Search the Community

Hi all, I currently have a web app (php my first once actually) that accesses a MySql database. How I was handling the login was like this: This user enters the username and pw which gets sent to a stored procedure. If they successfully are validated I output a record (contains userid, first name and if they are logged in or not) and I set two session variables, 1 that stores a boolean if they are logged in (1 if they are, 0 if they are not) and the other stores the user id of that user (so I can use later to make sure they only get their data). I then check these session variables to 1.Make sure they are logged in and 2. Make sure they are only requesting their data (userid) I'm now going to be working on an Android app and make all the data access stuff a rest api that both the app and the website can consume. I modified the login stored procedure so it now will return a token as well. The token is generated on the DB(a hashed value of a couple of fields concatenated). When they log in successfully the token generated is stored in a user token table.(one user, one token) The table also stores a token_expire timestamp. Every time they log in a new token is created(and token_expire is updated). If they try to do something after the token expired (based on the token_expire field) then it should redirect them to login so a new token can be created. When I do the Android app, dealing with this and storing this token on the client is easy and there are many ways to store it (I was thinking storing it in a local sqlite table, shared_prefs (prob not the best way) etc..) and I would just parse through the json result. So keeping track of the token is easy with the app but my problem comes in with the PHP web site. So I'm faced with two issues: Issue 1. Right now I have a php form (with login and password fields) and it posts to a login process page which calls the stored procedure and if all is good redirects them to a dashboard page. Now if I use rest the post action would be something like: api/users/login instead of loginprocess.php correct? But then the api just spits out json and I'm not sure how to hand the result from the api to the php code. As when I change the post action I just get a white page with the json result string. So I need help knowing what to do once the api returns the result. Does this have to be called differently than a normal form submit? Do I just have the form submit call a js funcation that makes the call to the page and parses the result? Similar to something like this but instead of passing the cookie passing the login information? $opts = array('http' => array('header'=> 'Cookie: ' . $_SERVER['HTTP_COOKIE']."\r\n")); $context = stream_context_create($opts); session_write_close(); // unlock the file $contents = file_get_contents(url, false, $context); Issue 2. Once this token is generated in MySQL and sent back to the api, I need to pass it back to the PHP(related to #1) but How do I store it so that other pages of the site can send it when it requests the data? I know it has to be sent in the header in future requests and that's not my issue. My issue is where do I store the token on the web client so that other pages can use it? Should I store it in a client cookie? (but then doesn't this go against rest?) Store it in local storage? I'm pretty new to PHP and REST (was a classic ASP guy and just getting back into this stuff. This project is the first personal project for myself to learn this stuff and get the rust out) so I'm just trying to figure out the best way. I do not want to use sessions as that violates REST. I also do not want to use oauth or any 3rd party solution. I have been reading a lot about this but I'm still unclear as to how to go about these changes to the web version of the app and have it function properly. This is what my rest login api looks like so far (I know this will have to change but I'm stuck here with it): function loginUser() { global $app; $req = $app->request(); $paramUsername = $req->params('username'); $paramPassword = $req->params('password'); $sql = "CALL checkPassword(:username,:password)"; try { $dbCon = getConnection(); $stmt = $dbCon->prepare($sql); $stmt->bindParam("username", $paramUsername); $stmt->bindParam("password", $paramPassword); $stmt->execute(); $result = $stmt->fetchAll(); $loggedin=$result[0]["loggedin"]; $uid= $result[0]["uid"]; $fname=$result[0]["firstname"]; $token=$result[0]["token"]; $response["uid"]=$uid; $response["loggedin"]=$loggedin; $response["firstname"]=$fname; $response["token"]=$token; echo json_encode($response); $dbCon = null; } catch(PDOException $e) { echo '{"error":{"text":'. $e->getMessage() .'}}'; } } Which returns: {"uid":"100","loggedin":"1","firstname":"John","token":"f0165d67221563bef150018276f4f77b7bd1e1763223e"} Here is what the form looks like calling the api currently: <form id="login" method="post" action="webservices/api/users/login"> <input class="my-class" style="width:20em" type="email" name="username" required> <input class="my-class" style="width:20em" type="password" name="password" required> <button type="submit" id="SubmitButton" name="submit" "></button> </form> Can anyone recommend the best way to deal with these two issues? Any help would be appreciated. Oh I should mention I'm using slim to help with the rest api's. TIA

I will warn you that i have never used PHP to call a web service but have spent the last 2 days googling with trial and error and think that i have come to a point where i have no idea what to do as nothing is working. Here is my PHP code... <?php $soapclient = new SoapClient('Link-To-EndPoint'); $params = array('Username' => 'Username', 'Password' => 'Password', 'clientRequestId' => 1, 'projectNumber' => 64111, 'requestDateTime' => '2014-03-16T11:05:24.572Z', 'itemNumber' => 'F00573019120B', 'projectNumber' => 64111 ); $response = $soapclient->GetItemDetailInfo($params); echo '<pre>'; var_dump($response); echo '</pre>'; ?> And here is the request, probably worth noting that this gives the full response and works when i use SOAP UI to make the request. <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <env:Header> <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <UsernameToken> <Username>Username</Username> <Password>Password</Password> </UsernameToken> </Security> </env:Header> <env:Body> <getItemDetailInfoRequest> <requestHeader> <clientRequestId>1</clientRequestId> <projectNumber>64111</projectNumber> <requestDateTime>2014-03-20T14:05:24.572Z</requestDateTime> </requestHeader> <getItemDetailInfoList> <itemDetailSearchCriteria> <itemNumber>F00573019120B</itemNumber> <projectNumber>64111</projectNumber> </itemDetailSearchCriteria> </getItemDetailInfoList> </getItemDetailInfoRequest> </env:Body> </env:Envelope> When i load the page i get a blank screen nothing comes out from $response, I have no idea if i am close to making this work or if i am super far off with this. Using the above code i am able to make a public weather SOAP Web Service work which makes me think i am close. Any help would be appreciated!

Dear Friends, I am using Simple-REST Library for my REST Web service purpose . I need to integrate "OAuth2" with my REST API skeleton. I attached the REST - API Client & Server for your reference . Please check it and help me with a good solution for implementation. Thanks, Anes simple_rest_client.zip simple_rest_master.zip

Hello, I have been working on a php webservice, which receives videos(uploaded) from iphone and upload them to Amazon cloudFront. After uploading videos, I need to generate thumbnails for video from the Amazon link generated. I am using ffmpeg with shell_exec command for it. Here is the code for the same: public function createThumbnail($userId,$fileUrl,$imageName){ //$imageUrl = 'http://184.168.116.177:81/json_api/json/bin/'; if(!is_dir("images/".$userId)){ mkdir("images/".$userId); } // path of installed ffmpeg $ffmpeg = $_SERVER['DOCUMENT_ROOT'] .'bin/ffmpeg'; $cmd = "$ffmpeg -itsoffset -1 -i $fileUrl -vcodec mjpeg -vframes 1 -an -f rawvideo -s 320x240 images/".$userId."/".$imageName; shell_exec($cmd); return "images/".$userId."/".$imageName; } The above code generates the thumbnail, but script does not execute after shell_exec command. So, there is no response sent to iphone end about the thumbnail link. This function works well video is uploaded from web browser of pc. If I comment, shell_exec command, then response is sent to iphone end, but obviousely image is not created. Thanks in advance.