0

I want to get experience in PHP so I'm wokring on my own RESTful API server. I read up on REST, how the address should look, what HTTP verbs status codes exist. My friend is working with client side (Android, Java) and I do server side.

For stage one, I have to do authentication and registration. I don't know how to get the data, but my code should validate username and password, then compare these values with the database. Finally, if the user exists, it must receive a token which, as I understand it, must be used to access other methods of my API. This is where I have a problem:

<?php

require __DIR__ . '/auth.php';

class Handler extends DbConn

{
public function isValidUser($login,$password_hash)
    {

        $sql = 'SELECT 1 FROM users WHERE name = :name AND password_hash = :password_hash';
        $stmt = $this->pdo->prepare($sql);
        $stmt->bindValue(':name',$login);
        $stmt->bindValue(':password_hash',$password_hash);
        $stmt->execute();
        $row = $stmt->fetchColumn();
        if ($row == 1)
        {
            $this->getCurrentToken($login);
        } else {
            $this->createUser();
        }
    }

    protected function getCurrentToken($login)
    {
        $sql = 'SELECT api_key FROM users WHERE name = :name';
        $stmt = $this->pdo->prepare($sql);
        $stmt->bindValue(':name',$login);
        $stmt->execute();
        $row = $stmt->fetchColumn();

    }




}
?>

This is just a template, some errors may exist. I don't know what to do next. In theory, I understand that I have to give the user a token, but how do you do that? How would I create the server's response? How would I transfer data from the server to the client using json?

I know how it should work in theory, but I'm having difficulty putting this into practice. I don't expect an explanation in detail, I just want to understand the meaning, to understand what algorithm. What material should I read? Could someone give me advice for the above code, e.g. an example of what methods I should add to class.

Also, considering that it is the API, it must work for browser and mobile applications differently. Guys, I hope that you give me useful tips. Thanks for attention.

kirsty
  • 267
  • 1
  • 2
  • 14
Vadim
  • 3
  • 2

1 Answers1

0

if client is using to call server via POST(ie HttpPost httppost = new HttpPost("http://www.yoursite.com/script.php"); in android) then you will get all data posted by user to you at $_POST

if you are beginner about get-post in rest dont get mess-up with database at this level just create page

<?php
echo json_encode($_POST);
?>

and call it from client you will get further path :)

anshuVersatile
  • 2,030
  • 1
  • 11
  • 18