactly what you want to achieve.
PHP
However for PHP, the situation doesn't seem to be very easy and all solutions that come into my mind have design smells:
Sessions
Using sessions to mark your data with certain flags and then check and use them on overview page. You just have to be sure you always unset these data after you don't need them anymore, which might be tricky.
Database
Queue those data in database as confusedGeek described in his post, but I don't think it's a good idea to query every single request like this. It's going to be quite many requests on DB server if you application is bit bigger, which might slow things down.
cURL
Taking advantage of cURL in PHP, if you have the chance:
<?php
$curl = curl_init( );
curl_setopt( $curl, CURLOPT_URL, "http://localhost/something.php" );
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, $_POST );
curl_exec( $curl );
curl_close( $curl );
?>
<form action="test.php" method="post">
<input id="textfield" name="textfield" />
<input type="submit" />
</form>
This piece of code takes something.php on server side, allows to send POST data to it and shows you its content (which could be just print_r( $POST ); in this example). This one could do what you need, but it has once again one flaw - the URL won't change, so users might get confused - and I wouldn't really recommend it.
I personally think your case might be a design flaw. Why would you want to take all resources from form page and move them to other? Isn't easier to work with your data in a file / class designed for it and then just decide what outcome you have? If something fails, it returns the user on page with form and if everything went well, you post the data to DB and show overview page with some happy message that everything went okay.
If you really want to proceed with the way of sending everything to other page, using AJAX/AJAJ could be another solution for you.