php android login

1. //index.php
2. <?php
3.  
4. if (isset($_POST['tag']) && $_POST['tag'] != '') {
5.     $tag = $_POST['tag'];
6.     require_once 'include/DB_Functions.php';
7.     $db = new DB_Functions();
8.     $response = array("tag" => $tag, "error" => FALSE);
9.     if ($tag == 'login') {
10.         $email = $_POST['email'];
11.         $password = $_POST['password'];
12.  
13.         $user = $db->getUserByEmailAndPassword($email, $password);
14.         if ($user != false) {
15.             $response["error"] = FALSE;
16.             $response["uid"] = $user["unique_id"];
17.             $response["user"]["name"] = $user["name"];
18.             $response["user"]["email"] = $user["email"];
19.             $response["user"]["created_at"] = $user["created_at"];
20.             $response["user"]["updated_at"] = $user["updated_at"];
21.             echo json_encode($response);
22.         } else {
23.             $response["error"] = TRUE;
24.             $response["error_msg"] = "Incorrect email or password!";
25.             echo json_encode($response);
26.         }
27.     } else if ($tag == 'register') {
28.         $name = $_POST['name'];
29.         $email = $_POST['email'];
30.         $password = $_POST['password'];
31.  
32.         if ($db->isUserExisted($email)) {
33.            $response["error"] = TRUE;
34.             $response["error_msg"] = "User already existed";
35.             echo json_encode($response);
36.         } else {
37.             $user = $db->storeUser($name, $email, $password);
38.             if ($user) {
39.                 $response["error"] = FALSE;
40.                 $response["uid"] = $user["unique_id"];
41.                 $response["user"]["name"] = $user["name"];
42.                 $response["user"]["email"] = $user["email"];
43.                 $response["user"]["created_at"] = $user["created_at"];
44.                 $response["user"]["updated_at"] = $user["updated_at"];
45.                 echo json_encode($response);
46.             } else {
47.                 $response["error"] = TRUE;
48.                 $response["error_msg"] = "Error occured in Registartion";
49.                 echo json_encode($response);
50.             }
51.         }
52.     } else {
53.         $response["error"] = TRUE;
54.         $response["error_msg"] = "Unknow 'tag' value. It should be either 'login' or 'register'";
55.         echo json_encode($response);
56.     }
57. } else {
58.     $response["error"] = TRUE;
59.     $response["error_msg"] = "Required parameter 'tag' is missing!";
60.     echo json_encode($response);
61. }
62. ?>
63.  
64.  
65. 2) Config.php
66. <?php
67. define("DB_HOST", "localhost");
68. define("DB_USER", "root");
69. define("DB_PASSWORD", "toor");
70. define("DB_DATABASE", "android_api");
71. ?>
72.  
73. 3)DB_Connect.php
74. <?php
75. class DB_Connect {
76.     function __construct() {        
77.     }
78. function __destruct() {
79.     }
80.     public function connect() {
81.         require_once 'include/Config.php';
82.         $con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die(mysql_error());
83.         mysql_select_db(DB_DATABASE) or die(mysql_error());
84.  
85.         return $con;
86.     }
87.     public function close() {
88.         mysql_close();
89.     }
90. }
91. ?>
92.  
93. 4)DB_Functions.php
94. <?php
95.  
96. class DB_Functions {
97.  
98.     private $db;
99.  
100.     function __construct() {
101.         require_once 'DB_Connect.php';
102.         $this->db = new DB_Connect();
103.         $this->db->connect();
104.     }
105.  
106.     function __destruct() {
107.        
108.     }
109.  
110.     public function storeUser($name, $email, $password) {
111.         $uuid = uniqid('', true);
112.         $hash = $this->hashSSHA($password);
113.         $encrypted_password = $hash["encrypted"];
114.         $salt = $hash["salt"];
115.         $result = mysql_query("INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())");
116.         if ($result) {
117.             $uid = mysql_insert_id();
118.             $result = mysql_query("SELECT * FROM users WHERE uid = $uid");
119.             return mysql_fetch_array($result);
120.         } else {
121.             return false;
122.         }
123.     }
124.  
125.     public function getUserByEmailAndPassword($email, $password) {
126.         $result = mysql_query("SELECT * FROM users WHERE email = '$email'") or die(mysql_error());
127.         $no_of_rows = mysql_num_rows($result);
128.         if ($no_of_rows > 0) {
129.             $result = mysql_fetch_array($result);
130.             $salt = $result['salt'];
131.             $encrypted_password = $result['encrypted_password'];
132.             $hash = $this->checkhashSSHA($salt, $password);
133.             if ($encrypted_password == $hash) {
134.                 return $result;
135.             }
136.         } else {
137.             return false;
138.         }
139.     }
140.     public function isUserExisted($email) {
141.         $result = mysql_query("SELECT email from users WHERE email = '$email'");
142.         $no_of_rows = mysql_num_rows($result);
143.         if ($no_of_rows > 0) {
144.             return true;
145.         } else {
146.             return false;
147.         }
148.     }
149.     public function hashSSHA($password) {
150.         $salt = sha1(rand());
151.         $salt = substr($salt, 0, 10);
152.         $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
153.         $hash = array("salt" => $salt, "encrypted" => $encrypted);
154.         return $hash;
155.     }
156.     public function checkhashSSHA($salt, $password) {
157.         $hash = base64_encode(sha1($password . $salt, true) . $salt);
158.         return $hash;
159.     }
160. }
161. ?>