Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I have a web app which requires user to register and login to use it. In the database, i have a serial number for every user that is auto generated. The buisness logic uses these serial number to identify users and not their username or email id. Now if i login using Facebook or google +, how to proceed? without a serial number, the buisness logic fails.
You can auto register the user while making them log into the system by google or fb. Then you can easily auto generate the serial numbers as per your business logic.
You will get more insight by checking this link http://www.sanwebe.com/2012/11/login-with-google-api-php
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
complete noob here.Any help is really appreciated because we are under the cosh.
My team is building out a bespoke donation form for a charity client and are trying to integrate Paypal.
The problem is that the api we are working with is requesting a Paypal ClientID and ClientSecret ID.
What is the best practice for getting these values? I've read that you have to set up a developer account via Paypal and then set up an app, however, does that mean we require access to their paypal account.
Can they grant limited access to their paypal account so we can create values?
Thanks in advance :)
You'll need to use a sandbox account:
https://developer.paypal.com/developer/accounts/
This will create a dummy version with no real transactions that you'll have full access to, alongside a production version that only your client will see.
You can determine which of these accounts is used through env vars, switching out the client ID as needed depending on which environment you're performing the transactions on.
But at the end of the day, yeah, you will have access to their production client ID and client secret ID. There's no way to get these onto your server unless your client is able to do it themselves.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I just entered a company which is developing a website supporting hosts in Airbnb. Basically, this website will give the recommending price for hosts after they login in the Airbnb.
I noticed that the website have stored the hosts' passwords of Airbnb in database. The passwords are stored in secret code, but it can be encrypted by a key. When a host wants to update the price on this site, the site will send a request to Airbnb to get the token with the password stored in database.
Websites such as Beyondpricing have similar function. I am wondering how they realised it. Should a website storage Airbnb users' passwords?
The general rule is passwords should always be hashed to protect from improper use.
In this case your company (and likely others) are encouraging AirBnB customers to break AirBnB's Terms of Service, from their website:
You are responsible for safeguarding your password. You agree that you will not disclose your password to any third party.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm using Enterprise Resource Planning (ERP) and we have to design three desktop applications (a Finance management application, a human resource management application and a warehouse management application using object oriented programming).
The client wants each person in their company to have only one account for the three applications (like google account that let you access google drive, google mail, google+)
How can I design an account system in order to access each application?
You need to create and account system to manage your unique ids.
An unique id can be an e-mail address, phone number, taxpayer identification number, an UUID (an auto-generated universal unique identification), a social id (gmail, github, facebook) or any other method to create it.
You can also set one primary and contactable unique id with alternative account ids.
Now, consider the following responsibilities (a responsibility can be implemented by one or more classes):
An Activity (a command, action or method) to be managed.
An User that uses the account system and decorates a Person or any other Actor.
And an AccessRole responsible to keep who (an actor) can perform an activity.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I am at the beginning of my website project and now for requirements step I want to grouping the roles of website users,there is three roles for the users:
Users who visit the website an use it's free services.
Users who have an account and uses it's more free services.
Users who have an account and monthly pay for using paid services.
Admin user of the website.
What is the best roles for these users?
You seem to have two roles:
Admin
User
The User role seems to be separated into three tiers or types:
Unregistered users
Registered Users
Paid/Subscription Users
That's how you need to be thinking about your groups of users. Admins don't really count unless you have special privileges. How you treat your different levels of users is very important however since I assume your goal is to "land and expand". i.e. Lure in users with free services, get them to register with further offerings and then get them to pay for even more advanced levels of service.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I have a database that contains my company clients info. We want to enable those clients to register on our website and see their data. How should be newly registered user matched with Client entity in our database? Should it be manually done by administrator? If so, what data do we need to identify them? SHould the admin be informed by an email?
It's a matter of privacy.
INSECURE SOLUTION
If you don't mind the possibility of someone seeing your client's info, I would suggest the following:
Provide a form for your clients where they enter their customer ID (if they know it) or simply their full name
Match this info to your database and present a pre-filled form to your clients that they only need to check for changes.
SECURE SOLUTION
Send an email to all of your clients asking them to register using their code (you send them their personal code in this email and you can match this to your database).
Alternatively, you can let your clients enter all of their information and manually match this to the client entity in your db. I cannot suggest this, but if you want to do this, check it on a daily basis.