Share My Creation User Login + MySQL PHP API

Web API

Updates:
For B4J API Server and cross platform client apps,
please check [B4X] User Login App + [B4J] MySQL API Server (Key + Token)
https://www.b4x.com/android/forum/threads/b4x-user-login-app-b4j-mysql-api-server-key-token.126081/

1589568374217.png

1589571389800.png

1589571205757.png


Android App
01.png
02.png
05.png
06.png

03.png

1604679984538.png


This is the 3rd version of login example I share in this forum.

The first version I shared when I started learning B4A is just a very simple login app.
Http Login example using HttpUtils2

Later, I have shared a tutorial in Code Snippet title:
Register User example using OKHttpUtils2

Both of the samples I shared are using very simple PHP with mysql_query function. I have later updated the 2nd sample with mysqli since mysql functions are deprecated in PHP.

Recently I am thinking to update the sample project with what I have learned in this few years. I have seen some members here are still using mysqli but I want to introduce the use of PDO in PHP. The sample I shared here is just intended for learning purpose. Anyone are welcome to extend it to become a production ready and more powerful app. For example, In my real app, I have a function to upload profile photo. I remove the feature to leave it to members here to find out how to do it. The answer is in this forum and the Internet.

In my previous code snippet, I use 6 digit security code but in this latest version, I have used a 32 characters MD5 string for the code in email confirmation.

The PHP app I share here is a cut down version of PHP backend I use in production. It is based on MVC concept where it provides a web application front-end and includes php session and some other security. I think I don't need to share much on the "View" part of the MVC. I just modified it to become the "API" to consume by the B4A app. However, I use the View part to show a documentation on how to use the API as you can see in the screenshots. For the "Model" part, I only include "User" and "Password". It is easy to extend to more models. For example, I could have add "Driver" and "Order" model for the e-hailing app or "Student" and "Courses" models to my e-learning app.
 
Last edited:

carycai

Member
Licensed User
Longtime User
Good job. I am very interesting in your web API management platform(like Swagger),what is it?
 

TILogistic

Expert
Licensed User
Longtime User
Good job. I am very interesting in your web API management platform(like Swagger),what is it?
It's excellent,

This API CLOUD flow and control platform.


For the processing of data distributed on different servers.

The bad thing is that you do not have control of the web API server (in case of availability and contingencies).
 

TILogistic

Expert
Licensed User
Longtime User

I have reviewed the BANnano Framework and use it as a guide.

As an example this:

 

aeric

Expert
Licensed User
Longtime User
Thank you sir. How can i fully implement this without a domain? i.e using apache
You can run locally using software like xampp or usbwebserver. I prefer Laragon Full with Apache.

Inside config.php, comment out the setting for PRODUCTION section and uncomment the settings for DEVELOPMENT section:
PHP:
// Define URL

// DEVELOPMENT (local server)
define("ROOT_PATH", "/api/");
define("ROOT_URL", "http://127.0.0.1:8000/api");
// define("ROOT_URL", "http://192.168.0.6:8000/api");

// PRODUCTION - using subdomain
// define("ROOT_PATH", "");
// define("ROOT_URL", "http://api.computerise.my/");

define("DEVELOPMENT", "TRUE");
 
Last edited:

luqmanhaidar

Member
Licensed User
Longtime User
What do you mean auto login? You mean keep the login session time extend longer?
yes, and when the application is closed and when it is restarted it is still logged in , I try AHPreferenceActivity lib but if password change in mysql still save session with previous password change password has no effect
 

aeric

Expert
Licensed User
Longtime User
B4J implementation (JRDC2 server) is working in progress.
The B4J API server is done now. Maybe it is not so stable but It is quite stable now. All APIs are working like in PHP server. You can use Postman to test the API too.

You can download App.zip in post #2 and what you only need to do is change the strURL in Process_Globals in Starter service and it works!
B4X:
'Dim strURL As String= "https://api.computerise.my/"        ' Remote / Production (Sharehosting/PHP)
Dim strURL As String = "https://api.puterise.com:17179/"    ' Remote / Production (VPS/B4J)

For the time being, I am not going to share the source for B4J unless with some donation. ;)
 
Last edited:

aeric

Expert
Licensed User
Longtime User
  1. Create a mysql event
    1. set that to run at every 5 minute
    2. delete all tokens older than 1day or whatever timespan you want.
  2. On every request check if the token is exist or not. If not exist inform the app to show the login screen again.

Is this okay?
SQL:
CREATE EVENT clear_user_api_key_every_hour
ON SCHEDULE EVERY 1 HOUR
STARTS CURRENT_TIMESTAMP
ENDS CURRENT_TIMESTAMP + INTERVAL 12 MONTH
ON COMPLETION PRESERVE
DO
   UPDATE tbl_users SET user_api_key = NULL
   WHERE user_last_login_at < NOW() - INTERVAL 1 HOUR;

To enable the event:
SQL:
SET GLOBAL event_scheduler = ON;
 
Last edited:

aeric

Expert
Licensed User
Longtime User
what happens if the API key is deleted and the user still works with the API?
I think need to force him to relogin.
Edit: Better to create a Token field and delete it every interval. APIKey should not be deleted.

SQL:
CREATE EVENT clear_user_token_every_hour
ON SCHEDULE EVERY 1 HOUR
STARTS CURRENT_TIMESTAMP
ENDS CURRENT_TIMESTAMP + INTERVAL 12 MONTH
ON COMPLETION PRESERVE
DO
   UPDATE tbl_users SET user_token = NULL
   WHERE user_last_login_at < NOW() - INTERVAL 1 HOUR;
 
Last edited:

Biswajit

Active Member
Licensed User
Longtime User
I think need to force him to relogin.
Edit: Better to create a Token field and delete it every interval. APIKey should not be deleted.

SQL:
CREATE EVENT clear_user_token_every_hour
ON SCHEDULE EVERY 1 HOUR
STARTS CURRENT_TIMESTAMP
ENDS CURRENT_TIMESTAMP + INTERVAL 12 MONTH
ON COMPLETION PRESERVE
DO
   UPDATE tbl_users SET user_token = NULL
   WHERE user_last_login_at < NOW() - INTERVAL 1 HOUR;

You don't have to specify the start and end time. Just the Event name, Schedule interval and the job that has to be done,
SQL:
CREATE EVENT clear_user_token_every_hour
ON SCHEDULE EVERY 1 HOUR
DO
   UPDATE tbl_users SET user_token = NULL
   WHERE user_last_login_at < NOW() - INTERVAL 1 HOUR;

SET GLOBAL event_scheduler = ON;

Check the event_scheduler status:
SHOW PROCESSLIST;
If you see something like this then its already running.
1593587821699.png

If not then run your global scheduler query.
 
Last edited:

Vimalraj S

New Member
B4A User Login App (App.zip)
Note: In Starter module, under Process_Globals, you can change the values to your own values.
B4X:
    'Dim strURL As String = "http://172.20.10.6:8000/api/"                         ' Local / Development (Hotspot)
    Dim strURL As String= "https://api.computerise.my/"                            ' Remote / Production
    Dim DEMO_EMAIL As String = "[email protected]"
    Dim DEMO_PASSWORD As String = "mydemopass"
    Dim DEV As Boolean = True

PHP Web API (api.zip)
SQL script to create the database is included in the zip file.
Note: In my shared hosting, I need to rename folders in views to start with capital letter. Example: wwwroot/api/views/Home.

View attachment 94217
Looking very nice friend, And thanks a lot for sharing ..
 
Top