I want to get experience in PHP so I'm wokring on my own RESTful API server. I read up on REST, how the address should look, what HTTP verbs status codes exist. My friend is working with client side (Android, Java) and I do server side.
For stage one, I have to do authentication and registration. I don't know how to get the data, but my code should validate username and password, then compare these values with the database. Finally, if the user exists, it must receive a token which, as I understand it, must be used to access other methods of my API. This is where I have a problem:
<?php
require __DIR__ . '/auth.php';
class Handler extends DbConn
{
public function isValidUser($login,$password_hash)
{
$sql = 'SELECT 1 FROM users WHERE name = :name AND password_hash = :password_hash';
$stmt = $this->pdo->prepare($sql);
$stmt->bindValue(':name',$login);
$stmt->bindValue(':password_hash',$password_hash);
$stmt->execute();
$row = $stmt->fetchColumn();
if ($row == 1)
{
$this->getCurrentToken($login);
} else {
$this->createUser();
}
}
protected function getCurrentToken($login)
{
$sql = 'SELECT api_key FROM users WHERE name = :name';
$stmt = $this->pdo->prepare($sql);
$stmt->bindValue(':name',$login);
$stmt->execute();
$row = $stmt->fetchColumn();
}
}
?>
This is just a template, some errors may exist. I don't know what to do next. In theory, I understand that I have to give the user a token, but how do you do that? How would I create the server's response? How would I transfer data from the server to the client using json?
I know how it should work in theory, but I'm having difficulty putting this into practice. I don't expect an explanation in detail, I just want to understand the meaning, to understand what algorithm. What material should I read? Could someone give me advice for the above code, e.g. an example of what methods I should add to class.
Also, considering that it is the API, it must work for browser and mobile applications differently. Guys, I hope that you give me useful tips. Thanks for attention.