Add email verification in your app using BounceZero API

Most applications still use email address as a way to sign up. Most of the times users try to use dummy/non-existent emails to register. The current way to check if the email id is valid or not, is to send a verification email, prompting the user to click on a confirmation link.

When making BugSkan we had a unique requirement – we needed to validate a person’s email address before processing the account.

We had two major problems:

  1. Sending a verification email and prompting for click on a confirmation link was adding three extra steps in the user opt-in process which was an obstacle.
  2. We didn’t want post-registration verification since the very sight of dummy emails makes our dba pull his hair

So we worked out a solution where we check if an email exists in realtime. This added an additional filter in our user signup process and we generated better prospects.

We got many inquiries from people about how we implemented this functionality. Some wanted to buy the source code.

Hence we have published a public API for the same – using this API you can submit email addresses for verification and you receive a boolean status.

 

Here’s a sample request and response:

For submitting email:

Request (please note that regex validation of email string is not done at API so send well-formatted addresses).

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
  "EmailId": "kaushal@pratikar.com"
}' 'http://bouncezeroapi.azurewebsites.net/api/EmailRequests'

 

Response Body

{
  "Id": 325434,
  "EmailId": "kaushal@pratikar.com",
  "requestip": "117.241.241.130:5/11/2016 8:22:12 PM",
  "status": "Waiting",
  "verified": null
}

For checking status of submitted email:

curl -X GET --header 'Accept: application/json' 'http://bouncezeroapi.azurewebsites.net/api/EmailRequests/325434'

Response Body

{
  "Id": 325434,
  "EmailId": "kaushal@pratikar.com",
  "requestip": "117.241.241.130:5/11/2016 8:22:12 PM",
  "status": "Done",
  "verified": true
}

Depending on the queue the verification can take some time.

You can play around with the API from your browser at the API documentation page.

Don’t forget to leave a comment with your feedback!

WordPress Security – Fix a hacked WordPress website

wpsecurity

WordPress is a popular web content management system. Originally started as a blogging platform WordPress became the de-facto content management system for web designers. Since WordPress is dynamic it allows developers and designers to create a rich web experience for their users. Also because it is open source there are a plentiful of plugins available for almost every need.

However this very popularity has been the cause of attention to malicious people aka hackers. So it’s not uncommon to wake up one morning and find out a skull flag hoisted on your site.

But don’t worry – we have the steps you need to follow to fix your site.

 

Step 1: Don’t panic

Most people panic as soon as they see their website is hacked. In many cases the site owners are informed by a friend, visitor or even customer. Sure, it might be anxious for you but sites often get hacked – it’s how you react to the hacking incident that matters. If you call your hosting company chances are they will not help. You can ask some security expert but they will charge $$$$$ for a five minute task. So just control your temper and follow the instructions.

 

Step 2: Connect to your FTP server

In most of the cases you might have used a FTP account to upload WordPress files on a server. However on newer servers you get software packages like Softaculous which allow you to install WordPress directly from your web hosting control panel.

You might be tempted to delete all files and install WordPress all over again – but isn’t that a lot of time? Plus, your WordPress installation will never be the same again. You simply can’t just restore all plugins, themes as well as on-the-fly customizations you have made. Best way is to connect via FTP and change the only file that is affected. We will see that in next step.

 

Step 3: Examine index.php

Once you are connected via FTP navigate to the index.php file that is in the root directory of your WordPress installation, right before license.txt.

index.php

 

Download this file to your computer and open it in your favourite text editor. FTP software like FileZilla allows you to edit files. You can also use your web hosting control panel’s File Manager, it will allow you to view and edit files in the browser.

See the index.php source code for any suspicious code.

 

Step 4: Create a new index.php

If the site is hacked, mostly the index.php file is replaced with another index.php file with malicious code. In some cases an alternate index.html file is used. If you are having a WordPress site you can safely delete the index.html file.

Now observe the code of index.html. It should look like this:

<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );

If the contents of index.php are not like this, replace all contents with the above code. Save the index.php file.

Step 5: Upload and relax

Now you can upload the index.php file. Refresh your browser to reload the website and confirm that you can see it as it was before.

Please note that this solution is not general but works in most common cases. In case of complicated issue contact us.