We are designing an online application (college admission form) which mandates the user to upload a scanned copy of his photo along with his signature, so that this information can be used to cross verify the applicant when he appears for a exam + personal interview at a later point in time. This entire process requires a scanner for the applicant to scan his photo / signature into an appropriate size. Is there a better way to capture user identity for such purposes as usage of scanner for capturing signature, photo is a painful process.
I would capture some unique information that would be associated with a photo id, such as a driver's license or passport number. Then I would ask them to present that form of identification when they show up. You check the number supplied against the number on their id and their photo on the id against their appearance. Of course, you also validate that the id is genuine as well.
Related
Some pages, such as amazon and Gmail, separate out the HTML Input fields for E-Mail and Password onto two different HTML pages, one after another.
What is the rationale for this approach instead of asking for credentials on just a single page with one HTML Form that has two Input fields at the same time?
Most of the times this happens with federated identity, when multiple identity providers can actually log you in. For example you can use your company identity provider (ie. login server) to log onto a 3rd party resource which trusts your company IdP.
But the question is then how you choose which provider to use in the 3rd party, if they accept several. And this is one solution: you enter your email address, and your email is associated with your IdP, so you can be redirected to the correct login page (from where you will be redirected back). Of course, your IdP can easily be the site itself, in which case the process looks rather silly.
Note that you can be redirected to the "local" password page regardless of whether your username is actually correct or not, and usually only the domain part of the email is used to decide where to redirect, so it is less of a security issue, user enumeration is still not possible. But you can try and enumerate valid identity providers.
I am very new to web development, and I'm trying to get my head around the most efficient method in creating the website.
The premise of the website is for booking activities in various locations. Processes I believe that would take place are:
Customer books activity;
Request updates database, and request is sent to vendor;
If vendor approves request, confirmation is sent to customer in the form of QR code, barcode, and numerical code (for redemption);
If approved, customer is charged the amount of the activity.
My question is what structure should I use in approaching this problem? My thoughts at the moment is placing the website in Google' app engine, using mySQL database.
Any thoughts would be greatly appreciated.
If you're using GAE, I suggest looking into NDB Datastore. https://cloud.google.com/appengine/docs/python/ndb/
Customer books activity → a) store in ndb datastore and b) verify that information → send to vendor
Confirmation (display URL code e.g. http://website.com/?c=generaterandomlongstringhere)
If URL is clicked, you can add a confirm as well after like accept | decline (e.g. http://website.com/?c=generaterandomlongstringhere&?v=acceptordecline)
Update NDB and Charge user
I am planning to have a competition as a first promo for my page.
I will be using PHP for scripting.
I will uploading the scripts to a web hosting server and call the page url on FB.
On FB, I will creating unique woobox app. I will call this page on that app.
What I need on is, when the participant is given the page he/she can participate, the programe should first check if this user has already participated or not in the competition.
If he has already participated, he should be directed to a page where it will say, u have already participated.
If not he/she should be directed to the page he will give his Name, Country & email.
On this page too, I prefer to make use of Facebook api to get the Name, Country, & email id instead of asking participants type in these info..and also get the user profile id and save in the db base, do avoid duplicate enteries
I am totally blank about this FB api n graphs...
Need you fullest help on this.. pls...
The registration plugin can grab a users info and allow them to register, the plugin will post that registration info to which ever page "database" you need.
refer to: http://developers.facebook.com/docs/plugins/registration/
I send 3 different links to people on a daily basis. I know the name of the person I am sending the link to. How do I attach that persons information to the link to know they clicked on the link?
I sent close to 50 emails to different people. I just want to be notified that someone I sent the link to click on it.
You need to use a database for this. The link could contain a random hash that can be looked up in the "emails" table. This table could keep records for timestamps, specifically when the emial was sent out, and when the user clicked the link.
#QUESTION:
Most hosting providers give you the option to hook up a database. If you have trouble finding this, use google or their support. As far as how to "use" a database, you will need to learn this in you own time. But like anything else the basics are widely available through google, which in your case, is all you need to finish your project.
You can add an encrypted or obfuscated field to your URLs identifying the email address.
Common methods:
base64 encoded email address XOR-ed with known key
md5 hash of email address truncated to first N characters
And so on.
The first method allows you to reverse the process (i.e. getting back the email address from the visit log), the second is one-way only.
For example, using the second method with email dude#gmail.com (truncated to 12 characters):
http://domain.com/click.php?v=ec3ab9422d7a
Or, as already said, you can simply use a database and store a key-value pair (email, hash) with, for each email, a random string generated on-the-fly by your massmailer.
I am looking for a way to verify if my app was downloaded by a user. I want to allow users to notify me of their purchase if they intend to donate to a cause and we would donate a percentage after verification of app purchase. I would want to see/validate a proof of purchase. It has to be unique per app download.
If you don't have a logged in user, you can generate some unique code on every dowload ( it might be even a GUID) and supply it to the user. Then he/she must enter this code on purchase.