-1

i am sending data from an android device to my cakephp website through HTTP Post in json object ..like this 

    HttpPost post = new HttpPost("https://www.mywebtest.com/test");

and then i decode the json and extract the data like this 

            if ($this->request->isPost()){

        $json = $this->request->data('json');
        $data = json_decode($json, TRUE);

but at the moment i am not checking that whether the http post or data is coming from my android app or someone else .so if someone knows the url he can do something malicious ..because at times now the url which i have written in httpPost when i typed this url in my browser there is nothing is shown on the browser.. i want to display some kind of error or 404 page if some one typed the url in browser.. Essentially, you can say i am creating with CakePHP is an API, What i want to do is secure the API so only my app can execute requests.so i want to implement some type of authentication .. doing some research i come up to a solution that pass another parameter as a secret token from android app and then check token from my webapp and then extract data .. i dont know how can i pass another parameter in httppost and then check it on my webpage .. and also if that possible i want to randomly generate the token and encrypt it on every request and then decrypt it through key in webapp whenever the data is posting from android to webapp.. if someone has done before this or have an idea then please share code or any link.

hellosheikh
  • 2,929
  • 8
  • 49
  • 115
  • @Amourreux I did not understand what the code you wrote is doing, could you explain it a bit more? What I want to do is to verify ON my webserver that the data is actually coming from my mobile app. – hellosheikh Jun 28 '13 at 09:45
  • i do not get where does the $_GET["callback"] comes and what it does? and also you are sending the static token what i want is i want to change the token on every request and and also want to send the encrypted token – hellosheikh Jun 28 '13 at 11:20

2 Answers2

0

Create a JsonObject for parameters,

JSONObject parametersList = new JSONObject();

put your parameters into that JSONObject

parametersList.put("testID", 123);

int androidValue = 231231231; // a identifer or password your choice.
parametersList.put("androidValue", androidValue);

and add list to your HttpPost

HttpPost request = new HttpPost("https://www.mywebtest.com/test");

request.setHeader(HTTP.CONTENT_TYPE, "application/json; charset=utf-8");

request.setEntity(new StringEntity(parameters.toString(), HTTP.UTF_8));

On the php side;

<?php
$postdata = $HTTP_RAW_POST_DATA;
$data = json_decode($postdata);
$id = $data->testID;
$androidValue = $data->androidValue;

if(androidValue == 231231231)
{
   $json = "{d:[{sample1:'".$id."',sample2:'value12'}]}";
   $response = $_GET["callback"] . $json;
   echo $response;
}
else
{
    // send failed data
}

?>

And this how to get respond on android side

            HttpResponse response = client.execute(request);

            final int statusCode = response.getStatusLine().getStatusCode();
            final String jsonResponse = EntityUtils.toString(response.getEntity());

            if (statusCode != HttpStatus.SC_OK) {
                Log.w(TAG, "Error in web request: " + statusCode);
                Log.w(TAG, jsonResponse);
                return null;
            } else {
                Log.i(TAG, jsonResponse);
                return jsonResponse;
            }

I hope this will help.

Mehmet Emre Portakal
  • 1,774
  • 21
  • 37
-1

Try with RequestHandler isMobile().

You will get true, if request is from mobile phone.

http://book.cakephp.org/2.0/en/core-libraries/components/request-handling.html#RequestHandlerComponent::isMobile

AtLeT
  • 74
  • 1
  • 9