• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 656
  • Last Modified:

Simple PHP Web Service Example

Can you please provide me with a PHP code sample of a Web Service that accepts a user login and password as input parameters and returns a boolean yes or no depending if the login exists or not. The web services can "fake" the existence of the database look-up to keep matters simple.

Please provide sample code of how the result of the web service would cause one page or another of a web site to display based on the success or failure of the login.

We want to use the web service to allow a new database to work with an existing web site.  Presumably the part of the web-site that logs in the user currently can check with the web service and the database technology and programming language won't be an issue.  We aren't trying to share this with the world, so we don't need WSDL or UDDI.  We just need PHP web-service interfaces to a MYSQL database that can be utilized by a web site to selectively display different pages based on the return results of the web-service.

The Id and Password will be provided on a HTML form by a user of the web site.

Also, please advise us on obvious security steps that should be taken in the use of such a web service.
0
Adavis
Asked:
Adavis
  • 4
1 Solution
 
BogoJokerCommented:
Hi Adavis,

Two very simple (room for a lot of error) pages:
1) login.php has a simple html form, asking for a username and password.  If you put in adavis for both the username and the password then it will work.  it also has some simple php code to check if your logged in by checking the session variables.  if you are then it displays Hello, and a link to a secret page that you must be logged in to see.
2) loginScript.php checks if what you provided was adavis, if not it logs you out if you were logged in.  In any case you are redirected back to login.php and if you are logged in now you will see some cool stuff.  Enjoy.

[login.php]
<?php
session_start();
?>
<html>
<head><title>Login</title></head>
<body>
<?php
if (isset($_SESSION['login']) && isset($_SESSION['user']))
  print "<h3>Hello $_SESSION[user], check out this secret page: <a href=\"www.google.com\">Link</a></h3>";
?>

<form action="loginScript.php" method="POST">
<table>
<tr><td>Username:</td><td><input type="text" name="USER"></td></tr>
<tr><td>Password:</td><td><input type="password" name="PASS"></td></tr>
<tr><td colspan=2 align="center"><input type="submit" value="Login"></td></tr>
</table>
</form>
</body>
</html>

[loginScript.php]
<?php

// Reopen/Create a session
session_start();

// Check if this was submitted via a form (if not redirect)
if (!isset($_POST['USER']) || !isset($_POST['PASS']))
{
  header('Location: login.php');
  exit;
}

// Get the uername and password
$username  = $_POST['USER'];
$password = $_POST['PASS'];

// Only if they are both 'adavis' then we set as logged in
if ($username == 'adavis' && $password == 'adavis')
{
  $_SESSION['login'] = 'yes';
  $_SESSION['user'] = $username;
}
else
  unset($_SESSION['login']);

// Redirect to login.php in the end
header('Location: login.php');
?>


I can expand on this in so many different directions but this is the most basic by far.  All it does is if you provide a valid user/pass it sets a variable in the supergloabl $_SESSION.  To cehck if the user is logged in you just check if that variable isset().  For a more complex and more mainstream view you could set that variable to say an interger or a string meaning different levels of access.  'admin', 'guest', 'basic', 'paid', equivalent levels of access as intergers, 7, 5, 3, 2 (primes for fun).  You can improve this in so many ways but I hope that you get the basic idea.

Joe P
0
 
BogoJokerCommented:
When connecting with a mysql database you would change the password checking section on loginScript.php.  Here instead of just comparing it flat out with 'abavis' you would connect to the database and search to see if that password and username is coupled (map to the same user id) in the table.  You would then improve the security of that by storing md5() or sha1(), php encryption functions, to store hashes of the strings into the mysql table (a simplier, less safe way would be to use PASSWORD() in mysql).

Joe P
0
 
AdavisAuthor Commented:
Is this truly a web service that uses SOAP and XML?  Please take a look at http://aspn.activestate.com/ASPN/WebServices/SWSAPI/phptut just to see if we are on the same page.  Thanks.
adavis
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
BogoJokerCommented:
No, I did not recognize either of those in your question so I had no idea.  Rereading I see that you keep referring to web services which I guess is what is confusing me.  I know very little about SOAP and "web-services" so I probably cannot provide too much more help. :(
0
 
ClickCentricCommented:
From the question, it almost seems like you're looking for a Rube Goldberg ( http://www.rube-goldberg.com/html/today.htm ) method to handle this task.    Or I may be misunderstanding the question?  

First, 'Web Services' is a concept.  It's not directly related to the file on that page.  That's just an example tutorial so you can see how the concept functions.  Technologies like these are often used in place of hardcoded program language commands ( like the mysql_ commands in PHP ).  They allow for an easy method to move information from place to place.  But their real value comes in cross-platform compatibility.  On any computer, in any programming language, if you know what you're doing, you can write code to read and reply to XML and SOAP requests fairly easily as opposed to writing translation code to change info into something usable for a given programming language.  If you wanted to write an application program that interacted with information on a website, SOAP and XML create a way of doing this without having to worry about the differences in how the programs handle communicating with, say, a mysql server based on platform.  

Now, an entire site can be driven by SOAP or XML, but the question becomes why to do so if it's not necessary?
0
 
BogoJokerCommented:
I don't deserve any points.  I did not understand part of his question and so my answer is not worthy of an "assist" and it is certainly not a solution.

Joe P
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now