I have a program to extract transaction logs from my Bank website for the ERP system. Since my Bank doesn't provide any Web Service for this kind of data, I have to scrape it. This program is not intending to bypass captcha. Users have to input the captcha/bank account for the login part. It had worked until my Bank changed to Google Invisible reCaptcha. Since then I couldn't get the correct reCaptcha-token.
These are the steps my program process using HTTP Request: (Java, HtmlUnit)
Get login page
Get Captcha Image and show it to the user to resolve it.
Get reCaptcha-token from this link: https://www.google.com/recaptcha/api2/anchor?ar=1&k= ...
Post (bankaccount id, bankaccount pw, resolved captcha image, reCaptcha-token....)
So how to get the correct reCaptcha-token based on sitekey and siteurl?
Related
In my web app i ask several questions from user in a form. After completing this form there is a summary page highlighting the user`s answers.User would be redirected to payment gateway after this stage. At this stage there is an option to save the answers and do the payment later.An email goes instantly to the user highlighting his answers and intimating him that he was about to make the payment. There is a hyperlink in email which will redirect the user to the summary stage from where he left the journey so that he can proceed and make the payment.
What is the best way to keep track of user stages so that if he has already made the payment he wont be redirected to the payment gateway by the hyperlinks in the emails whihc were sent prioir to the payment stage.
I am using Spring mvc and MongoDB.
Thanks in advance.
Assuming that payment gateway is not part of your application.
A good approach would be that your application be notified if any payment is done on a payment gateway (order id , Customer id , product id or stuff like that).
Payment is supposed to be made against an order id now the payment gateway is supposed to handle if payment is already made against this order.
So contact the payment gateway team for how to retrieve if payment is successful.
On android client, I create Credentials, then choose account using AccountPicker and set the account name. On GAE, I have User parameter in every endpoint method. (I described it here)
Android Client ID, Web client ID and audiences are configured correctly.
On endpoint, the user is not null and has correct email set. But when I call user.getUserId() I get null. Is this user authenticated or not?... It really makes me nervous not to know that...
What you describe is odd, and I don't know why you get null when you call getUserId(), but never-the-less I would say, Yes, you are authenticated.
If you want to be sure, then you could try using that authentication from a web client - I read that once you have authenticated an Android user you are automatically given minimal account authentication for web too. So create a minimal servlet that includes the following code:
UserService userService = UserServiceFactory.getUserService();
User user = userService.getCurrentUser();
Load the page while signed in with the same account you authenticated from Android and see whether it acts like it already knows you, or whether it prompts the user as it would for a different, un-authenticated user.
This is a bug on google's side.
There seems to be a clunky workaround: save User to datastore and read it back.
Hi am regarding facebook php server side login..
http://developers.facebook.com/docs/authentication/server-side/
in that
$code = $_REQUEST["code"];
what is the meaning of this..., what is this code ?
Once the user has authorized your app, you should make a server side
request to exchange the code returned above for a user access token.
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=CODE_GENERATED_BY_FACEBOOK
Note the "CODE_GENERATED_BY_FACEBOOK" comment.
$_REQUEST['code'] is most likely a token that guards against CSRF. Facebook will create this and give it to your application via $_REQUEST['code'] (could be a POST, GET or whatever).
If you're not sure what $_REQUEST is, you should read the PHP manual entry for it.
$code is like authorization token that you exchange for an access token that you will use later to make calls to facebook api. The part you're looking at handles redirect from facebook after user logged in to facebook and authorized your application to access their information. at this point facebook redirects user back to your site and passes code as a get parameter and that line grabs that code from $_REQUEST, which in this context is the same as $_GET['code']
I'm trying to get friends count via my account using Facebook API. Its working well.
But if i get friends count using one of my friendId, i'm getting the following exception
Tests in error: friendsCount(com.company.facebook.test.FbClientTest):
Received Facebook error response of type OAuthException: (#604) Can't
lookup all friends of 649390517. Can only lookup for the logged in
user or the logged in user's friends that are users of your app.
That error message seems pretty clear, you can't access friends-of-friends via the API unless the other friend also uses your app.
You can however check for mutual friends between your app's user and any arbitrary user ID.
To do that, make an API call to
/USER_ID/mutualfriends/OTHER_USER_ID
Where USER_ID is the user who's authorised your app, and OTHER_USER_ID is the user you want to check for mutual friends with.
I'm developing a website with using struts2 and jsp pages. In many sites after you sign-up, a link will be sent to your email and after clicking on that the registration is complete. I want this feature on my webstie, but I don't have any idea how to do this and how is this working? Should I save user's information on my database until he/she is verified or not? I searched web but there is learning for php forms.
any tutorial?
Thanks in advance.
The algorithm is something like this:
Save the user's info, marking it with a pending status.
Generate a token that contains some info
related to the user's account.
Generate the email, which must
include the URL to activate the
account and the URL will have the
token in it.
The URL must point to
some servlet or service in your app
that will validate the token, check
if the user related to the token is
inactive, present a completion form
(let the user set a password,
present a captcha, etc) and on form
submission you activate the account
with the password they set.
You should periodically scan the
inactivate accounts and delete the
ones that are several days old and
have not been activated.
To generate the token, you can encrypt some data such as user ID, email, etc and encode it in Base 64 (the URL-safe variant) - remember to salt it when you encrypt. When you receive the token, you decode and decrypt it, and it must point to an inactivate user account.