Share My Creation (PHP/MySQL/API) User Login App

Web API


1589568374217.png


1589571389800.png
1589571205757.png


Android App
01.png
02.png
05.png
06.png


03.png
1604679984538.png


This is the 3rd version of login example I share in this forum.

The first version I shared when I started learning B4A is just a very simple login app.
Http Login example using HttpUtils2

Later, I have shared a tutorial in Code Snippet title:
Register User example using OKHttpUtils2

Both of the samples I shared are using very simple PHP with mysql_query function. I have later updated the 2nd sample with mysqli since mysql functions are deprecated in PHP.

Recently I am thinking to update the sample project with what I have learned in this few years. I have seen some members here are still using mysqli but I want to introduce the use of PDO in PHP. The sample I shared here is just intended for learning purpose. Anyone are welcome to extend it to become a production ready and more powerful app. For example, In my real app, I have a function to upload profile photo. I remove the feature to leave it to members here to find out how to do it. The answer is in this forum and the Internet.

In my previous code snippet, I use 6 digit security code but in this latest version, I have used a 32 characters MD5 string for the code in email confirmation.

The PHP app I share here is a cut down version of PHP backend I use in production. It is based on MVC concept where it provides a web application front-end and includes php session and some other security. I think I don't need to share much on the "View" part of the MVC. I just modified it to become the "API" to consume by the B4A app. However, I use the View part to show a documentation on how to use the API as you can see in the screenshots. For the "Model" part, I only include "User" and "Password". It is easy to extend to more models. For example, I could have add "Driver" and "Order" model for the e-hailing app or "Student" and "Courses" models to my e-learning app.
 
Last edited:

aeric

Expert
Licensed User
Longtime User
B4A User Login App (App.zip)
Note: In Starter module, under Process_Globals, you can change the values to your own values.
B4X:
    'Dim strURL As String = "http://172.20.10.6:8000/api/"                         ' Local / Development (Hotspot)
    Dim strURL As String= "https://api.computerise.my/"                            ' Remote / Production
    Dim DEMO_EMAIL As String = "myemail@gmail.com"
    Dim DEMO_PASSWORD As String = "mydemopass"
    Dim DEV As Boolean = True

PHP Web API (api.zip)
SQL script to create the database is included in the zip file.
Note: In my shared hosting, I need to rename folders in views to start with capital letter. Example: wwwroot/api/views/Home.

1589711620087.png
 

Attachments

  • api.zip
    451.6 KB · Views: 2,084
  • App.zip
    50.1 KB · Views: 1,897
Last edited:

Alexander Stolte

Expert
Licensed User
Longtime User
I am also thinking to use B4J to build the backend after this. If you can share your creation then it would be great.
so far i only have the front end and a database concept.
I'm currently learning how to store passwords securely in the database and how to use an Auth-Token system, so that a logon will expire and you need a new token via user data.
 

TILogistic

Expert
Licensed User
Longtime User
https://api.computerise.my/user/getapikey

Result:

[{"result":-1,"message":"Error-No-Value"}]

B4X:
Dim parser As JSONParser
parser.Initialize(<text>)
Dim root As List = parser.NextArray
For Each colroot As Map In root
    Dim result As Int = colroot.Get("result")
    Dim message As String = colroot.Get("message")
Next

this should be the result ??

{"result":-1,"message":"Error-No-Value"}

B4X:
Dim parser As JSONParser
parser.Initialize(<text>)
Dim root As Map = parser.NextObject
Dim result As Int = root.Get("result")
Dim message As String = root.Get("message")
 

Alexander Stolte

Expert
Licensed User
Longtime User
I used password hashing, random salt, security code and api key.
And on the client side?
In the app the password should first be hashed + salt, then sent to the api and then hashed + salt again. I found an interesting article here that I looked at at the beginning of the week.

security code
You mean the e-mail confirmation?

I find the topic very exciting, as it is the one that worries me the most. :)
 

TILogistic

Expert
Licensed User
Longtime User
Very Good

And on the client side?
In the app the password should first be hashed + salt, then sent to the api and then hashed + salt again. I found an interesting article here that I looked at at the beginning of the week.

Other tips:

Custom Token and Protect (Password, Data the send Api)



Search google:


Note:
All programming language is good, it is only the logic of the programmer that makes it powerful.
 

aeric

Expert
Licensed User
Longtime User
https://api.computerise.my/user/getapikey

Result:

[{"result":-1,"message":"Error-No-Value"}]

B4X:
Dim parser As JSONParser
parser.Initialize(<text>)
Dim root As List = parser.NextArray
For Each colroot As Map In root
    Dim result As Int = colroot.Get("result")
    Dim message As String = colroot.Get("message")
Next

this should be the result ??

{"result":-1,"message":"Error-No-Value"}

B4X:
Dim parser As JSONParser
parser.Initialize(<text>)
Dim root As Map = parser.NextObject
Dim result As Int = root.Get("result")
Dim message As String = root.Get("message")
The reason of result is a list instead of map is because based on my previous experience, in some scenarios I want a list. So I make the result return a list as default for all scenario. If a scenario where empty result is return then I will get a pair of square brackets.
 

aeric

Expert
Licensed User
Longtime User
Just checking, are we meant to interpret these two sentences as you saying that PHP is less secure that B4J? :)
My opinion is PHP and B4X can be same as powerful in term of security which depend on how the developer implement it. One reason I use PHP is I don’t need to own a VPS to demo this project.
 
Top