0
繼以下this教程,瞭解如何爲Android創建API。檢查了我的DB_Functions.php文件,一切正常連接並正常運行(90%確定)。爲確保帖子正常工作,我使用名爲Postman的Chrome加載項。 This我在網上發現的其他問題與我的問題類似。這是我輸入/收到的。
下面是代碼使用PHP API插入MySQL數據庫
<?php
/*
Function tests
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
$insert = $db->storeUser("InsertTest", "[email protected]", "apple");
print_r($insert);
$user = $db->getUserByEmailAndPassword("[email protected]", "apple");
print_r($user);
$exist = $db->isUserExisted("[email protected]");
echo $exist; */
/**
* File to handle all API requests
* Accepts GET and POST
*
* Each request will be identified by TAG
* Response will be JSON data
/**
* check for POST request
*/
if (isset($_POST['tag']) && $_POST['tag'] != '') {
$tag = $_POST['tag'];
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
$response = array("tag" => $tag, "error" => FALSE);
// check for tag type
if ($tag == 'login') {
// Request type is check Login
$email = $_POST['email'];
$password = $_POST['password'];
// check for user
$user = $db->getUserByEmailAndPassword($email, $password);
if ($user != false) {
// user found
$response["error"] = FALSE;
$response["uid"] = $user["unique_id"];
$response["user"]["name"] = $user["name"];
$response["user"]["email"] = $user["email"];
$response["user"]["created_at"] = $user["created_at"];
$response["user"]["updated_at"] = $user["updated_at"];
echo json_encode($response);
} else {
// user not found
// echo json with error = 1
$response["error"] = TRUE;
$response["error_msg"] = "Incorrect email or password!";
echo json_encode($response);
}
} else if ($tag == 'register') {
// Request type is Register new user
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
// check if user is already existed
if ($db->isUserExisted($email)) {
// user is already existed - error response
$response["error"] = TRUE;
$response["error_msg"] = "User already existed";
echo json_encode($response);
} else {
// store user
$user = $db->storeUser($name, $email, $password);
if ($user) {
// user stored successfully
$response["error"] = FALSE;
$response["uid"] = $user["unique_id"];
$response["user"]["name"] = $user["name"];
$response["user"]["email"] = $user["email"];
$response["user"]["created_at"] = $user["created_at"];
$response["user"]["updated_at"] = $user["updated_at"];
echo json_encode($response);
} else {
// user failed to store
$response["error"] = TRUE;
$response["error_msg"] = "Error occured in Registartion";
echo json_encode($response);
}
}
} else {
// user failed to store
$response["error"] = TRUE;
$response["error_msg"] = "Unknown 'tag' value. It should be either 'login' or 'register'";
echo json_encode($response);
}
} else {
$response["error"] = TRUE;
$response["error_msg"] = "Required parameter 'tag' is missing!";
echo json_encode($response);
}
?>
而且DB_Functions.php代碼
<?php
class DB_Functions{
private $db;
public $connection;
function __construct(){
require_once ('DB_Connect.php');
$this->db = new DB_Connect();
$this->connection = $this->db->connect();
}
function __destruct(){
}
public function storeUser($name, $email, $password){
$uuid = uniqid('', true);
$hash = $this->hashSSHA($password);
$encrypted_password = $hash["encrypted"];
$salt = $hash["salt"];
$sql = "INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at)
VALUES ('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())";
$result = $this->connection->query($sql);
if($result){
$uid = mysqli_insert_id($this->connection);
$sql = "SELECT * FROM users WHERE uid = '" . $uid . "';";
$result = $this->connection->query($sql);
return mysqli_fetch_array($result);
}else{
return false;
}
}
public function getUserByEmailAndPassword($email, $password){
$sql = "SELECT * FROM users WHERE email = '" . $email . "';";
$result = $this->connection->query($sql);
$no_of_rows = mysqli_num_rows($result);
if($no_of_rows > 0){
$result = mysqli_fetch_array($result);
$salt = $result['salt'];
$encrypted_password = $result['encrypted_password'];
$hash = $this->checkhashSSHA($salt, $password);
if($encrypted_password == $hash){
return $result;
}
}else{
return false;
}
}
public function isUserExisted($email){
$sql = "SELECT * FROM users WHERE email = '" . $email . "';";
$result = $this->connection->query($sql);
$no_of_rows = mysqli_num_rows($result);
if($no_of_rows > 0){
return true;
}else{
return false;
}
}
public function hashSSHA($password){
$salt = sha1(rand());
$salt = substr($salt, 0, 10);
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
public function checkhashSSHA($salt, $password){
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}
}
?>
有誰知道爲什麼郵政不工作?
**警告**:使用'mysqli'時,應該使用參數化查詢和['bind_param'](http://php.net/manual/en/mysqli-stmt.bind-param.php)到將用戶數據添加到您的查詢。 **不要**使用字符串插值或連接來完成此操作,因爲您將創建嚴重的[SQL注入漏洞](http://bobby-tables.com/)。 **絕不**將'$ _POST'數據直接放入查詢中。 – tadman
此外,你的截圖是完全難以辨認的。我們應該從中拿走什麼? – tadman
你真的應該使用PHP的[內置函數](http://jayblanchard.net/proper_password_hashing_with_PHP.html)來處理密碼安全性。 –