How to validate a location address in form? - ruby-on-rails-3

I want to validate that the postal address filled in by a user is correct.
Assuming that we have the fields street, street_number, postal_code, city and country
How can show errors when the user, types in that his country is France and is city is New York?
or
How can I detect that a postal code doesn't correspond to the city?
Is there a strategy to address this issue with Ruby On Rails or shall I just trust the user entries ?

There are several companies that publish US ZIP code directories, typically not terribly expensive, and some even come with lat/lon data. This is the most common way of validating city and state in the US or North America. Worldwide postal codes to country and city is likely to be a harder problem, or at least a more expensive one.
Another approach would be to use the Google Maps API, perhaps in conjunction with the data you can get from location-aware browsers (all modern ones). To be honest, it's been a while since I have used the API, but seem to recall you can get pretty detailed information given a lat/lon. Google now charges for high use of the Maps API, but if your site has even moderate traffic, you're probably still in the free zone.
At some level, you'll have to trust users. I remember a while back we found anomalies in user reported zipcodes in our database -- seemed like everyone lived in Beverly Hills, CA. This was around 2000, when the original version of the TV show "90210" was still around -- that's the zipcode :-).

Have you considered just a jQuery plugin to verify addresses for you? It's free for many users, up to 250 lookups/mo, and is always current (no need for you to maintain a database).
Incidentally, I work at SmartyStreets. There's also a ZIP code API to look up if cities match ZIP codes and vice-versa. Either way, we've put a lot of effort into making the user experience positive, even when the address they type isn't totally valid.

Related

How can I determine the IANA timezone of a specific location

Is there a (free) webservice where I can a) give it an address (either full or city, state/province and zip), and b) get the IANA timezone of that address?
Use case: I have a form where a user manages clinics. Each clinic has an address. I want to preselect that IANA timezone of that address, so that I can adjust appointment date/times associated with that clinic.
I know that the Google Maps API and Bing Maps API can give me the lat/long of an address, and that there are other services that can give me the IANA TZ based on the lat/long. That said, those api's require subscriptions and keys and contracts, and it would also require a two request approach to get the single piece of data.
Address geolocation is a hard problem. It requires deep understanding of address systems and reacting to ever-changing, real-world, messy scenarios.
For example, you could get a database of the Zip codes of the United States and their approximate locations, but it would only be a snapshot. You'd find over time that new Zip codes would be added and missing from your data, and that existing Zip codes had been expanded to include other areas. You'd also find many Zip codes that are "non-locatable", such as those used to send mail to military overseas. You could even find a single Zip code that has addresses in two different time zones.
Take international concerns into effect and you'll find all sorts of edge cases. Every country and territory has their own special rules and situations.
It is a problem worth paying a service provider for. Trying to do geolocation in an offline manner might be possible, but it isn't advised.
The second part - figuring out which time zone goes to a location, is also messy. However it's slightly easier to coordinate. The Time Zone Boundary Builder is the main open-source project that attempts this. Most libraries referenced here use that data. But even then, it has updates and relies on borders established by Open Street Map data. Some of those borders are in dispute, so a service from Google, Microsoft, or others could give different results because they have map data with different borders. If you care about such things then you might want to test some edge cases against the different providers to see if you're satisfied with the results. You may find that the TZBB data works well, or you might prefer one of the online solutions.

Moqui / PopCommerce: country-specific postal address format profiles?

I'm totally new to Moqui/PopCommerce and my first impressions of it are great.
One thing that I didn't find how to do was country-specific postal address formatting: unfortunately, every country has a different address format, with different fields, ordering and arrangement of the fields.
For example, in most of Europe, the Zip code is expected left of the city name and there is no '#' sign in front of the house number. In France, the house number is left of the street and followed by a comma.
Some countries e.g. in Asia even have multiple address formats depending on other factors (e.g. rural vs city)
You can see explanations and examples here:
https://en.wikipedia.org/wiki/Address_(geography)#Format_by_country
http://www.columbia.edu/~fdc/postal/
So for any software that handles postal addresses, there are at least two situations where that country-specific address formatting is relevant:
1. in any output of a postal address (e.g. display, printout, mail, pdf, etc.)
2. in input of a postal address (e.g. address input form)
While an input form that doesn't adapt to the country-specific format is only a secondary problem (at least as long as it is only used by internal users and not external customers), any address output (especially one that is seen by any external customers) really HAS to conform to the country-specific address format and order, which means that there should be some way in the input form to choose an address format profile (e.g. by adapting to the chosen country).
I didn't see how to do that easily. I did find a PostalAddressSimpleTemplate variable in /vapps/system/Localization , but as I understand it, adding translations there would make the output dependent on the locale chosen by the user and not on the country of the address.
So my questions are:
* Is there any easy way to do this? (maybe I just didn't find it?)
* If not, is this something that would likely be added in the near future?
To date the functionality in SimpleScreens (which is where the postal address entry forms and display templates are located) is more USA oriented because all of the sponsorship for it has been by companies in the USA. There have been a few contributions that are localization related, and a few localization components that others have built (see the Add Ons page on moqui.org), but these particular forms seem to be customized rather than made more dynamic to work better across a wider variety of locales.
If you are targeting a specific locale the best thing to do is plugin your own address entry form and display template, and if you are building a public facing web site you probably shouldn't use the forms or templates from SimpleScreens anyway (all are meant for internal applications, or portal sorts of sites for external users with a limited scope, but really not for ecommerce and other sorts of sites where they are publicly available and users won't use them enough to be able to use them with no training or documentation, or from another point of view benefit from the standard UI patterns).
The OOTB input form has started to move in a more country-generic direction with the country drop-down being to the left of the state/province drop-down (for whatever sub-country region is used in the country) and the state/province drop-down reloads from the server when the country is changed.
The output structure (in the address .gstring file, for HTML output) doesn't currently do anything different based on the country.
These will both change over time, but right now basically to handle country-specific input forms or output templates customization is required.

Vies database split address

I'm using vatlayer API for getting company information by put in the vat number. https://vatlayer.com/documentation
Now I want split address info in the state, zipcode, addressline and address number.
I get the address info: BREDABAAN 13052900 SCHOTEN.
The address number and zipcode stands against each other without spacing. (1305number and 2900 zipcode).
Is there another API for working with the vies database where i can split these information? Or an work around for this bug?
VatLayer don't support the split atm.
I get the address information by:
$("#organisation_address_line_1").val(json.company_address);
Thanks in advance,
There's quite a lot of API's to handle VAT validation but the ones that provide information about the trader essentially all rely on the official API at http://ec.europa.eu/taxation_customs/vies/checkVatService.wsdl . It connects directly to the VIES system. Perhaps the values returned there are a bit different: it's worth trying your validation that way as well.
Unfortunately, since VIES does not return structured addresses (except for approximate matches, but only Spain supports them at the moment) and does not specify a common format for the free text addresses, you're going to have to deal with whatever format the country has chosen to provide, which means manual parsing.
I reckon 3rd party wrapping API's could handle guessing the format and splitting the formats on their own but I am not aware of any that would do it.

get 9 digit zip code from 5 digit zip code, programmatic, api

I have 5 digit zip codes, these are retrieved from Google Maps Api.
My dilemma is that I have to connect to a remote database which also contains addresses. If the address does not exist in that database, I have to write it, if it does exist then I do nothing except store the ID that database has assigned to the address. The problem arises since the api to check this database does not take wildcards, the addresses in that database have 9 digit zip codes (5+4) and will not return that the rest of the address matches my address with 5 digit zip codes.
The remote system will tell me that the address does not exist with the ones I send it.
So to prevent duplicate addresses from being written to the database I would need to find the 9 digit version of the zip code I have before sending it.
How would this be done? Is there a formula for determining what the last 4 digits of a 5 digit address are? Does the USPS have an API? Does the Census have a giant table?
Insight appreciated
You are only allowed to use the USPS API for information if you are using the USPS to send out mail...
But you could check out SmartyStreets (I used to work there) or another CASS-Certified vendor. They are licensed for address verification, and you can also perform city-state and ZIP code lookups without an address (depending on who you choose).
I think you'll find them much easier and more comprehensive than the default USPS web service.
Here's some sample code... take your pick: https://github.com/smartystreets/LiveAddressSamples
The US Postal Service have a number of APIs. Their "Address Information APIs" include:
Address Standardization
Eliminate addressing errors and help ensure accurate and timely delivery. This tool corrects errors in street addresses, including abbreviations and missing information. It also supplies a ZIP+4® Code.
ZIP Code™ Lookup
Find matching ZIP Codes or ZIP+4 Codes for any given address, city, and state in the U.S.
City/State Lookup
Use a ZIP Code to get accurate city and state information.
The Address Information APIs require permission to use.

Account verification: Only 1 account per person

In my community, every user should only have one account.
So I need a solution to verify that the specific account is the only one the user owns. For the time being, I use email verification. But I don't really need the users' email adresses. I just try to prevent multiple accounts per person.
But this doesn't work, of course. People create temporary email addresses or they own several addresses, anyway. So they register using different email addresses and so they get more than one account - which is not allowed.
So I need a better solution than the (easy to circumvent) email verification. By the way, I do not want to use OpenID, Facebook Connect etc.
The requirements:
verification method must be accessible for all users
there should be no costs for the user (at least 1$)
the verification has to be safe (safer than the email approach)
the user should not be demanded to expose too much private details
...
Do you have ideas for good approaches? Thank you very much in advance!
Additional information:
My community is a browser game, namely a soccer manager game. The thing which makes multiple accounts attractive is that users can trade their players. So if you have two accounts, you can buy weak players for excessive prices which no "real" buyer would pay. So your "first account" gets huge amounts of money while the "second account" becomes poor. But you don't have to care: Just create another account to make the first one richer.
You should ask for something more unique than an email. But there is no way to be absolutly sure a player don't own two account.
The IP solution is not a solution, as people playing from a compagny/school/3G will have the same IP. Also, Changing IP is easy (reset the router, proxy, use your 3G vs wifi)
Some web site (job-offer, ...) ask you for an official ID number (ID, passport, social security, driver licence, visa (without the security number, so peolple will feel safe that you won't charge them), ...)
This solution got a few draw back:
minor don't always have an ID / visa
pepole don't like to give away this kind of info. (in fact, depending where you live: in spain for example, it is very common to ask for ID number)
people own more than one visa.
it is possible to generate valide ID/visa number.
Alternative way:
ask for a fee of 1$
to be allow to trade more than X players / spend more than X money.
people that pay the fee got some advantage : less ads, extra players, ...
paying a fee, will limitate creation of multiple account.
fee can be payed using taxed phone number (some compagny provide international system)
the payment medium could be use as an ID (visa number)
put some restriction in new account (like SO).
eg: "you have to play at least 1 hour before trading a player"
eg: "you have to play at least 3 hour before trading more than 3 players"
Use logic to detect multiple account
use cookie to detect multiple account
check last connection time of both player before a transaction. (if player A logout 1 minute before player B login : somethings is going on)
My recommandation :
Use a mix of all thoses methode, but keep the user experience fluide without "form to fill now to continue"
Very interesting question! The basic problem here is multi-part -
Opening an account is trivial (because creating new email IDs is trivial).
But the effect of opening an account in the game is NOT trivial. Opening a new account basically gives you a certain sum of money with which to buy players.
Transferring money to another account is trivial (by trading players).
Combining 1 & 2, you have the problem that new players have an unfair advantage (which they would not have in the real world). This is probably okay, as it drives new users to your site.
However adding 3 to the mix, you have the problem that new players are easily able to transfer their advantage to the old players. This allows old users to game the system, ruining fun for others.
The solution can be removing either 1,2,3.
Remove 1 - This is the part you are focusing on. As others have suggested, this is impossible to do with 100% accuracy. But there are ways that will be good enough, depending on how stringent your criterion for "good enough" is. I think the best compromise is to ask the user for their mobile phone numbers. It's effective and allows you to contact your users in one more way. Another way would be to make your service "invite only" - assuring that there is a well defined "trail" of invites that can uniquely identify users.
Remove 2 - No one has suggested this which is a bit surprising. Don't give new users a bunch of money just for signing up! Make them work for it, similar to raising seed capital in the real world. Does your soccer simulation have social aspects? How about only giving the users money once their "friend" count goes above a certain number (increasing the number of potential investors who will give them money)?
Remove 3 - Someone else has already posted the best solution for this. Adopt an SO like strategy where a new user has to play for 3 hours before they are allowed to transfer players. Or maybe add a "training" stage to your game which forces a new player to prove their worth by making enough money in a simulated environment before they are allowed to play with the real users.
Or any combination of the above! Combined with heuristics like matching IP addresses and looking for suspicious transactions, it is possible to make cheating on the game completely unviable.
Of course a final thing you need to keep in mind is that it is just a game. If someone goes to a lot of trouble just to gain a little bit of advantage in your simulation, they probably deserve to keep it. As long as everyone is having fun!
I know this is probably nothing you have expected, but...
My suggestion would be to discourage people from creating another account by offering some bonus values if they use the same account for a longer period, a kind of loyalty program. For some reason using a new account gives some advantages. Let's eliminate them. There are a lot of smart people here, so if you share more details on the advantages someone could come up with some idea. I am fully convinced this is on-topic on SO though.
We have implemented this by hiding the registration form. Our customers only see the login form where we use their mobile number as username and send the password by text message.
The backend systems match the mobile number to our master customer database which enforces that the mobile number is unique.
Here is an idea:
Store UUID in a cookie at clients. Each user login store the UUID from Cookie in relation to the account entity in the databse.
Do the same with the IP adresses instead of UUID.
After that write a program interface for your game masters that:
Show up different account names but same IP (within last x hours)
Show up different account names but same UUID (nevertheless how long ago)
Highlight datasets from the two point above where actions (like player transfers) happened which can be abused by using multiple accounts
I do not think you should solve that problem by preventing people having two or more accounts. This is not possible and ineffective. Make it easier to find that evil activities and (automatically temporarly) ban these people.
It's impossible to accomplish this with a program.
The closest you can do is to check the ip address. But it can change, and proxies exist.
Then you could get the computer MAC address, but a network card can be changed. And a computer too.
Then, there is one way to do this, but you need to see the people face to face. Hand them a piece of paper with a unique code. They can only subscribe if they have the code.
The most effective solution might be the use of keystroke biometrics. A person can be identified by the way the person writes a sentence.
This company provides a product which can be used to implement your requirements: http://www.psylock.com/en
I think 1 account per email address should be good enough for your needs. After all, account verification doesn't have to end right after signup.
You can publish the IP address of the computer each message was posted from to help your users detect when someone is using multiple accounts from the same computer, and you can use a ranking system to discourage people from using temporary accounts.
Do your game dynamics allow for you to require that both users be online for a trade to occur? If so, you can verify the IP addresses of both users involved in a trade, which would be the same unless the user was paying for multiple internet connections and accessing two accounts from separate machines.
Address the exact scenario that you're saying is a problem.
Keep track of the expected/fair trade value of players and prevent blatantly lope-sided trades, esp. for new accounts. Assume the vast majority of users in your system are non-cheaters.
You can also do things like trickle in funds/points for non-trading actions/automatically overtime, etc.
Have them enter their phone number and send a text message to it. Then, keep a unique of all the cell phone numbers. Most people have one cell phone, and aren't going to ask their friend to borrow it just to create a second account.
http://en.wikipedia.org/wiki/List_of_SMS_gateways
I would suggest an approach using two initiatives:
1) Don't allow brand new accounts to perform trades. Accounts must go through a waiting period and prove that the account is legitimate by performing some non-trade actions.
2) Publicize the fact that cheaters will be disqualified and punished. Periodically perform searches for accounts being used to dump bad players and investigate. Ban/disqualify cheaters and publicize the bans so that people know the rules are being enforced.
No method would be foolproof but the threat of punishment should minimize cheating.
actually you can use fingerprintjs to track every user, use js encrypt the fingerprint in browser and decrypt in server