To generate a random, single-use URL - vb.net

I've published a different take on a log in system on CodeProject ( http://www.codeproject.com/KB/aspnet/mlogin.aspx ) and I've got some free time, so I thought I'd have a look at password recovery/reset.
It was suggested on the article that I look into sending the account owner a single use, random url where they can reset their password if the account gets locked because of too many invalid login attempts/forgotten password.
Can anyone provide some guidance to help me to do this?
So far, I'm thinking I just have to generate a random string in a "recovery" field in the database table for the user's row and then check if the requested URL on the site is the same as the value for that field, then dynamically draw the page server-side.
Am I thinking on the right track here, or way off the mark?
Thanks in advance!

You're on the right track. Rather than a random string, a GUID is sufficient (uniqueidentifier field in SQL). Use the "d" format so the URL doesn't have curly braces:
MyUser.RecoveryKey = Guid.NewGuid()
Dim EmailBody As String = "http://blah/recoverpass.aspx?key=" & _
MyUser.RecoveryKey.ToString("D");

Related

How to read RFC822 content as plain text?

First thing to note...I have tried a simple doc.computewithform(false,false) and it did not resolve this.
I have an agent set to run after new mail arrives. This agent will do different things depending on the email address it was sent to. Several email addresses are pointed to this mail-in db. So, in order for this to work, I need to read the 'sendto' field on the incoming email. Sometimes this value is plain text, and that works fine. Sometimes, depending on where the email was initiated, the sendto value is RFC822 text. I am hoping to find a way to convert this or extract from it the plain text representation of the sendto address.
I have a local memo form in this database that I could add an #Formula language function to, should one exist (so I could look there after the computewithform call).
If anyone has any ideas, I would be grateful for your input.
Matt
#Name([Abbreviate];SendTo) will extract the text from a field of RFC822 type 'Address'
or
The NotesName class in LotusScript can retrieve any part of a field of type 'RFC822 Text'

EWS SearchFilter.ContainsSubstring to filter on Sender Email Address

I'm trying to filter emails on Exchange Web Services using SearchFilter.ContainsSubstring as follows:
sfilter = New SearchFilter.ContainsSubstring(EmailMessageSchema.Sender, EmailAddress, ContainmentMode.Substring, ComparisonMode.IgnoreCase)
MailItems = service.FindItems(Folder.Id, sfilter, view)
Unfortunately this doesn't work, and I don't want to use Queries, because I can't guarantee that I can use features of Exchange Server 2013.
Composing a variety of requests in Fiddler, I can observe that if I remove the last character of the email address, then the filter works, remove the first character instead, works - put them back, broken.
So perhaps it's pedantic, and it has to be a true substring to qualify, so if I change the Containment mode to FullString - it doesn't work, so I can't do anything like a collection with Substring OR FullString.
It looks like I'll be able to do (Substring with last char missing AND Substring with first char missing), but it surely can't be that broken can it?
What can I do to get this to work?
Note that my code is in VB.NET, but I can't imagine that this is the problem.
Cheers,
Mark
I worked out that the IsEqualTo filter works with From/Sender, and it doesn't care about case-sensitivity issues, so it's probably what I should have tried to begin with.
The code to match an email address is:
sfilter = New SearchFilter.IsEqualTo(EmailMessageSchema.From, New EmailAddress(Message.FromAddress))
MailItems = service.FindItems(FailureFolder.Id, sfilter, iv)
I still don't know how to find all emails from users at the same domain though.
More Info:
I really needed to filter by Sender Domain and did that by pulling the entire folder contents down and filtering in .Net code. Even that causes problems.
Basically to keep things quick and tight, I tried to pull all the data with a PropertySet:
New PropertySet(BasePropertySet.IdOnly, EmailMessageSchema.Sender)
Filtering still didn't work, yet email addresses still showed in my list of items view. Well it turns out that the value of Message.Sender contains some kind of ActiveDirecty path in it until you call LoadPropertiesForItems. After LoadPropertiesForItems, it's an email address.
Note that my earlier attempt to filter at the server was scuppered because filtering would have to occur against the ActiveDirectory path style of string.
This is all highly confusing, and not at all user friendly.
If anybody has any idea on how to filter by email domain at the server, let me know!
Mark
What is your goal? Sender isn't a string property, so I'm not surprised that the results are odd with ContainsSubstring. I tried it against Office 365 and it worked, but older versions of Exchange may not be as "smart" about handling this kind of query. Depending on what you're trying to achieve, there may be a better filter.
if(emailSenderList.size() == 1) {
return new SearchFilter.IsEqualTo(EmailMessageSchema.From, emailSenderList.get(0));
}
return new SearchFilter.SearchFilterCollection(LogicalOperator.Or, emailSenderList.stream().map(em -> new SearchFilter.IsEqualTo(EmailMessageSchema.From, em)).toArray(SearchFilter.IsEqualTo[] :: new));

Create direct url to LinkedIn company update

I'm implementing a Compony newsfeed on a website and ran into the following problem. The LinkedIn API doesn't provide a direct URL to a company update. Looking at the LinkedIn site there are direct URL's and they're like this for example:
https://www.linkedin.com/company/1441/comments?topic=5849556347070205952&type=U&scope=1441&stype=C&a=5uHW&goback=%2Ebzo_*1_*1_*1_*1_*1_*1_*1_1441
Trying stuff out it seems that the parameters topic, type, scope, stype and a are mandatory for the URL to work.. (goback is the only one that isn't).
Using the LinkedIn API with the Company updates call I'm able to buid the direct url, except for the a parameter. The value is always 4 (for me unexplainable) characters long.
Has anyone ever successfully build a direct URL to a company update or can someone maybe explain the a parameter or how to generate its value?
Updated to new format
You can link directly to any update (company or user) using the following url:
https://www.linkedin.com/feed/update/urn:li:activity:[topic_id]
You can get [topic_id] by getting the last bit of the updateKey in the api response from Linkedin. When updateKey = UPDATE-c7352-6410848097894756353, your topic_id = 6410848097894756353.
In your example that would become https://www.linkedin.com/feed/update/urn:li:activity:5849556347070205952 which links directly to the specific update. The post is too old to work with the new link format
The url used to be
https://www.linkedin.com/nhome/updates/?topic=[topic_id]
Updated thanks to the comment from #sethpollack
For anyone trying to get the topic id from the API response object (as already commented on the OP question), the topic id is the value after the last hyphen of the updateKey property, which can be used with #Daan answer:
"updateKey": "UPDATE-cXXXX-YYYYYYYYYYYYYYYYYY"
Direct URL:
https://www.linkedin.com/nhome/updates?topic=[YYYYYYYYYYYYYYYYYY]
Using the URL format above, get the topic_id by opening the update in its own window/tab, look at the page source code in your browser and search for the string :activity: the long number after the string is the infamous topic_id

MVC user's full name in Url, how to handle duplicates

I want to setup the following url in my MVC4 website, using the user's full name in the url:
http://www.myapp.com/profile/steve-jones
I have setup the following route in Global.asax:
routeCollection.MapRoute(
"profile", "profile/{userName}",
new { controller = "myController", action = "profile", userName = string.Empty
});
And I can take the parameter 'steve-jones' and match it to a user with matching name. My only problem though is, what if there is more than one 'Steve Jones', how can I handle this?
Does anyone know of a workaround/solution to this so that I can use a user's full name as part of the url and still be able to retrieve the correct user in the controller method?
Am I forced into including the user's id with the url (something that I do not want to appear)?
The usual way of handling this is by appending a number when creating the profiles. So if "steve-jones" is already a name in the database, then make the user's display name "steve-jones2". You basically have to insist that all profile urls are unique, which includes updating any existing database and account creation code.
Alternatively (and/or additionally), if two same names are found then have the script reroute to a disambiguation page where the user is presented with links and snippet of profile info of the many existing Steve Joneseses so they can go to the full correct profile.
Another way of handling it is by giving all user profiles an additional numeric code on the end. At my university all logins are based on name, so they give everyone pseudo-random 3-digit extensions so that they are safe as long as they don't get 1000 people with the exact same names :)
Some people might be happier being steve-jones-342 if there is no steve-jones or steve-jones1, if you're concerned.

What are the Aweber API Variables $account_id and $list_id?

You can check here:
https://labs.aweber.com/docs/code_samples/subs/create
The script to add a new subscriber to the list via api requires those two pieces info...only I cannot figure out for the life of me what those two variables are!! I've beaten through every little aspect of my Aweber Subscriber Account, AND my Aweber Labs account...and I can't find any reference to either of those variables anywhere. I've submitted some tickets to them, and haven't gotten any response yet.
Does anyone have any ideas here? I've tried my account names, my list names, to no avail!
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Okay, I've got it! You can get the values of both of these variables by dumping some other variables in the aweber api after making certain api calls.
get the account id first:
$account = $aweber->getAccount($accessKey, $accessSecret);
then vardump or print_r $account.
next we get the list id:
$account = $aweber->getAccount($accessKey, $accessSecret);
$list_url = 'https://api.aweber.com/1.0/accounts/<id>/lists';
$lists = $account->loadFromUrl($list_url);
then vardump or print_r $lists.
And you are all set! I'm so happy I figured this out, it freakin took long enough. Hopefully this saves some one a bit of time.
I too have agonized over finding the $list_ID, so went to deactivate the list, and create a new one, and "discovered" that if you hover over the Deactivate button, you get a url you can copy, and this gives both %account and %list Ids
https://www.aweber.com/users/lists/deactivate/$accountID/$lisID
like this....
https://www.aweber.com/users/lists/deactivate/123456/123456
Hopefully this will help make someone as it is a super easy solution
The proper answer is Anne Allen's one, but...
Check the return of the /accounts endpoint. It should return the same account id as you detected in the link, but I had cases they were different (strange, isn't it?). Use the account id returned by the /accounts endpoint and other endpoints to retrieve lists, subscribers, etc. will start to work. It's like if some accounts have two ids, one partially works and the other fully works.
Let me tell you how to get $list_id value... login into your AWeber account and then create a new list copy only integer value from list's name.
At first, login.
1) click Reports>Settings. Your account ID will be displayed in the box,example: ?id=XXXXX
2) click List Options>List Settings. There you will see the list ID under the name.
p.s. To add subscriber, you can use this - Automatically add into aweber list