Home/ Questions/Q 7671845
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T16:09:03+00:00

I have been trying to get this to work correctly and I think I

  • 0

I have been trying to get this to work correctly and I think I have finally come up with the correct solution because when I login on my iphone it seems to work fine. I am sort of new to php so I was wondering if I made any mistakes or if I could improve upon this.

I was working off of this example http://www.raywenderlich.com/2941/how-to-write-a-simple-phpmysql-web-service-for-an-ios-app for writing a web service.

All this is trying to do is return 403 if the username and password that I type in is valid. 

<?php

    // Helper method to send a HTTP response code/message
    function sendResponse($status = 200, $body = '', $content_type = 'text/html')
    {
        $status_header = 'HTTP/1.1 ' . $status . ' ' . getStatusCodeMessage($status);
        header($status_header);
        header('Content-type: ' . $content_type);
        echo $body;
    }

    class RedeemAPI {


        private $db;

                // Constructor - open DB connection
                function __construct() {
                $this->db = new mysqli('127.0.0.1', 'username', 'password', 'promos');
                $this->db->autocommit(FALSE);
            }

            // Destructor - close DB connection
            function __destruct() {
                $this->db->close();
            }


    function redeem() {

        // Check for required parameters





     if (isset($_POST["AccountEntry"]) && isset($_POST["PasswordEntry"])) {



        // Put parameters into local variables
                $AccountEntry = $_POST["AccountEntry"];
                 $PasswordEntry = $_POST["PasswordEntry"];



                   $user_id = 0;
                   $stmt = $this->db->prepare("SELECT username, password FROM usernames WHERE username=? AND password=?");

                   $stmt->bind_param("ss", $AccountEntry, $PasswordEntry);
                   $stmt->execute();
                      $stmt->bind_result($user, $pass);
                   while ($stmt->fetch()) {
                break;
            }
            $stmt->close();




                if ($AccountEntry === $user && $PasswordEntry == $pass ) {
                    sendResponse(403, 'YESSIRRRRR');
                    return true;

                }  


        }
         sendResponse(400, 'Not working');
                return false; 
        }


    }

        $api = new RedeemAPI;
        $api->redeem();

    //Extra helper functions



    // Helper method to get a string description for an HTTP status code
    // From http://www.gen-x-design.com/archives/create-a-rest-api-with-php/ 


    function getStatusCodeMessage($status)
    {
        // these could be stored in a .ini file and loaded
        // via parse_ini_file()... however, this will suffice
        // for an example
        $codes = Array(
            100 => 'Continue',
            101 => 'Switching Protocols',
            200 => 'OK',
            201 => 'Created',
            202 => 'Accepted',
            203 => 'Non-Authoritative Information',
            204 => 'No Content',
            205 => 'Reset Content',
            206 => 'Partial Content',
            300 => 'Multiple Choices',
            301 => 'Moved Permanently',
            302 => 'Found',
            303 => 'See Other',
            304 => 'Not Modified',
            305 => 'Use Proxy',
            306 => '(Unused)',
            307 => 'Temporary Redirect',
            400 => 'Bad Request',
            401 => 'Unauthorized',
            402 => 'Payment Required',
            403 => 'Forbidden',
            404 => 'Not Found',
            405 => 'Method Not Allowed',
            406 => 'Not Acceptable',
            407 => 'Proxy Authentication Required',
            408 => 'Request Timeout',
            409 => 'Conflict',
            410 => 'Gone',
            411 => 'Length Required',
            412 => 'Precondition Failed',
            413 => 'Request Entity Too Large',
            414 => 'Request-URI Too Long',
            415 => 'Unsupported Media Type',
            416 => 'Requested Range Not Satisfiable',
            417 => 'Expectation Failed',
            500 => 'Internal Server Error',
            501 => 'Not Implemented',
            502 => 'Bad Gateway',
            503 => 'Service Unavailable',
            504 => 'Gateway Timeout',
            505 => 'HTTP Version Not Supported'
        );

        return (isset($codes[$status])) ? $codes[$status] : '';
    }

    // This is the first thing that gets called when this page is loaded
    // Creates a new instance of the RedeemAPI class and calls the redeem method


    ?>

EDIT: Sorry I wasn’t more clear I mainly wanted to make sure that this piece of code is valid, and if I am checking the username/password correctly.

if (isset($_POST["AccountEntry"]) && isset($_POST["PasswordEntry"])) {



        // Put parameters into local variables
                $AccountEntry = $_POST["AccountEntry"];
                 $PasswordEntry = $_POST["PasswordEntry"];



                   $user_id = 0;
                   $stmt = $this->db->prepare("SELECT username, password FROM usernames WHERE username=? AND password=?");

                   $stmt->bind_param("ss", $AccountEntry, $PasswordEntry);
                   $stmt->execute();
                      $stmt->bind_result($user, $pass);
                   while ($stmt->fetch()) {
                break;
            }
            $stmt->close();




                if ($AccountEntry === $user && $PasswordEntry == $pass ) {
                    sendResponse(403, 'YESSIRRRRR');
                    return true;
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First, why would you want to send “Not Found” if the username and password are correct? Anyway, thats what I did. This is completely different code but it does what you asked.

    //Connect To Database. I put 127.0.0.1 because that is what was in your code. It is usually "localhost" though.
$conn = mysql_connect("127.0.0.1", "DATABASE-USER-NAME", "DATABASE-USER-PASSWORD") or     die(mysql_error());
mysql_select_db('DATABASE-NAME', $conn) or die(mysql_error());

//Put everything in variables
$username = $_POST['AccountEntry'];
$password = $_POST['PasswordEntry'];
//Get the information from the database.
$result = mysql_query("SELECT * FROM usernames WHERE username = '$username' && password = '$password'"); 
$num_rows = mysql_num_rows($result);
//If there are one (1) result in the database, returning 403.
if ($num_rows==1 || $num_rows=="1") {
  //Correct passcode. Return 403 (thats what you wanted right?).
  returnStatusCode(403);
} else {
  //Incorrect passcode. Return 400 (thats what you wanted right?).
  returnStatusCode(400);
}
//send the headers...
function returnStatusCode($code) {
 $status_header = 'HTTP/1.1 ' . $code . ' ' . getStatusCodeMessage($status);
        header($status_header);
        header('Content-type: text/html');
 //Don't need the echo($body) since your body was empty anyway.
}
//I didn't change this:
function getStatusCodeMessage($status)
    {
        // these could be stored in a .ini file and loaded
        // via parse_ini_file()... however, this will suffice
        // for an example
        $codes = Array(
            100 => 'Continue',
            101 => 'Switching Protocols',
            200 => 'OK',
            201 => 'Created',
            202 => 'Accepted',
            203 => 'Non-Authoritative Information',
            204 => 'No Content',
            205 => 'Reset Content',
            206 => 'Partial Content',
            300 => 'Multiple Choices',
            301 => 'Moved Permanently',
            302 => 'Found',
            303 => 'See Other',
            304 => 'Not Modified',
            305 => 'Use Proxy',
            306 => '(Unused)',
            307 => 'Temporary Redirect',
            400 => 'Bad Request',
            401 => 'Unauthorized',
            402 => 'Payment Required',
            403 => 'Forbidden',
            404 => 'Not Found',
            405 => 'Method Not Allowed',
            406 => 'Not Acceptable',
            407 => 'Proxy Authentication Required',
            408 => 'Request Timeout',
            409 => 'Conflict',
            410 => 'Gone',
            411 => 'Length Required',
            412 => 'Precondition Failed',
            413 => 'Request Entity Too Large',
            414 => 'Request-URI Too Long',
            415 => 'Unsupported Media Type',
            416 => 'Requested Range Not Satisfiable',
            417 => 'Expectation Failed',
            500 => 'Internal Server Error',
            501 => 'Not Implemented',
            502 => 'Bad Gateway',
            503 => 'Service Unavailable',
            504 => 'Gateway Timeout',
            505 => 'HTTP Version Not Supported'
        );

        return (isset($codes[$status])) ? $codes[$status] : '';
    }

    EDIT: Fixed $code and $status.

    EDIT 2: Or you could just use Gabriel’s answer if you need to have the code that way.

    • 0