Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Software Development
Programming
Programming Q&A
PHP - Need API w/ Authentication
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="JayC" data-source="post: 465964" data-attributes="member: 36373"><p>To answer your points on the code:</p><p></p><p><strong>First - </strong></p><p>- The API is a JQuery Request, and in the code, above I was using Digest PHP Authentication, which I realize now is not easy to implement since you have to return a response, then reply again to gain access. So I am going to use basic authentication so now my code is the following:</p><p>[CODE]<?php</p><p> $realm = 'API';</p><p> </p><p> $admins = array('REDACTEDUSER' => 'REDACTEDPASS', 'USER2' => 'PASS2');</p><p></p><p> if (empty($_SERVER['PHP_AUTH_USER'])) {</p><p> header('HTTP/1.1 401 Unauthorized');</p><p> header('WWW-Authenticate: Basic realm="'.$realm.'"');</p><p> print "Sorry, you are not authorized to access this area";</p><p> exit;</p><p> }</p><p> </p><p> // Check Login Credentials</p><p> if (!isset($admins[$_SERVER['PHP_AUTH_USER']]))</p><p> {</p><p> header('HTTP/1.1 401 Unauthorized');</p><p> header('WWW-Authenticate: Basic realm="'.$realm.'"');</p><p> print "Sorry, you are not authorized to access this area";</p><p> exit;</p><p> }</p><p> </p><p> if($admins[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']){</p><p> header('HTTP/1.1 401 Unauthorized');</p><p> header('WWW-Authenticate: Basic realm="'.$realm.'"');</p><p> print "Sorry, you are not authorized to access this area";</p><p> exit;</p><p> }</p><p>?>[/CODE]</p><p></p><p>This works and prints the message if it fails to authenticate.</p><p>[ATTACH=full]11741[/ATTACH]</p><p></p><p></p><p><strong>In response to the second and third suggestion - </strong></p><p>- I will update all returns so it will have the following consistency:</p><p></p><p>[Array]</p><p>"data" --> Returned Array/Data</p><p>"message" --> Returned Response</p><p></p><p>I will set "data" to be blank if it fails, with the message being unable to authorize, or whatever the issue is.</p><p></p><p>I will look into those API elements, but I would honestly rather re-invent the wheel for this project. Let me explain why -</p><p></p><p>By utilizing these services, I will not have as good of an understanding of how the base level works. With me creating my own Api and handling everything from authentication, to organization, to even routing, I am going to take a lot more away from this. In the future I will be able to use these services, to make programming these apis faster and not having to do it all myself again. The take-away will be more valuable the first time around, in my opinion.</p><p>[automerge]1607819198[/automerge]</p><p>Update -</p><p></p><p>I can get data from the page using PostMan but I am unable to return data using Ajax.</p><p></p><p>Could someone tell me what I am doing wrong here:</p><p></p><p>[CODE]var username = 'User';</p><p>var password = 'Pass';</p><p>var url = 'http://localhost/app/api/api.php?type=GET&action=phone_exists&phone=5555555555'</p><p>var postData = {</p><p>"type" : 'GET',</p><p>"action" : 'phone_exists',</p><p>"phone" : input.value,</p><p>};</p><p></p><p>$.ajax({</p><p>url: url,</p><p>type: 'GET',</p><p>dataType: 'json',</p><p>data: postData,</p><p>contentType: 'application/json',</p><p>beforeSend: function(xhr) {</p><p>xhr.setRequestHeader("Authorization", "Basic "+btoa(username+':'+password));</p><p>},</p><p>success: function(json){</p><p>alert(json);</p><p>},</p><p>error: function(xhr, status, error) {</p><p>var err = eval("(" + xhr.responseText + ")");</p><p>alert(err.Message);</p><p>return true;</p><p>}</p><p>});[/CODE]</p><p></p><p>[ATTACH=full]11743[/ATTACH]</p></blockquote><p></p>
[QUOTE="JayC, post: 465964, member: 36373"] To answer your points on the code: [B]First - [/B] - The API is a JQuery Request, and in the code, above I was using Digest PHP Authentication, which I realize now is not easy to implement since you have to return a response, then reply again to gain access. So I am going to use basic authentication so now my code is the following: [CODE]<?php $realm = 'API'; $admins = array('REDACTEDUSER' => 'REDACTEDPASS', 'USER2' => 'PASS2'); if (empty($_SERVER['PHP_AUTH_USER'])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="'.$realm.'"'); print "Sorry, you are not authorized to access this area"; exit; } // Check Login Credentials if (!isset($admins[$_SERVER['PHP_AUTH_USER']])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="'.$realm.'"'); print "Sorry, you are not authorized to access this area"; exit; } if($admins[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']){ header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="'.$realm.'"'); print "Sorry, you are not authorized to access this area"; exit; } ?>[/CODE] This works and prints the message if it fails to authenticate. [ATTACH type="full" alt="1607796096507.png"]11741[/ATTACH] [B]In response to the second and third suggestion - [/B] - I will update all returns so it will have the following consistency: [Array] "data" --> Returned Array/Data "message" --> Returned Response I will set "data" to be blank if it fails, with the message being unable to authorize, or whatever the issue is. I will look into those API elements, but I would honestly rather re-invent the wheel for this project. Let me explain why - By utilizing these services, I will not have as good of an understanding of how the base level works. With me creating my own Api and handling everything from authentication, to organization, to even routing, I am going to take a lot more away from this. In the future I will be able to use these services, to make programming these apis faster and not having to do it all myself again. The take-away will be more valuable the first time around, in my opinion. [automerge]1607819198[/automerge] Update - I can get data from the page using PostMan but I am unable to return data using Ajax. Could someone tell me what I am doing wrong here: [CODE]var username = 'User'; var password = 'Pass'; var url = 'http://localhost/app/api/api.php?type=GET&action=phone_exists&phone=5555555555' var postData = { "type" : 'GET', "action" : 'phone_exists', "phone" : input.value, }; $.ajax({ url: url, type: 'GET', dataType: 'json', data: postData, contentType: 'application/json', beforeSend: function(xhr) { xhr.setRequestHeader("Authorization", "Basic "+btoa(username+':'+password)); }, success: function(json){ alert(json); }, error: function(xhr, status, error) { var err = eval("(" + xhr.responseText + ")"); alert(err.Message); return true; } });[/CODE] [ATTACH type="full"]11743[/ATTACH] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Software Development
Programming
Programming Q&A
PHP - Need API w/ Authentication
Top