All geek questions in one place

Session handling in android on server login in php

I am trying to make the session processing process in android. Here, I successfully logged in via android, and now I continue to process the registered user session. this is my login_suer.java (part of android)

package com.iwantnew.www; import java.util.ArrayList; import java.util.List; import org.apache.http.NameValuePair; import org.apache.http.message.BasicNameValuePair; import org.json.JSONException; import org.json.JSONObject; import android.app.Activity; import android.app.ProgressDialog; import android.content.Intent; import android.os.AsyncTask; import android.os.Bundle; import android.util.Log; import android.view.View; import android.widget.Button; import android.widget.EditText; import android.widget.TextView; public class login_user extends Activity{ private ProgressDialog pDialog; JSONParser jsonParser = new JSONParser(); EditText login_email; EditText login_password; Button signin; TextView error_msg; private static String url_create_signin= "http://10.0.2.2/android_iwant/login_user.php"; // JSON Node names private static final String TAG_SUCCESS = "success"; public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.user_form); // Edit Text login_email = (EditText) findViewById(R.id.login_email); login_password = (EditText) findViewById(R.id.login_password); signin = (Button) findViewById(R.id.signin); error_msg = (TextView) findViewById(R.id.error_msg); signin.setOnClickListener(new View.OnClickListener() { @Override public void onClick(View view) { // creating new product in background thread new CheckLogin().execute(); } }); } class CheckLogin extends AsyncTask<String, String, String> { /** * Before starting background thread Show Progress Dialog * */ @Override protected void onPreExecute() { super.onPreExecute(); pDialog = new ProgressDialog(login_user.this); pDialog.setMessage("Signing in.."); pDialog.setIndeterminate(false); pDialog.setCancelable(true); pDialog.show(); } /** * Creating product * */ protected String doInBackground(String... args) { //Building Parameters List<NameValuePair> params = new ArrayList<NameValuePair>(); params.add(new BasicNameValuePair("email",login_email.getText().toString())); params.add(new BasicNameValuePair("password", login_password.getText().toString())); // getting JSON Object // Note that create product url accepts POST method JSONObject json = jsonParser.makeHttpRequest(url_create_signin, "POST", params); // check log cat fro response Log.d("Create Response", json.toString()); // check for success tag try { int success = json.getInt(TAG_SUCCESS); if (success == 1) { // successfully created users Intent i = new Intent(getApplicationContext(), post_item.class); startActivity(i); // closing this screen finish(); } else { // failed to sign in error_msg.setText("Incorrect username/password"); } } catch (JSONException e) { e.printStackTrace(); } return null; } /** * After completing background task Dismiss the progress dialog * **/ protected void onPostExecute(String file_url) { // dismiss the dialog once done pDialog.dismiss(); } } }

now i need an idea to start processing the session in this java file. and the server side code below: ie login_user.php

 <?php session_start(); // array for JSON response $response = array(); if(isset($_POST['email']) && isset($_POST['password'])){ $email = $_POST['email']; $password = $_POST['password']; // include db handler require_once 'DB_Functions.php'; $db = new DB_Functions(); $user = $db->getUesrByEmailAndPassword($email, $password); if ($user != false) { // user found // echo json with success = 1 $response["success"] = 1; $response["uid"] = $user["unique_id"]; $response["user"]["name"] = $user["name"]; $response["user"]["email"] = $user["email"]; $response["user"]["created_at"] = $user["created_at"]; $response["user"]["updated_at"] = $user["updated_at"]; echo json_encode($response); } else { // user not found // echo json with error = 1 $response["error"] = 1; $response["error_msg"] = "Incorrect email or password!"; echo json_encode($response); } } ?>

the function used in this php file above is ie getUesrByEmailAndPassword ($ email, $ password) below:

 public function getUserByEmailAndPassword($email, $password) { $result = mysql_query("SELECT * FROM users WHERE email = '$email'") or die(mysql_error()); // check for result $no_of_rows = mysql_num_rows($result); if ($no_of_rows > 0) { $result = mysql_fetch_array($result); $salt = $result['salt']; $encrypted_password = $result['encrypted_password']; $hash = $this->checkhashSSHA($salt, $password); // check for password equality if ($encrypted_password == $hash) { // user authentication details are correct //return $result; session_start(); $_SESSION['clientId'] = $result[0]; $_SESSION['logged_in'] = TRUE; } } else { // user not found return false; } }

Please help me make my code work. Any help would be appreciated. Any link containing such a solution to the problem could be useful to me. Thanks!

+4
source share
1 answer

As far as I can tell, your getUserByEmailAndPassword() never returns the actual user data after a successful password check. //return $result; commented out. $user therefore null , and the client receives "Wrong email address or password!". message.

Another thing. For PHP sessions to work, the client must receive and remember its session_id and send it with each request as a GET or COOKIE parameter. Looking at your code, I do not see how the android gets session_id. See: http://www.php.net/manual/en/session.idpassing.php

By the way, using unescaped $email in your SQL query directly from POST is a bad idea. See: How to prevent SQL injection in PHP?

+2
source

Source: https://habr.com/ru/post/1498805/

More articles:


All Articles