Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- This login.php script was inspired by https://www.w3schools.com/php/php_mysql_connect.asp
- */
- //Define and initialize variables to connect to database server
- $servername = "localhost";
- $username = "id1148117_xirokx";
- $password = "project";
- $dbName = "id1148117_login";
- //Create database connection
- $con = mysqli_connect($servername, $username, $password, $dbName);
- //check connection - If database connection unsuccessful display error = connection failed
- if ($con->connect_error) {
- die("Connection failed: " . $con->connect_error);
- }
- //check username and password form values are not empty and send (POST) them to database server to verify they exist.
- if(isset($_POST["username"]) && isset($_POST["password"])) {
- $username = $_POST["username"];
- $password = $_POST["password"];
- //using a prepared sql statement to minimise the risk of SQL injection attack
- //a prepared SQL "SELECT" query template is used to be executed on my database table
- //this query is executed on the "user" table and requests all the users details which match the
- //the username and password provided by the user in the android application.
- $statement = mysqli_prepare($con, "SELECT user_id,name,username,age,password FROM user WHERE username = ? AND password = ?");
- //attaches ("bind's") my form variables to my SQL query
- //"ss" defines the data types for both my variables - username and password are both Strings hence "ss"
- mysqli_stmt_bind_param($statement, "ss", $username, $password);
- //runs the SQL query on my database table
- mysqli_stmt_execute($statement);
- //stores the result of my prepared SQL query to a variable
- mysqli_stmt_store_result($statement);
- //defines each variable to attach the returned result of my prepared SQL SELECT query
- mysqli_stmt_bind_result($statement, $user_id, $name, $username, $age, $password);
- //creates an array to store results of the prepared SQL query
- $response = array();
- //initialises the value of "success" variable to false
- $response["success"] = false;
- //the SELECT SQL query above returns the values from the database table for that user and stores them in pre-defined variables
- //a while loop is used here to iterate through the returned result set of my above prepared SELECT SQL query
- //these returned values are stored in my array, called "response" and then sent back to my android application to use as required.
- while(mysqli_stmt_fetch($statement)){
- //return true because the SQL query successfully returned data
- $response["success"] = true;
- //the user id returned from the SQL query
- $response["user_id"] = $user_id;
- //the name returned from the SQL query
- $response["name"] = $name;
- //the username returned from the SQL query
- $response["username"] = $username;
- //the age returned from the SQL query
- $response["age"] = $age;
- //the password returned from the SQL query
- $response["password"] = $password;
- }
- //translates Php response into JSON Object so my mobile application can work
- //with the returned String and continue with processing.
- echo json_encode($response);
- }
- //if user did not provide values on my login form then return this error
- else {
- echo json_encode ("user input error: the user failed to provide a username and password,
- please provide these details and retry logging into account");
- }
- //Close database connection to service further db requests and avoid application from slowing down
- $conn->close();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement