Share My Creation User Login + MySQL PHP API

Web API

Updates:
For B4J API Server and cross platform client apps,
please check [B4X] User Login App + [B4J] MySQL API Server (Key + Token)
https://www.b4x.com/android/forum/threads/b4x-user-login-app-b4j-mysql-api-server-key-token.126081/

1589568374217.png

1589571389800.png

1589571205757.png


Android App
01.png
02.png
05.png
06.png

03.png

1604679984538.png


This is the 3rd version of login example I share in this forum.

The first version I shared when I started learning B4A is just a very simple login app.
Http Login example using HttpUtils2

Later, I have shared a tutorial in Code Snippet title:
Register User example using OKHttpUtils2

Both of the samples I shared are using very simple PHP with mysql_query function. I have later updated the 2nd sample with mysqli since mysql functions are deprecated in PHP.

Recently I am thinking to update the sample project with what I have learned in this few years. I have seen some members here are still using mysqli but I want to introduce the use of PDO in PHP. The sample I shared here is just intended for learning purpose. Anyone are welcome to extend it to become a production ready and more powerful app. For example, In my real app, I have a function to upload profile photo. I remove the feature to leave it to members here to find out how to do it. The answer is in this forum and the Internet.

In my previous code snippet, I use 6 digit security code but in this latest version, I have used a 32 characters MD5 string for the code in email confirmation.

The PHP app I share here is a cut down version of PHP backend I use in production. It is based on MVC concept where it provides a web application front-end and includes php session and some other security. I think I don't need to share much on the "View" part of the MVC. I just modified it to become the "API" to consume by the B4A app. However, I use the View part to show a documentation on how to use the API as you can see in the screenshots. For the "Model" part, I only include "User" and "Password". It is easy to extend to more models. For example, I could have add "Driver" and "Order" model for the e-hailing app or "Student" and "Courses" models to my e-learning app.
 
Last edited:

Biswajit

Active Member
Licensed User
Longtime User
it is just an example to guide:

you

3.Send that token to the APP. (token + token-expire)

// THEN CHECK FOR THE EXPIRY ON REQUEST
if ($_SESSION['token']==$_POST['token']) {
if (time() >= $_SESSION['token-expire']) {

Note:
By having the sessions in tables, you will have many accesses every time the token verification is sent.
I understood. What if I want my users to be able to stay logged in
  1. for 1 week or more?
  2. even after a server reboot?
  3. even after a server migration?
Its always better to implement a scalable system.
 

aeric

Expert
Licensed User
Longtime User
I am not sure it is a good practice or not but I actually save user login email and password inside the app SQLite db. Of course I have encrypted it first. Apps like WhatsApp will not request for login again once user login once.
 

Biswajit

Active Member
Licensed User
Longtime User
If your bank App leaves it inactive for a while and uses it again, it does not ask for your access credentials again because the token has expired.
I understood your point of view. But not all types of apps use the same technique eg. facebook, instagram. I asked you what if I want to create an app like those. Not like a banking app. Even this forum has an option to stay logged in.
 
Last edited:

Biswajit

Active Member
Licensed User
Longtime User
I am not sure it is a good practice or not but I actually save user login email and password inside the app SQLite db. Of course I have encrypted it first. Apps like WhatsApp will not request for login again once user login once.
Dont store the password. Store the access token instead.
 

cambopad

Active Member
Licensed User
Longtime User
Very Nice.
That's what I'm also developing right now, only I don't want to use PHP, but everything with B4J.
Security plays a big role.
Can you share a tutorial about that? I would also like to use B4J as a backend like in this tutorial but have no idea where to start!
 

Alexander Stolte

Expert
Licensed User
Longtime User
Can you share a tutorial about that? I would also like to use B4J as a backend like in this tutorial but have no idea where to start!
i am still very far in the beginning with it and now that the others have described their techniques, i know at least in which direction i should go. Since I always want to have a VPS in the background, I do this with jRDC2 and jServer.
[Bad english?]

Thanks to the others!
 

aeric

Expert
Licensed User
Longtime User
Can you share a tutorial about that? I would also like to use B4J as a backend like in this tutorial but have no idea where to start!
Actually this is not a tutorial but just a source code sharing. I didn't include any step by step on how to set this system up but it is simple if you have little experience with PHP local development or shared hosting. This is intended for beginner who doesn't want to use any PHP framework or NoSQL backend. If anyone is facing any issue, you are welcome to ask. There are many experts here are willing to help besides me. I thought to share this for beginners and to my surprise I get a lot of expert feedback and advice. I think this is good to improve the system and for all members to learn to do things better.

As for B4J backend, I think JRDC2 is good to go. Maybe not much example has been shared so far and I don't see much question about it. If you have any question, you can create a new thread and post your question. Cheers! ;)
 

TILogistic

Expert
Licensed User
Longtime User
i am still very far in the beginning with it and now that the others have described their techniques, i know at least in which direction i should go. Since I always want to have a VPS in the background, I do this with jRDC2 and jServer.
[Bad english?]

Thanks to the others!

Very good.

B4J backend jRDC2 and jServer.

It is in the URI of the request.

That is the way !!

Add a post and we will help you.

Regards,
 
Last edited:

aeric

Expert
Licensed User
Longtime User
It is in the URI of the request.
I almost get what I need to recreate my PHP API to JRDC2 using B4J. Now I have one problem that is the pretty URL. I have no problem if I follow Erel's tutorial but what I understand and able to create is URL with only 1 level of handler. eg. http://api.computerise.my/user (I can have a handler name "user")
B4X:
srvr.AddHandler("/user", "UserHandler", False)

Now I am exploring how to pass multiple level URL/path like https://api.computerise.my/user/view/1 to the request and split it into my model, method and optional id.
 

TILogistic

Expert
Licensed User
Longtime User
I almost get what I need to recreate my PHP API to JRDC2 using B4J. Now I have one problem that is the pretty URL. I have no problem if I follow Erel's tutorial but what I understand and able to create is URL with only 1 level of handler. eg. http://api.computerise.my/user (I can have a handler name "user")
B4X:
srvr.AddHandler("/user", "UserHandler", False)

Now I am exploring how to pass multiple level URL/path like https://api.computerise.my/user/view/1 to the request and split it into my model, method and optional id.

Tips.

See parameter ServletRequest

Parse the URI

B4X:
Sub Handle(req As ServletRequest, resp As ServletResponse)
    req.FullRequestURI
    req.Method
    req.RequestURI
 
Last edited:

TILogistic

Expert
Licensed User
Longtime User
See parameter ServletRequest

Parse the URI

B4X:
Sub Handle(req As ServletRequest, resp As ServletResponse)
    req.FullRequestURI
    req.Method
    req.RequestURI

B4X:
srvr.AddHandler("/user/connect ", "connectHandler", False) 'not parameter (req.Method = GET)

srvr.AddHandler("/user/register ", "registerHandler", False)' yes parameter (req.Method = POST)

SEE EXAMPLE:

 
Last edited:

aeric

Expert
Licensed User
Longtime User
See parameter ServletRequest

Parse the URI

B4X:
Sub Handle(req As ServletRequest, resp As ServletResponse)
    req.FullRequestURI
    req.Method
    req.RequestURI

B4X:
srvr.AddHandler("/user/connect ", "connectHandler", False) 'not parameter (req.Method = GET)

srvr.AddHandler("/user/register ", "registerHandler", False)' yes parameter (req.Method = POST)

SEE EXAMPLE:

Ok, I will check on ServletRequest to see what I can do.

If possible, what I want to achieve is using single handler class for one model like UserHandler to manage all related methods. This will make it more organize instead of creating more handler classes.
 

OliverA

Expert
Licensed User
Longtime User
UserHandler to manage all related methods
The management can be es simple as doing a SubExists on the method that you extract from the URL. Then you'll decide how to handle the parameters for the method. For no parameter methods or single parameter methods you can just use CallSub or CallSub2 respectively. For methods with more parameters you can pass the parameters as a list/map using CallSub3. Or you just have all methods accept a list/map and just use CallSub3. This is how ABMaterial does it with it's Page_ParseEvent method (except that method draws it's information from the WebSocket information instead of the URL).
 

aeric

Expert
Licensed User
Longtime User
The management can be es simple as doing a SubExists on the method that you extract from the URL. Then you'll decide how to handle the parameters for the method. For no parameter methods or single parameter methods you can just use CallSub or CallSub2 respectively. For methods with more parameters you can pass the parameters as a list/map using CallSub3. Or you just have all methods accept a list/map and just use CallSub3. This is how ABMaterial does it with it's Page_ParseEvent method (except that method draws it's information from the WebSocket information instead of the URL).
I am not expert on this and not really get it. I will try to digest, especially the first and the last sentences.
 

TILogistic

Expert
Licensed User
Longtime User
The management can be es simple as doing a SubExists on the method that you extract from the URL. Then you'll decide how to handle the parameters for the method. For no parameter methods or single parameter methods you can just use CallSub or CallSub2 respectively. For methods with more parameters you can pass the parameters as a list/map using CallSub3. Or you just have all methods accept a list/map and just use CallSub3. This is how ABMaterial does it with it's Page_ParseEvent method (except that method draws it's information from the WebSocket information instead of the URL).

tips see:

srvr.AddXXXXXXX (filter, Handler, etc)

Question:

BaseURL/Method/Parameter1/parameter2/..

If you pass the parameters through a list or map.

Would I lose the pretty url?

or would have to;

Parse the URI in ServletRequest ?
 
Top