dongnaizao8039
2012-03-15 20:31 阅读 50
已采纳

iphone与php web服务通信 - 用户名/密码

I have been trying to get this to work correctly and I think I have finally come up with the correct solution because when I login on my iphone it seems to work fine. I am sort of new to php so I was wondering if I made any mistakes or if I could improve upon this.

I was working off of this example http://www.raywenderlich.com/2941/how-to-write-a-simple-phpmysql-web-service-for-an-ios-app for writing a web service.

All this is trying to do is return 403 if the username and password that I type in is valid.

<?php

    // Helper method to send a HTTP response code/message
    function sendResponse($status = 200, $body = '', $content_type = 'text/html')
    {
        $status_header = 'HTTP/1.1 ' . $status . ' ' . getStatusCodeMessage($status);
        header($status_header);
        header('Content-type: ' . $content_type);
        echo $body;
    }

    class RedeemAPI {


        private $db;

                // Constructor - open DB connection
                function __construct() {
                $this->db = new mysqli('127.0.0.1', 'username', 'password', 'promos');
                $this->db->autocommit(FALSE);
            }

            // Destructor - close DB connection
            function __destruct() {
                $this->db->close();
            }


    function redeem() {

        // Check for required parameters





     if (isset($_POST["AccountEntry"]) && isset($_POST["PasswordEntry"])) {



        // Put parameters into local variables
                $AccountEntry = $_POST["AccountEntry"];
                 $PasswordEntry = $_POST["PasswordEntry"];



                   $user_id = 0;
                   $stmt = $this->db->prepare("SELECT username, password FROM usernames WHERE username=? AND password=?");

                   $stmt->bind_param("ss", $AccountEntry, $PasswordEntry);
                   $stmt->execute();
                      $stmt->bind_result($user, $pass);
                   while ($stmt->fetch()) {
                break;
            }
            $stmt->close();




                if ($AccountEntry === $user && $PasswordEntry == $pass ) {
                    sendResponse(403, 'YESSIRRRRR');
                    return true;

                }  


        }
         sendResponse(400, 'Not working');
                return false; 
        }


    }

        $api = new RedeemAPI;
        $api->redeem();

    //Extra helper functions



    // Helper method to get a string description for an HTTP status code
    // From http://www.gen-x-design.com/archives/create-a-rest-api-with-php/ 


    function getStatusCodeMessage($status)
    {
        // these could be stored in a .ini file and loaded
        // via parse_ini_file()... however, this will suffice
        // for an example
        $codes = Array(
            100 => 'Continue',
            101 => 'Switching Protocols',
            200 => 'OK',
            201 => 'Created',
            202 => 'Accepted',
            203 => 'Non-Authoritative Information',
            204 => 'No Content',
            205 => 'Reset Content',
            206 => 'Partial Content',
            300 => 'Multiple Choices',
            301 => 'Moved Permanently',
            302 => 'Found',
            303 => 'See Other',
            304 => 'Not Modified',
            305 => 'Use Proxy',
            306 => '(Unused)',
            307 => 'Temporary Redirect',
            400 => 'Bad Request',
            401 => 'Unauthorized',
            402 => 'Payment Required',
            403 => 'Forbidden',
            404 => 'Not Found',
            405 => 'Method Not Allowed',
            406 => 'Not Acceptable',
            407 => 'Proxy Authentication Required',
            408 => 'Request Timeout',
            409 => 'Conflict',
            410 => 'Gone',
            411 => 'Length Required',
            412 => 'Precondition Failed',
            413 => 'Request Entity Too Large',
            414 => 'Request-URI Too Long',
            415 => 'Unsupported Media Type',
            416 => 'Requested Range Not Satisfiable',
            417 => 'Expectation Failed',
            500 => 'Internal Server Error',
            501 => 'Not Implemented',
            502 => 'Bad Gateway',
            503 => 'Service Unavailable',
            504 => 'Gateway Timeout',
            505 => 'HTTP Version Not Supported'
        );

        return (isset($codes[$status])) ? $codes[$status] : '';
    }

    // This is the first thing that gets called when this page is loaded
    // Creates a new instance of the RedeemAPI class and calls the redeem method


    ?>

EDIT: Sorry I wasn't more clear I mainly wanted to make sure that this piece of code is valid, and if I am checking the username/password correctly.

if (isset($_POST["AccountEntry"]) && isset($_POST["PasswordEntry"])) {



        // Put parameters into local variables
                $AccountEntry = $_POST["AccountEntry"];
                 $PasswordEntry = $_POST["PasswordEntry"];



                   $user_id = 0;
                   $stmt = $this->db->prepare("SELECT username, password FROM usernames WHERE username=? AND password=?");

                   $stmt->bind_param("ss", $AccountEntry, $PasswordEntry);
                   $stmt->execute();
                      $stmt->bind_result($user, $pass);
                   while ($stmt->fetch()) {
                break;
            }
            $stmt->close();




                if ($AccountEntry === $user && $PasswordEntry == $pass ) {
                    sendResponse(403, 'YESSIRRRRR');
                    return true;
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

2条回答 默认 最新

  • 已采纳
    duanditang2916 duanditang2916 2012-03-15 20:58

    First, why would you want to send "Not Found" if the username and password are correct? Anyway, thats what I did. This is completely different code but it does what you asked.

    //Connect To Database. I put 127.0.0.1 because that is what was in your code. It is usually "localhost" though.
    $conn = mysql_connect("127.0.0.1", "DATABASE-USER-NAME", "DATABASE-USER-PASSWORD") or     die(mysql_error());
    mysql_select_db('DATABASE-NAME', $conn) or die(mysql_error());
    
    //Put everything in variables
    $username = $_POST['AccountEntry'];
    $password = $_POST['PasswordEntry'];
    //Get the information from the database.
    $result = mysql_query("SELECT * FROM usernames WHERE username = '$username' && password = '$password'"); 
    $num_rows = mysql_num_rows($result);
    //If there are one (1) result in the database, returning 403.
    if ($num_rows==1 || $num_rows=="1") {
      //Correct passcode. Return 403 (thats what you wanted right?).
      returnStatusCode(403);
    } else {
      //Incorrect passcode. Return 400 (thats what you wanted right?).
      returnStatusCode(400);
    }
    //send the headers...
    function returnStatusCode($code) {
     $status_header = 'HTTP/1.1 ' . $code . ' ' . getStatusCodeMessage($status);
            header($status_header);
            header('Content-type: text/html');
     //Don't need the echo($body) since your body was empty anyway.
    }
    //I didn't change this:
    function getStatusCodeMessage($status)
        {
            // these could be stored in a .ini file and loaded
            // via parse_ini_file()... however, this will suffice
            // for an example
            $codes = Array(
                100 => 'Continue',
                101 => 'Switching Protocols',
                200 => 'OK',
                201 => 'Created',
                202 => 'Accepted',
                203 => 'Non-Authoritative Information',
                204 => 'No Content',
                205 => 'Reset Content',
                206 => 'Partial Content',
                300 => 'Multiple Choices',
                301 => 'Moved Permanently',
                302 => 'Found',
                303 => 'See Other',
                304 => 'Not Modified',
                305 => 'Use Proxy',
                306 => '(Unused)',
                307 => 'Temporary Redirect',
                400 => 'Bad Request',
                401 => 'Unauthorized',
                402 => 'Payment Required',
                403 => 'Forbidden',
                404 => 'Not Found',
                405 => 'Method Not Allowed',
                406 => 'Not Acceptable',
                407 => 'Proxy Authentication Required',
                408 => 'Request Timeout',
                409 => 'Conflict',
                410 => 'Gone',
                411 => 'Length Required',
                412 => 'Precondition Failed',
                413 => 'Request Entity Too Large',
                414 => 'Request-URI Too Long',
                415 => 'Unsupported Media Type',
                416 => 'Requested Range Not Satisfiable',
                417 => 'Expectation Failed',
                500 => 'Internal Server Error',
                501 => 'Not Implemented',
                502 => 'Bad Gateway',
                503 => 'Service Unavailable',
                504 => 'Gateway Timeout',
                505 => 'HTTP Version Not Supported'
            );
    
            return (isset($codes[$status])) ? $codes[$status] : '';
        }
    

    EDIT: Fixed $code and $status.

    EDIT 2: Or you could just use Gabriel's answer if you need to have the code that way.

    点赞 评论 复制链接分享
  • dtzh131555 dtzh131555 2012-03-15 20:59

    in php you need to use the operator $this-> to call function members.

    so

    getStatusCodeMessage($status);
    

    will become

    $this->getStatusCodeMessage($status);
    

    your code can be heavily modified/optimized but I think since you are starting with PHP you need to keep learning.

    点赞 评论 复制链接分享

相关推荐