php


Secure API for php functions


I am creating an API for my php functions, so they can be accessed by mobile apps. Each function can be fired up by a specific url where the parameters are also give with this url.
example of a function in my API:
<?php
$function = $_GET['function'];
if($function == "login"){
$userName = $_GET['username'];
$saltedPass = $_GET['pass'];
//login query
//return true or false
}
?>
The idea is to fire up this function by a mobile app with a HTTPrequest:
$check = HTTPrequest('www.domain.com/functions.php?function=login&username=mike&pass=343iubgfdg34tJHVvr23').read();
if($check == true){
//login
}
else{
//wrong username or pass
}
But this also means that everyone who knows these specific urls can fire up my functions. How do I secure this the right way?
Thank you
Here is My Experience
you will need the user to login (at least)
then you stored userid /user email on mobile (browser) or local storage
During the Login , the correspond password for this user will be calculated and send back from the login user
For example : the user id is abc , using SSL AES128 Encrypthe you will get a long string like ADEXCEFEF0843495340
you put them both user id and the password all together in an array then base64 them,
when sending out to the url , only a base64 token will be send out , I gust it just confuse enough for the beginner to getout how you get it done.
The best way to secure your API's is OAuth2. It's what Google, Facebook, and Twitter to use in order to authenticate first and third party clients such as the webisites and mobile apps. It's a bit complex, but if you can take the time to go through an OAuth2 Server tutorial, you'll thank yourself later on! Have a look here http://bshaffer.github.io/oauth2-server-php-docs/

Related Links

override filter in laravel 4
laravel 4 override Auth::user() for all auth drivers
Localhost not updating files?
CakePHP XmlView with stylesheet (XSL)
Caching large arrays
Creating an outbound conference call in Twilio, I get this error Fatal error: Call to undefined method Services_Twilio::request(). Why?
jTable jQuery plugin why is my MySQL stored procedure failing?
#1452 - Cannot add or update a child row, REFERENCES `eav_attribute`
How to print array value into non array value using php
Mysqli/PHP log-in code fault [duplicate]
How can I get Ogone payment transaction feedback through POST variables
Parse error: syntax error, unexpected '$Lieferadres' (T_VARIABLE), unlogischer Parseerror [closed]
CodeIgniter Search engine not working correct - Get ONLY published posts
Google App Engine Launcher throws ascii codec error when deploying image file
can not find the save action when magento submit a form
Track user through Google Universal Analytics

Categories

HOME
jboss
mc
dotnetnuke
barcode-scanner
redmine
subdomain
tcsh
autocomplete
tfs2015
ipv6
azure-mobile-services
reportviewer
siesta
business-intelligence
freertos
android-contacts
el
backtracking
altium-designer
quantitative-finance
raima
sap-lumira
laravel-4.2
tsung
audit
locks
tightvnc
argv
om-next
db2-luw
flipkart
minikube
elasticsearch-aggregation
fluid-mac-app-engine
autorelease
webalizer
tinyioc
password-hash
ilrepack
sequence-diagram
scala-collections
stateless-session-bean
network-protocols
rcharts
kendo-treeview
google-shopping-api
cefpython
s-function
livereload
nsrunloop
dmarc
always-on-top
jenkins-workflow
dojo-build
ajaxmin
noclassdeffounderror
bayesglm
html.actionlink
arbre
opencyc
asp.net-web-api-helppages
green-threads
erlog
clarion
ocmockito
google-hangouts
lifetime
dmake
windows-rt
lmax
nidaqmx
category-theory
mfmessagecomposeview
fileshare
spring-social-linkedin
smips
strcmp
progress-db
notifyjs
objective-c-runtime
flv
unicoins
oscilloscope
semicolon
reentrancy
cmath
ntlmv2
jsplitpane
zend-pdf
stretch
clrprofiler
workflow-manager-1.x
getopt-long
n-queens
rtd
aptitude
aggregator
3-tier
html-components
inversion
index.dat
objectinstantiation
activex-exe
parentid

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App