Adavis
asked on
Simple PHP Web Service Example
Can you please provide me with a PHP code sample of a Web Service that accepts a user login and password as input parameters and returns a boolean yes or no depending if the login exists or not. The web services can "fake" the existence of the database look-up to keep matters simple.
Please provide sample code of how the result of the web service would cause one page or another of a web site to display based on the success or failure of the login.
We want to use the web service to allow a new database to work with an existing web site. Presumably the part of the web-site that logs in the user currently can check with the web service and the database technology and programming language won't be an issue. We aren't trying to share this with the world, so we don't need WSDL or UDDI. We just need PHP web-service interfaces to a MYSQL database that can be utilized by a web site to selectively display different pages based on the return results of the web-service.
The Id and Password will be provided on a HTML form by a user of the web site.
Also, please advise us on obvious security steps that should be taken in the use of such a web service.
Please provide sample code of how the result of the web service would cause one page or another of a web site to display based on the success or failure of the login.
We want to use the web service to allow a new database to work with an existing web site. Presumably the part of the web-site that logs in the user currently can check with the web service and the database technology and programming language won't be an issue. We aren't trying to share this with the world, so we don't need WSDL or UDDI. We just need PHP web-service interfaces to a MYSQL database that can be utilized by a web site to selectively display different pages based on the return results of the web-service.
The Id and Password will be provided on a HTML form by a user of the web site.
Also, please advise us on obvious security steps that should be taken in the use of such a web service.
When connecting with a mysql database you would change the password checking section on loginScript.php. Here instead of just comparing it flat out with 'abavis' you would connect to the database and search to see if that password and username is coupled (map to the same user id) in the table. You would then improve the security of that by storing md5() or sha1(), php encryption functions, to store hashes of the strings into the mysql table (a simplier, less safe way would be to use PASSWORD() in mysql).
Joe P
Joe P
ASKER
Is this truly a web service that uses SOAP and XML? Please take a look at http://aspn.activestate.com/ASPN/WebServices/SWSAPI/phptut just to see if we are on the same page. Thanks.
adavis
adavis
No, I did not recognize either of those in your question so I had no idea. Rereading I see that you keep referring to web services which I guess is what is confusing me. I know very little about SOAP and "web-services" so I probably cannot provide too much more help. :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't deserve any points. I did not understand part of his question and so my answer is not worthy of an "assist" and it is certainly not a solution.
Joe P
Joe P
Two very simple (room for a lot of error) pages:
1) login.php has a simple html form, asking for a username and password. If you put in adavis for both the username and the password then it will work. it also has some simple php code to check if your logged in by checking the session variables. if you are then it displays Hello, and a link to a secret page that you must be logged in to see.
2) loginScript.php checks if what you provided was adavis, if not it logs you out if you were logged in. In any case you are redirected back to login.php and if you are logged in now you will see some cool stuff. Enjoy.
[login.php]
<?php
session_start();
?>
<html>
<head><title>Login</title>
<body>
<?php
if (isset($_SESSION['login'])
print "<h3>Hello $_SESSION[user], check out this secret page: <a href=\"www.google.com\">Link</a></h3>";
?>
<form action="loginScript.php" method="POST">
<table>
<tr><td>Username:</td><td>
<tr><td>Password:</td><td>
<tr><td colspan=2 align="center"><input type="submit" value="Login"></td></tr>
</table>
</form>
</body>
</html>
[loginScript.php]
<?php
// Reopen/Create a session
session_start();
// Check if this was submitted via a form (if not redirect)
if (!isset($_POST['USER']) || !isset($_POST['PASS']))
{
header('Location: login.php');
exit;
}
// Get the uername and password
$username = $_POST['USER'];
$password = $_POST['PASS'];
// Only if they are both 'adavis' then we set as logged in
if ($username == 'adavis' && $password == 'adavis')
{
$_SESSION['login'] = 'yes';
$_SESSION['user'] = $username;
}
else
unset($_SESSION['login']);
// Redirect to login.php in the end
header('Location: login.php');
?>
I can expand on this in so many different directions but this is the most basic by far. All it does is if you provide a valid user/pass it sets a variable in the supergloabl $_SESSION. To cehck if the user is logged in you just check if that variable isset(). For a more complex and more mainstream view you could set that variable to say an interger or a string meaning different levels of access. 'admin', 'guest', 'basic', 'paid', equivalent levels of access as intergers, 7, 5, 3, 2 (primes for fun). You can improve this in so many ways but I hope that you get the basic idea.
Joe P