KATG iPhone App Take 2

[hayroob]

Quote:

Originally Posted by hypercrypt

TextMate is THE best text editor ever!

Never tried to debug with textmate I'll try that, textmate is the shit.


I've written everything for this program that I didn't do in xcode in textmate. I jump in and out of it a hundred times a day and it is the shit. If I could get some combination of codesense and textmates autoformatting and stuff like show invisibles (i think xcode can do this, but i don't know where) and being able to tab in big blocks all at once I would be a truly happy nerd.

Before I had the moola to buy it I used to uninstall and reinstall it every 30 days. I had a folder with all my bundles and themes so I could get my settings back real quick.

And that is all for my textmate nerdgasm.

[hayroob]

Quote:

Originally Posted by s1lentslayer

First, create the file with no entries that starts like this:

Code:

<?xml version="1.0" encoding="utf-8"?>
<root>
</root>

Then try this:

Code:

<?php
    $deviceTokenUF = $_GET['dev'];
    $deviceToken = substr($deviceTokenUF, 1, -1);

    $filename = 'tokenLog';

    $line_to_add = "<device><devicetoken>$deviceToken</deviceToken></device>";
    
    //see if this line exists
    $lines = file($filename);
    if (!in_array($line_to_add,$lines))
    {
        //doesn't exist

        //first pop off last </root> element and add it back later
        array_pop($lines);
            
        //now add new device token line
        array_push($lines,$line_to_add);
            
        //now add </root> line
        array_push($lines,"</root>");
            
        //now combine into one string separated by newlines
         $new_lines = implode("\n",$lines);

        // Let's make sure the file exists and is writable first.
        if (is_writable($filename)) {
            if (!$handle = fopen($filename, 'w')) {
                 echo "Cannot open file ($filename)";
                 exit;
            }

            //lock the file for writing
            flock($fp, LOCK_EX);

            //write string to file
            fwrite($handle,$new_lines);

            // release the lock
            flock($fp, LOCK_UN);

            echo "Success, wrote ($clientMessage) to file ($filename)";
            fclose($handle);
        } else {
            echo "The file $filename is not writable";
        }
    }

?>

Testing right now. You are a bad mofo sir. You ok if I package this in with the app as GPL. You get a line at the top for copyright but it goes out into the world free to use blah blah blah.


EDIT: Seems better than what I had, but it's still not detecting duplicates.

I'm just gonna do this with MySQL.

[hypercrypt]

Quote:

Originally Posted by hayroob

Before I had the moola to buy it I used to uninstall and reinstall it every 30 days.

I purchased it three days into using the trial, because I liked it so much. The integration with Cyberduck sealed the deal for me and I use it exclusively for any HTML / PHP stuff I do...

[hayroob]

So here's my final solution (not THAT final solution):

I'm not really supposed to post this on a public forum, but I figure enough of you are developers to claim no foul.

This is dbcon.php:

Code:

<?php
$db_user = "root";
$db_pass = "password";
$db = "tokenServer";
$db_host = "localhost";
$con = mysql_connect($db_host, $db_user, $db_pass);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db($db);
?>

This is tokenServer.php:

Code:

<?php
$deviceTokenUF = $_GET['dev'];
$deviceToken = substr($deviceTokenUF, 1, -1);

include("dbcon.php");

if (mysql_query("INSERT INTO `tokenServer`.`deviceTokens` (
`deviceToken` ,
`Time`
)
VALUES (
'$deviceToken', ''
)")) {
	echo '
Success';
} else {
	echo '
Fail';
}

mysql_close($con);
?>

This is tokenLog.php:

Code:

<?php
include("dbcon.php");

$result = mysql_query("SELECT DISTINCT* FROM `deviceTokens`");
$front = '<device><deviceToken>';
$back = '</deviceToken></device>
';

echo '<?xml version="1.0" encoding="utf-8"?>';
echo '<root>
';

while($row = mysql_fetch_array($result))
  {
  echo $front. $row['deviceToken'].$back;
  }

mysql_close($con);
echo '</root>';
?>

This is the sql DB:

Code:

-- phpMyAdmin SQL Dump
-- version 2.10.2
-- http://www.phpmyadmin.net
-- 
-- Host: localhost
-- Generation Time: May 06, 2009 at 04:00 PM
-- Server version: 5.0.41
-- PHP Version: 5.2.5

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

-- 
-- Database: `tokenServer`
-- 
CREATE DATABASE `tokenServer` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `tokenServer`;

-- --------------------------------------------------------

-- 
-- Table structure for table `deviceTokens`
-- 

CREATE TABLE `deviceTokens` (
  `deviceToken` varchar(72) NOT NULL,
  `Time` time NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

-- 
-- Dumping data for table `deviceTokens`
-- 

INSERT INTO `deviceTokens` VALUES ('c32f8b7c e8d02a51 ce296c62 d3da4cb3 84fed78d b24545db fd949a73 132f2b50', '00:00:00');

and the xcode project for the push software is at:
Push XCode Project

I need to add something like INSERT INTO TABLENAME(col1, col2) VALUES (’xxx’, ‘yyy’) ON DUPLICATE KEY UPDATE col1 = ‘zzz’
so that duplicate keys never get added to the DB and I need to add authentication and move it onto an SSL server so I don't have to worry about people polling my deviceToken lists.

[hayroob]

I think when this thread hits 30 pages I'm going to scrape out the relevant content and start a fresh thread with less cruft.

[s1lentslayer]

I would sanitize your devicetoken before doing the insert so no one does any sql injection. I don't know what the possible values are but some sort of regex like this will remove out anything not alphanumeric while also keeping spaces (theoretically, haven't tested):

Code:

<?php
$deviceTokenUF = $_GET['dev'];
$deviceToken = substr($deviceTokenUF, 1, -1);
$deviceToken = preg_replace("/[^0-9a-zA-Z\s]/",'',$deviceToken);
...

[hayroob]

Quote:

Originally Posted by s1lentslayer

I would sanitize your devicetoken before doing the insert so no one does any sql injection. I don't know what the possible values are but some sort of regex like this will remove out anything not alphanumeric while also keeping spaces (theoretically, haven't tested):

Code:

<?php
$deviceTokenUF = $_GET['dev'];
$deviceToken = substr($deviceTokenUF, 1, -1);
$deviceToken = preg_replace("/[^0-9a-zA-Z\s]/",'',$deviceToken);
...

Not a bad idea. SQL injection is evil douchebaggery.

Done and Done. It's a string of hexadecimal values in blocks of 8 so I just checked for hex values.

Code:

<?php
$deviceTokenUF = $_GET['dev'];
$deviceToken = substr($deviceTokenUF, 1, -1);
$deviceToken = preg_replace("/[^0-9a-fA-F\s]/",'',$deviceToken);
...

I might add in some pattern checking because the tokens come in a predictable format.

[hayroob]

so i tossed in some stufff to prevent duplicate table rows and integrated the regex stuff. Had to mark the deviceToken column in the database as a unique key. I've also got some mostly functional authorization stuff of the tokenLog side so that deviceTokens aren't being broadcast to the world.

Code:

<?php
$deviceToken = $_GET['dev'];
$deviceToken = preg_replace("/[^0-9A-Fa-f\s]/",'',$deviceToken);

include("dbcon.php");



if (mysql_query("INSERT INTO deviceTokens( `deviceToken` , `Time` ) VALUES ('$deviceToken', '00:00:00') ON DUPLICATE KEY UPDATE Time = ''"))
{
	echo '
Success';
} else {
	echo '
Fail';
}

mysql_close($con);
?>

[hayroob]

And the app has been rejected for Objectionable Content and because if it's not online the events feed is empty. I have made a version with only the streamer and events feed and will be making it work offline tonight. Hopefully with the youtube and shit pics removed they will approve the app. Then I can submit the app with twitter reintegrated as an upgrade and go from there.

[hayroob]

Quote:

Please include the line below in follow-up emails for this request.

Follow-up: 73049466

Dear Mr. Russell,

Thank you for submitting Keith and The Girl 1.0 to the App Store. We've reviewed Keith and The Girl 1.0 and determined that we cannot post this version of your iPhone application to the App Store at this time because it contains objectionable content which is in violation of Section 3.3.12 from the iPhone SDK Agreement which states:

"Applications must not contain any obscene, pornographic, offensive or defamatory content or materials of any kind (text, graphics, images, photographs, etc.), or other content or materials that in Apple's reasonable judgement may be found objectionable by iPhone or iPod touch users."

Additionally, Keith and The Girl 1.0, cannot be posted to the App Store at this time because it does not adhere to the iPhone Human Interface Guidelines as outlined in iPhone SDK Agreement section 3.3.5.

When the device is not connected to a network, Keith and The Girl 1.0 does not load its contents and stays blank (see attached screen shots). This behavior might lead to user confusion. It would be appropriate to display either a notification or an alert stating that internet connectivity is required.

Please take a look at the Reachability iPhone program sample which demonstrates the use of the System Configuration Reachability API to detect the absence of WiFi and Wireless Wide Area Network (WWAN) services. Your application can then take appropriate action at the first point where network services are required.

Please review the Handling Common Tasks section of the iPhone's Human Interface Guideline here:
<https://developer.apple.com/iphone/library/documentation/UserExperience/Conceptual/MobileHIG>

Parental Controls have been announced for iPhone OS 3.0. It would be appropriate to resubmit your application for review once this feature is available.

Should you require more assistance with resolving this issue, Apple Developer Technical Support is available to provide direct one-on-one support for discrete code-level questions. Please be sure to include any crash logs, screenshots or steps to reproduce this issue in your request.

Developer Technical Support
<idp-dts@apple.com>

Regards,

iPhone Developer Program

The app already does a reachability check on launch for keithandthegirl.com so I might throw an alert sheet up if it's fails, to say internet connection required etc.

If the app gets rejected as just a streaming radio, I will be waiting til june and trying again then.