Is there any API to change username of an registerd user. Ejabberd doesn't provide any type of api key to change username so, any way to do this? Maybe a new API written in PHP or ejabberdctl command.
There isn't such a thing. If you store the information in a SQL database, you can simply replace the username in the corresponding tables.
Related
What I'm trying to do is use Cloud SQL for MySQL for my database and use Firebase for auth and push notifications. What I can't figure out is how can I match a Singed In user with the corresponding user in my MySQL database to fetch the users data.
When you're using Firebase Authentication, you'll typically use the UID of those users to associate them with their data in the database. Instead of using a foreign key, it'll just be a string value - as there's no target in the database for a foreign key to point to.
After that, it should be possible to query on the UID values as you would do on other fields too. If you're having a problem with that, edit your question to show what you tried.
I have been given a project to take over, my new client has given me all the files that where used to run the MLM website from the previous developer, my client asked me to decrypt the admin password. Someone help me go about this. Thanks in Advance
Dont waste time trying to unhash a hash
Just create a new user account with a password. Then copy/paste the new accounts hashed password into the Admin accounts password column. Using an UPDATE query of course.
The password for the admin account will now be whatever password you used for the new account.
Then delete the new account.
I am creating a cron job, that runs a php script that will login onto an external website using curl and scrapes a page to extract data.
Now the question I have is that I need to store the credentials in the database, how can I store this securely. The problem is that the curl script would need to post the username and password in clear text.
The service is similar as to what Mint.com does, ie pulling billing information using users credentials.
Any advice would be appreciated.
Thanks
The data can be encrypted (See the examples in openssl_encrypt), then decrypted when you need it in your php script and pass them unencrypted as a string concatenated to your call of curl.
If the external system does not provide an alternate (non-password-based) authentication method (unlike e.g. facebook, which support OAuth) then you have no good choices. Either your app will always ask for a password - a bit awkward and not automation-compatible. When this is not good enough then the DB+app together have to know the password, so anyone with access to both will know it too. The only thing you can do is to make sure that access to only one of them is not enough: create a secret key for the app, and hide it from DB admins (put it in the source). Use this as key for encrypting passwords (you might want to build the actual encryption key with this secret key + some invariant user-specific data [e.g. userID] to improve the protection of the secret key). And so you can store the encrypted passwords in the database. There are pretty many privacy concerns though. One's password should never be discoverable by anyone else, but here this is not the case. If the DB is on the webserver, admins will see both the encrypted passwords and the secret key - fail. The app will have unlimited access to the password so its developers will have that too (e.g. they can hide snippet to send an email).
I am creating an iOS App which the user will be able to login to via his account with our website (internal), or via Facebook or Twitter.
What I would like to know is how should I manage the database in order to verify his Facebook / Twitter account with his internal account on my website?
I.e When the user logs in via his internal account, I just run a simple authentication check to see if his username and password are valid. However with Facebook and Twitter, I obviously can't do this as I don't have access to the user's password.
Thanks in advanced.
my suggestion is that you would create a new table for each of the login types and connect it to your users/members table.
for example - for facebook login you would have a facebook_users table to hold the user's data (such as name, pic and most important - fbid)
than add a column named facebook_user_id to your existing members table.
in order to get the logged user from facebook you don't need to access his password... you should use the Facebook JS SDK and specifically the FB.getLoginStatus and FB.login function...
offcourse my suggestion is only one of many applicable ways to accomplish the task
Save fbid instead of fb-login user_name (you can keep both) of the user in your internal login table - A unique mapping exists (I'm sure something similar exists for twitter as well). Why do you need fb password for it?
Moreover, you run the check on internal table to authenticate user account, but when using login from fb or twitter, isn't the user already authenticated?
So I am creating a website that basically allows user to sign up using their facebook account/facebook connect and just a traditional sign up (username, password). Now currently my table looks like this:
uid, username, password, email
I was thinking of how can I change this table structure to incorporate the facebook account connect as it doesn't have any username or password in it, should I just store the email and leave the username and password blank? How do other sites that have such login structure save this information?
You'll really want to store the facebook_id as well, for which I recommend using a bigint.
You might also want to add a status column that indicates whether this user account was created via email address or facebook_id, so that at login time you know which to check. Alternately, you could just check the one that you have credentials for.
This is a fairly open ended question, and the answers depend on what your trying to accomplish, and the use cases you're trying to address. Some general thoughts/suggestions: You should also store the Facebook ID as a separate column. You can leave the username blank, as the Facebook ID can uniquely identify the user, or you can use the email as the username. If you use only Facebook connect, you don't need the password since you can use the JS SDK to make sure the user has a valid Facebook login session.