Welcome to the Linux Foundation Forum!

Adding some logic to a Linux Server running Cent OS6

Hi, Firstly I would like to say that I know nothing about this what so ever and I wouldn't even know where to start to look (apart from here of course). My scenario is that as of next week I will be deploying my Smartphone web apps to a Linux Server ready for sale. I want to use gumroad webhooks (https://gumroad.com/webhooks) to carry out the administrative side of things but have been advised that I need to create some server side logic for security reasons first. This is what I've been advised to do: (I'd welcome any other Input)

1. You have the user create a username and password for your application if they want to purchase (stored server-side).

2. After the ID is created, you send them over to gumroad to purchase (including a user ID).

3. If the purchase is successful, gumroad contacts your server with the user ID.

4. The server marks that user as authorized/purchased. At this point, what you return to gumroad doesn't matter, as long as it gets the user back to your app.

5. The user logs in, and their account is now authorized.

As you can see, it's going to require a bit of server side authorization if you don't want people to be able to re-use licenses.

If someone could point me in the right direction for examples on procedures and coding that would be much appreciated

Kind Regards

Will

Comments

  • zdenek.styblik
    zdenek.styblik Posts: 8
    edited July 2013
    Hello,

    first of all, I'd say your question is OS-independent. It really doesn't matter whether it's going to run on GNU/Linux or Windows or *BSD.

    It pretty much sounds to me like you're in need of full-stack(front-end -> back-end) application no matter whether it's going to be simple or "sophisticated" one. You should hire developer for such task. I don't know if there are any for-free solutions available, I haven't looked for any, have you?

    Anyway, I've read your previous post as well. I'd bet on people's honesty rather the opposite. And anything can be hacked. Anyway, I don't know what you can do or can't do on client's phone. In your previous post, you've suggested user_id, phone_id and something else. I'd take these, added SALT(either on device itself or on your server) create SHA256 hash and used it as sort-of key. Or generate license key, add user_id, phone_id, whatever else, create hash. Either way, store this hash at your server. And then check whether such key has been used, resp. is already in DB, or not.
    And perhaps create an alternate way for user to re-download your app again in case he has deleted it. Although, this could be a possible back-door for cheating. *shrug*
    It all depends what's possible and available(meaning data from client) to you and what isn't.

    Really, just shooting ideas. Look around the internet whether there is some free-for-download solution available or hire somebody to do it. I think prevalent tendency is ``I've paid for it[full stack app development], I'll keep it.''.

    Regards,
    Z.
  • willrob
    willrob Posts: 3
    edited July 2013
    Hi Z, thanks for getting back to me, I haven't looked around for free solutions as yet because as I explained in the initial post I don't exactly know what it is that I have to do? I was hoping that I could find something that would teach me how to do it. Basically what I have is a website that the user can download the smartphone web app from to their device. I know that there is always a possibility of someone by-passing a payment procedure but never the less I've got to have some security in place as standard procedure. Everything I've done for this has been self taught either from books or searching through stacks of information on the internet so what I'm hoping for is a point in the right direction to give me the information required to carry out my question. An example Test App may help to support my post.

    From your Smartphone device browser (iPhone/iPad/iPod touch/Blackberry or Android)

    please type in the following address www.nsbapp.com/yrpvTestApp

    upon opening up of the app from the NSbasic test server please choose the installation procedure for your particular device

    iPhone and iPad/iPod touch
    From your device, in the Safari browser choose the required app
    When the app appears on to screen select the Action button at the foot of the device
    From the menu select add to home screen
    You will see the Application Icon appear, select add. Close and return to the home screen
    The application is added to the device in which the executable Icon is placed on to the home screen.
    Android
    From your device, in the browser choose the required phone app
    When the app appears on to screen select the menu button and create a Bookmark, then close and return to the home screen.
    Hold your finger on the home screen briefly, a menu appears, select shortcuts (In newer versions of Android select widgets), bookmarks and then add application to Home Screen.
    The application is added to the device in which the executable Icon is placed on to the home screen.
    Blackberry
    From your device, in the browser choose the required phone app
    When the app appears on to screen select the BlackBerry button, then select add to home screen. The application Icon will appear, select add and then close and return to the home screen.
    The application is added to the device in which the executable Icon is placed on to the home

    As you can see this is all very simple as long as I can get the list 1 to 5 from my initial post in place before the download and running of the app
    Kind regards
    Will
  • Will,

    I hope there is a way for developer to do testing before going live.

    You need to install GNU/Linux server, then http server(ngix or apache or jboss for java(?)), configure it based on the solution you're going to deploy - be it homemade or something that's out there.
    And then play around and test until you get it right.

    As for gumroad, they obviously have some kind of API. I'm pretty sure they're going to call 'http://yourdomain.tld/some_url' and you have to put your script at 'some_url' to do the stuff, resp. accept parameters, process them, and return app to the user. At least that's how I understood it(+/-). It's going to be similar as programming application for a mobile phone. Since you did that, it should be easy-ish.

    I'd start small - no license keys and whatever, just get app into your phone. And then start adding restrictions.

    Z.

Categories

Upcoming Training