I'm now going to be working on an Android app and make all the data access stuff a rest api that both the app and the website can consume. I modified the login stored procedure so it now will return a token as well. The token is generated on the DB(a hashed value of a couple of fields concatenated). When they log in successfully the token generated is stored in a user token table.(one user, one token) The table also stores a token_expire timestamp. Every time they log in a new token is created(and token_expire is updated). If they try to do something after the token expired (based on the token_expire field) then it should redirect them to login so a new token can be created.
When I do the Android app, dealing with this and storing this token on the client is easy and there are many ways to store it (I was thinking storing it in a local sqlite table, shared_prefs (prob not the best way) etc..) and I would just parse through the json result. So keeping track of the token is easy with the app but my problem comes in with the PHP web site.
So I'm faced with two issues:
Issue 1. Right now I have a php form (with login and password fields) and it posts to a login process page which calls the stored procedure and if all is good redirects them to a dashboard page. Now if I use rest the post action would be something like: api/users/login instead of loginprocess.php correct? But then the api just spits out json and I'm not sure how to hand the result from the api to the php code. As when I change the post action I just get a white page with the json result string. So I need help knowing what to do once the api returns the result. Does this have to be called differently than a normal form submit? Do I just have the form submit call a js funcation that makes the call to the page and parses the result? Similar to something like this but instead of passing the cookie passing the login information?
Code: Select all
$opts = array('http' => array('header'=> 'Cookie: ' . $_SERVER['HTTP_COOKIE']."\r\n"));
$context = stream_context_create($opts);
session_write_close(); // unlock the file
$contents = file_get_contents(url, false, $context);I have been reading a lot about this but I'm still unclear as to how to go about these changes to the web version of the app and have it function properly. This is what my rest login api looks like so far (I know this will have to change but I'm stuck here with it):
Code: Select all
function loginUser() {
global $app;
$req = $app->request();
$paramUsername = $req->params('username');
$paramPassword = $req->params('password');
$sql = "CALL checkPassword(:username,:password)";
try {
$dbCon = getConnection();
$stmt = $dbCon->prepare($sql);
$stmt->bindParam("username", $paramUsername);
$stmt->bindParam("password", $paramPassword);
$stmt->execute();
$result = $stmt->fetchAll();
$loggedin=$result[0]["loggedin"];
$uid= $result[0]["uid"];
$fname=$result[0]["firstname"];
$token=$result[0]["token"];
$response["uid"]=$uid;
$response["loggedin"]=$loggedin;
$response["firstname"]=$fname;
$response["token"]=$token;
echo json_encode($response);
$dbCon = null;
}
catch(PDOException $e) {
echo '{"error":{"text":'. $e->getMessage() .'}}';
}
}Code: Select all
{"uid":"100","loggedin":"1","firstname":"John","token":"f0165d67221563bef150018276f4f77b7bd1e1763223e"}Code: Select all
<form id="login" method="post" action="webservices/api/users/login">
<input class="my-class" style="width:20em" type="email" name="username" required>
<input class="my-class" style="width:20em" type="password" name="password" required>
<button type="submit" id="SubmitButton" name="submit" "></button>
</form>TIA