Is it possible for a XMPP client to get a timestamp indicating the last time when he got offline? Something like what's described on XEP-0012: Last Activity (this can't be done using this extension since the user should be offline in order for its last activity to be the offline presence stanza).
I am not sure what you want to do, but it is not possible currently in ejabberd (ejabberd implements the XEP-0012 Last Activity feature requests).
Related
I have built a flutter app where user is created at backend WEB, in App users can only Login.
What I want to do is if the user attempts multiple failed attempt to login assume for 3 times, I want Login to get disabled for 5 minutes to the user.
help me how to approach it and the best suitable solution.
1.) Create a variable (global variable/ provider) "failed attempts".
2.) On failed attempt increase value =+ 1.
-> When user typed the correct password, delete the current count.
3.) When user failed 3 times -> save CurrentTime in the preference.
4.) Check it before attempting to login again.
-> Current time < (5 Minutes) compared to saved time
-> show popup "Sorry, you have to wait 5 minutes".
As nvoigt pointed out, you can/should store the variables in the backend, to increase security.
I would suggest using storage to store the DateTime of the last failed attempt after N number of failed attempts & checking if current time has passed X days or Y Hours or Z minutes and so on...
Note:
While I am suggesting using the storage for this, it is just out of convinience for you to implement & get going. It is not reliable as the user can change device's date & time settings or can reset/clear storage data.
In case if you are looking for a more secure approach with the same technique use something like firebase DB & Internet time instead of local storage & device time.
What I want to do is if the user attempts multiple failed attempt to login assume for 3 times, I want Login to get disabled for 5 minutes to the user.
This logic must be placed in the backend. When you call the login method on the backend, the backend has to keep track of how many unsuccessful tries there were and then lock the account for a specified time. Make sure you send a specific error code about the account being locked for the period to the frontend, so the frontend can display it and notify the user that trying to login is pointless.
There is no need to block the frontend from trying though. A malicious attacker will work around your protection anyway and a normal user may have reasons to try again (maybe with a different account).
You can use Timer class (link) and set needed delay to it. Block button at incorrect login action and after time runs out set it available again.
I wanted to know if there's a way I could get a JSON from a website online, and get to know when the JSON is updated, for example let's say its updated once in every 48 hours, so when the JSON gets updated I can notify the user of a change in the webpage.
An app version of something like https://visualping.io/ does basically.
You can achieve such a task by following these steps:
Fetch data from a RestAPI using http get method.
Store the data locally
Run the same method (which sends the http request to fetch data) at regular intervals of time (48 hours, in your case). How do I run a reoccurring function, in Dart?
Make use of state management approaches such as the provider package to listen to the changes in the locally stored data
Update the user whenever the provider offers a changed value
I hope it was of any help.
I am creating an application which has a follow mechanism where the followed user has to accept the request of a following (similar to private accounts on instagram).
I then want the following user to find out when the other user has checked a million times (every time the following user opens the screen if I did the query in viewDidLoad). However, the problem with this, is that there will be a lot requests which will expensive to me as I will have to pay for the requests to Parse so I want to minimise these queries.
Currently, the best thing I can think of is to check once a day at midnight for example but this doesn't seem very seamless.
Is there a better way of doing this?
For starters consider how stale you are willing to allow an app's view of the world to be and cache the response that long. If a user views that screen every 30 seconds you might only want to actually check with the server 5 minutes after the last successful response (or the last response which had 0 follow requests).
You might consider switching from this sort of "pull" polling where the client decides when to ask the server if anything has changed to a "push" model where the server can inform the client when a change occurs. For example you can send a silent background push notification to a user's devices when they have a follow request, the app can then respond by performing your existing query.
You might still want polling or user triggered requests (like a "pull to refresh" gesture) as a fallback for missed notifications or devices with notifications disabled but you should be able to drastically reduce request volume.
i have a news website that update once-twice in a day, and i want to develop something that will let my users know when there is new content in my website, it will popup them a notification, only one notification per each content its sound easy
the problem that i face is how i make it efficient in crossrider without every page reload make a call to the database?
how i doing it right now(not efficient)
i have in my server php file that post the id's of the last news, the crossrider read that file and for each id it call the crossrider db and check if that id exists if yes than the user has already recive a notification about that content and should not be notificated, and if its not exists than notify the user.
so as you can see every reload of a page the extension will make a call to my server and to the db server. any better way to build this? thank you
If I understand your query correctly, you can gain an immediate efficiency by calling the Crossrider db using appAPI.db.getList to obtain an array of all the database items (instead of calling the database for each id), and then process the ids against them.
I'm happy to look into other ways of improving the efficiency of your algorithm if you provide the extension id.
I would like to capture the following parameters:
lastAccessedTime - The time when the user visited the site the last time (usually shown during the login process)
isOnline - A boolean to represent if a user is online or not.
a. Would it make sense to have these variables as part of the User table itself or should this be handled via a separate user audit table?
b. If certain SOAP / REST API's expose the functionality via API calls, how do you track the above parameters (e.g. Would you modify the lastAccessedTime in such cases - this might confuse the user if he logs into the portal, isOnline bit also will not make sense if the user does API calls).
I would create a session table that links back to the user. Instead of an isOnline field, I would just run a query for sessions that have been active within the last x amount of time. I would also update that session field with each request, even if that request is coming through an API.
This does create some overhead in pruning the session table, but you also don't clutter up your user table with non-user information, which can't be pruned.
Make the lastTimeActive a field in the user table, and update it with each page access. Your "Users Online" list is all users whose lastTimeActive is within 5 minutes.
I would create another table (userid, lastTimeActive), and frequently update & check the table.
// update
update onlineusers set lastTimeActive = getdate() where userid=1234
// check
delete from onlineusers where lastTimeActive < dateadd(minute,-5,getdate())
The biggest problem with tracking user presence (onine/offline) over HTTP is how to determine when the user has gone offline.
It's easy to determine when the user has come online - the mere presence of an authenticated request assumes that the user is active. However, since HTTP is stateless, the lack of a subsequent request can mean either that the user is gone offline, or that the user is online, but just hasn't done anything specific with your app recently.
Thus the best guess you can make is to have a timeout and if the user has not made a request during that timeout, to switch to offline state.
The simplest implementation would be to have a lastTimeActive, as Jonathan Sampson suggested. However, this won't give you the length of the user session, only an approximation of who's online at this moment.
More complex approach would be to have lastTimeActive and lastTimeLoggedIn. LastTimeLoggedIn is set at the time of first auth request that is more than 5 minutes from a previous auth request. A user is considered online, if there was an authenticated request in the last five minutes. The session length for the user is the time difference between lastTimeActive and lastTimeLoggedIn.
If your app also offers the choice of logging out to the user, you chouls consider that action also as going offline. However, unless your app is a banking app, chances are the users will just close their browser.
Also, avoid any background threads for updating the offline/online status of your users. You should be running the logic above only when there's an explicit request about the status of particular user and you should be updating only the users you were asked for.