Geek Answers Handbook

Connecting, authorizing and receiving data for a web application using PHP

Any help / advice / direction would be appreciated. Try to carry me, even if this question is not specific.

I am working on a web application that will connect to an existing commercial cloud calendar that will have graphs for a specific event.

I will have an authorization button that asks users to enter their credentials for this cloud calendar. When users successfully enter their credentials, I want my application to connect to the cloud application database and retrieve the necessary data.

The stream will look like

Users β†’ Click Authorization β†’ Enter credentials β†’ Connect to the system β†’ Get the necessary data β†’ Update it in my web application.

I am going to draw a space because I do not find useful resources in how to access a separate application and get data. I know that I need to create some kind of API to communicate with this system, but I don’t know exactly HOW.

Sorry if I don't understand the point, but I really need help here. Are there libraries that provide similar functionality? How do i get started? I use PHP as a server language.

+7
php authorization credentials connection
source share
4 answers

  • On Click Button β†’ Redirect to Login Form

  • Registration form β†’ User enters credentials β†’ Send form

  • On the corresponding action page, i.e. on the page where you post the data, you will have a username / email address and password

  • You need to authenticate. Now for authentication, you can’t have direct access to another server database (the cloud database directly), so you need to call the API of the corresponding cloud database database for which you want to authenticate. For this call, you can use a CURL call with POST parameters or any necessary HTTP request, for example GET, POST, PUT, DELETE, PATCH. Make sure you use the TOKEN-based API. Even you can make any secure API calls in accordance with the cloud-based database design for security.

BONUS: So what is a token-based API? Whenever you request an API call for a cross server, i.e. on other servers, make sure you can send some random text along with other parameters. The server, on the other hand, that received your request, do not forget to check this token from the corresponding database table to make sure that you are a valid user and allow you to perform the necessary actions, such as obtaining information about the client, receiving information about the product, etc. ..

  1. The authentication API returns AUTHENTICATED data. Based on this, you can continue to perform actions.

  2. If authentication fails, you can program an error message for invalid credentials for the user.

  3. If its success, you will be granted access, and now you can enter data into your database.

  4. To read data from another database table, since you do not have the required permission, you cannot directly access it. Make an API call to the corresponding function to get all the necessary data, be it GET, POST, PUT, DELETE, PATCH.

  5. Now think that you want to get all the data in the CUSTOMER table, then you will need to make a GET API request that returns JSON data.

  6. Now you have what you want to do with this data. If you want to save this in your database table or play with it on the fly.

To learn how to write an API

For example:

NOTE. I haven't added a security check yet, make sure you work the same

Think that by executing a GET request to get customer information, you can do the following:

API URL: http://127.0.0.1/project/getCustomers.php?token=2fdsd5f42314sfd85sds REQUEST METHOD: GET

getCustomers.php

<?php include_once 'dbConnect.php'; //I am having $link as database link //Only !isset will also work $errors = []; if(empty($_GET['token']) || !isset($_GET['token'])){ $errors[] = 'Token not found!'; }else{ $token = $_GET['token']; } //tokens table will have (id, user_id, token) coloumns $tokenQuery = mysqli_connect($link, "SELECT * FROM tokens WHERE token = '$token' LIMIT 1"); //If I get any result with the respective token if(mysqli_num_rows($tokenQuery) > 0){ $tokenDetails = mysqli_fetch_assoc($tokenQuery); $userId = $tokenDetails['user_id']; /* Now you can check whether the user has Authorization to access the particular module */ $isUserAuthorized = checkUserAuthorizationModule($userId); //Please help your self to do this all checks if($isUserAuthorized === TRUE){ $customersQuery = mysqli_query($link, "SELECT * FROM customers"); $customersDetails = []; if(mysqli_num_rows($customersQuery) > 0){ while($row = mysqli_fetch_assoc($customersQuery)){ $customersDetails[] = $row; } } return json_encode([ 'customerDetails' => $customersDetails ]); } }else{ $errors[] = 'Token is not valid'; } return json_encode([ 'errors' => $errors ]);
+1
source share

To a large extent depends on the available platform resources. But if it has PHP, you can implement RESTFUL services that exchange data using JSON as a response from Hanaver Hakari, except that maybe you will not take data from mySQL, but the flow and technologies and protocol are as follows: (RESTFULL services, data transmitted by JSON type, because it can be used in a variety of programming languages).

+2
source share

It really depends on how you like the cloud calendar.

Can you tell us what this service is?

For example, if it supports OAuth, which may be a way to register your application with a service for that user, and then allow your application to update data in your account. For example, Facebook works when it asks your third-party website for permission to view your contacts and create messages on the wall, etc. This is almost the deactom standard on the Internet these days for your use case.

Alternatively, this could be the case, as you said, capturing their credentials and storing them, and then connecting to the REST API calendar with these credentials and making updates. I would say that this is a bad approach from a security point of view. No user should give their authority to a third party and trust them. It is a bad idea. This is one of the reasons OAuth exists.

If you are creating a small application for a small company for internal use, then there may only be a second approach. I will leave it to you to decide.

+2
source share

There's one way you could do this ...

I am going to become a creator here:

  • Delete the API endpoint on your server, set "username" and "password".

  • Save the username and password in a TXT file on this server. The txt file name is the 'now' timestamp

  • On the same server, run the USER INTERFACE command chain, something like this (using a library such as xdotool):

    • move your mouse over the mozilla icon on the desktop,
    • double click on mozilla,
    • move the mouse pointer to the address bar,
    • go to the calendar site
    • move the mouse
    • write the username that you received from the user,
    • ,
    • write the password received from the user,
    • press enter
    • move the mouse to load the calendar in csv (or you can choose, and ctrl-c copy),
    • using the mouse, save the file in the public html-directory of the server (name it the same as you called the txt file there).

  • constantly check the webapp client file for this .txt file with calendar information. Once the information has been extracted, display it on the screen.

Voila.

+1
source share

More articles:


All Articles