I have a Slim API and I need to make a function that will validate a username/password. I'm using a POST and I would like to inject the username inside the credentials inside the sql. I know how to do it if I use GET, but I'm using POST. How can I do that:
function authenticate($req, $resp, $args) {
$credentials = json_decode($req->getBody());
$sql = "SELECT * FROM ict_users WHERE usr_username = 'Insert the username here'";
try {
$db = DB_Connection();
$stmt = $db->query($sql);
$password = $stmt->fetchAll(PDO::FETCH_OBJ);
$db = null;
} catch(PDOException $e) {
echo '{"error":{"text":'. $e->getMessage() .'}}';
}
//check if the two password fits (use the password var)
//create a session_key
//Store the session_key in the DB
//return the session_key
}
I call this function in a AngularJS service with:
$http.post(appConfig.apiURL + '/authenticate', credentials)