Checking a visitor's geographical location in a Django app - django

I am making a multilingual Django website. I want the site to check from which country the user is accessing the website, and according to that decide which language to use.
What would be a good tool to use for that?

When one of your regular users travels with his laptop to another country and access your site, can't understand a thing and can't change the language, that would suck.
I wouldn't recommend checking for the country (by IP probably). Instead go for the Accept-Language header the browser of the client sends. You should still leave the option to let the user change the language manually (and store the preference in the session for example).
Another option is going wikipedia style and setting the language by URL (en.example.com, de.example.com or example.com/en/, example.com/de/).

I had a similar problem on my site, and I used the MaxMind IP free database as a model and it's called as middleware.
So as the user goes to the site, the middleware detects his country by his IP and redirects him to the right language

There is more than one way to do this, but a good solution is to use a geotargeting suite. Depending on your budget, there are free and paid solutions. I've used Digital Element's product (NetAcuity) for this type of thing in the past, and their solutions are top-notch. They provide both a in house server solution (for high-performance applications. ~30k queries per second) and a web-service solution for more typical applications. They have API's in numerous languages including Python that you could use within Django. They will allow you to query for information such as geo location, primary and secondary language, connection-speed, etc. all based on the users IP address. Geo accuracy at the the country level is highly accurate based on my experience.
A free solution to also consider is MaxMind, though I'm not as familiar with their product.

Related

What are some possible uses for Django's IPAddressField?

What are some common reasons, or example cases, in which storing the user's IP address in a model instance would be useful? I can't think of any off the top of my head.
Reading through Django's now-deprecated Comments framework, I see that they stored the commenter's IP address in a GenericIPAddressField within the Comment model. Why? What's the point of storing it?
Several uses come to mind:
Banning IP address of uncompliant users.
Associating tokens to IP address of user who've paid for some service
Manager interface of some network applications
(More general) Any network related application which interface is written in Django
Maybe some online game.
At the end of the day, IPAddressField is just another CharField with some restrictions, someone took the time to code it because he/she needed it and why not to include it in Django's Repertoire? :)
EDIT: I know all about circumventing this IP restrictions with proxies, etc, but, for less savvy users this might be effective, and for more savvy users this may be some pain in the... restrictions :)
In the case of the Comments app, or apps like it, it is often useful to know the IP address of commentators for spam or abuse reasons. You may also want to know if someone is pretending to be someone else by posting under different usernames but using the same IP address. Or if they post something abusive or illegal you can ban their IP address. It is sometimes used to detect spam. If you are running a forum that caters to a small group in one part of the world it may be surprising to receive comments from the opposite side of the world. They can also be gathered for statistics and logging purposes.
I'm using this field in one of my models, so let me share the use case here.
There is a web API which used to be freely available over the web. But now, we want to add authentication layer in it; without changing the way our end users have integrated it.
Adding new authentication parameters will require changes at our client's end, so that was not an option.
Finally IP based authentication seemed the most feasible solution. For that I need to store the IP address of the client and authenticate whenever the request comes from a registered list of IPs.

unique user on mobile site

I am developing a django web site to be used with mobile phones (not just smartphones), only in public places that have wireless (malls, resteraunts, etc.).
How can I follow unique users on my site? I want to mesure time spent, visit depth and so on BUT most of them will share the same IP.
EDIT: I will clearify myself: The site is to be used (without logging in) only in places with wireless. Smartphones will probably use the wireless, and non-smartphones will use their cellolar network. I'm looking for best practice to follow them uniqly regardless of the device/network.
Use the session ID. Don't track users if they're not logged in, track sessions.
Just post a cookie on the first visit, then update it regularly and keep track of it for your desired metrics. It's not perfect, but nothing is in this space.

Best way Implement "referral links" in Django

Intro
I am working on an e-commerce website. And we want to add a feature where a user can refer others via a custom link e.g.:
http://example.com/a1t2312 or http://example.com/?ref=a1t2312 (a1t231 being the referral code).
A user following such a link, will navigate a few pages on the site. And if he reached the 'buy' page and purchases something - the original referrer will get a discount.
The question is:
What is the best method to track the referral code? Put it in the user's cookies? Stick it somehow into the session? Other method?
I would definitely use cookies, as it is the easiest (but not foolproof, though). Sessions are by site, so that won't work, unless the receiving site has some code to handle the user.
All methods mentioned by you are OK. If I were you I would consider using sessions because it is more natural to me.
disclaimer: session has some limitations when you want to build application ready for heavy-load. For complicated demployment scenarios avoiding sessions might be a good choice.

pushing content to cell phones

I am working on a photo site and one of more active users asked about pushing content to cell phones. The site is built on django, and I was wondering if anyone knows a good way of allowing users to download and store content (images) on their cell phones?
As a side question... is it possible to accept payment for the content via the cell phone or would that have to take place on the site?
The best way to serve content to a mobile user would be to forward them to a mobile specific site. A lot of places do this by forwarding the user to http://m.mydomain.com/. You can tell if they're using a cellphone by checking against their UserAgent string as Harold said. Find more at: Change Django Templates Based on User-Agent
In terms of downloading, this is pretty phone dependant. On my iphone, for instance, I don't know that I can save images directly from the internet. (This could just be my ignorance, however). I think you're going to run into a lot of discrepencies on the browsers between different mobile devices. How many offer photo downloads vs. not, etc.
For payment, I would suggest keeping it in browser. There is SOO much that could go crazy on a cell phone and money isn't one of those places where I like to take risk. That being said, you could likely look into some sort of sms micro payment system (sorry, I don't have any recommendations) or look at partnerships with carriers such as Verison. Beyond that, I'd say keep it in the App.
Hope it helps.
Check to see if the User Agent of the phone(s) you wish to support is in request.META['HTTP_USER_AGENT']. If so, render mobile friendly templates.

Is it dangerous to leave your Django admin directory under the default url of admin?

Is it dangerous to have your admin interface in a Django app accessible by using just a plain old admin url? For security should it be hidden under an obfuscated url that is like a 64 bit unique uuid?
Also, if you create such an obfuscated link to your admin interface, how can you avoid having anyone find out where it is? Does the google-bot know how to find that url if there is no link to that url anywhere on your site or the internet?
You might want to watch out for dictionary attacks. The safest thing to do is IP restrict access to that URL using your web server configuration. You could also rate limit access to that URL - I posted an article about this last week.
If a URL is nowhere on the internet "the googlebot" can't know about it ... unless somebody tells it about it. Unfortunately many users have toolbars installed in their browser, which submit all URLs visited by the browser to various Servers (e.g. Alexa, Google).
So keeping an URL secret will not work in the long run.
Also an uuid is hard to remember and to type - leading to additional support ("What was the URL again?").
But I still strongly suggest to change the URL (e.g. to /myadmin/). This will foil automatic scanning and attack tools. So If one day an "great Django worm" hits the Internet, you have a much lower chance of being hit.
People using PHPmyAdmin had this experience for the last few years: changing the default URL avoids most attacks.
Whilst there is no harm in adding an extra layer of protection (an obfuscated url) enforcing good password choice (checking password strength and checking it's not in a large list of common passwords) would be a much better use of your time.
Assuming you've picked a good password, no, it's not dangerous. People may see the page, but they won't be able to get in anyway.
If you don't want Google to index a directory, you can use a robots.txt file to control that.