Skip to main content
Code Review

Return to Question

Rollback to Revision 3
Source Link
Phrancis
Phrancis
  • 20.5k
  • 6
  • 70
  • 155

EDITED TO USE PREPARED STATEMENTSGetting authenticated member from session: User Authentication

<?php
require_once '../dbConnect.php';
session_start();

$object = json_decode(file_get_contents("php://input"), true);

if (isset($object['email']) && isset($object['password'])) {

    $email = $object['email'];
    $password = $object['password'];
    
    $stmt = $mysqli->prepare("select id,$query="select password* from members where email = ?");

    if($stmt) {email='$email'";
      $result = $stmt$mysqli->bind_param>query("s", $email$query);
       or $stmt->executedie();
        $stmt$mysqli->bind_result($id, $password>error.__LINE__);
      $member = $stmt->fetchmysqli_fetch_assoc($result);

        if($id$member) {
            if (password_verify($object['password'], $password$member['password'])) {
                $message = array('message' => 'Authentication Successful!');
                $_SESSION["id"] = $id;$member['id'];
                echo json_encode($message);
            } else {
                $message = array('message' => 'Wrong Credentials, Authentication failed!');
                session_destroy();
                http_response_code(400);
                echo json_encode($message);
            }
        } else {
            session_destroy();
            http_response_code(406);
        }
    }

    $mysqli->close();
 
} else {
    session_destroy();
    http_response_code(400);
}
?>

EDITED TO USE PREPARED STATEMENTS: User Authentication

<?php
require_once '../dbConnect.php';
session_start();

$object = json_decode(file_get_contents("php://input"), true);

if (isset($object['email']) && isset($object['password'])) {

    $email = $object['email'];
    $password = $object['password'];
    
    $stmt = $mysqli->prepare("select id, password from members where email = ?");

    if($stmt) {
        $stmt->bind_param("s", $email);
        $stmt->execute();
        $stmt->bind_result($id, $password);
        $stmt->fetch();

        if($id) {
            if (password_verify($object['password'], $password)) {
                $message = array('message' => 'Authentication Successful!');
                $_SESSION["id"] = $id;
                echo json_encode($message);
            } else {
                $message = array('message' => 'Wrong Credentials, Authentication failed!');
                session_destroy();
                http_response_code(400);
                echo json_encode($message);
            }
        } else {
            session_destroy();
            http_response_code(406);
        }
    }

    $mysqli->close();
 
} else {
    session_destroy();
    http_response_code(400);
}
?>

Getting authenticated member from session:

<?php
require_once '../dbConnect.php';
session_start();

$object = json_decode(file_get_contents("php://input"), true);

if (isset($object['email']) && isset($object['password'])) {

    $email = $object['email'];
    $password = $object['password'];
    $query="select * from members where email='$email'";
    $result = $mysqli->query($query) or die($mysqli->error.__LINE__);
    $member = mysqli_fetch_assoc($result);

    if($member) {
        if (password_verify($object['password'], $member['password'])) {
            $message = array('message' => 'Authentication Successful!');
            $_SESSION["id"] = $member['id'];
            echo json_encode($message);
        } else {
            $message = array('message' => 'Wrong Credentials, Authentication failed!');
            session_destroy();
            http_response_code(400);
            echo json_encode($message);
        }
    } else {
        session_destroy();
        http_response_code(406);
    }

    $mysqli->close();
} else {
    session_destroy();
    http_response_code(400);
}
?>
added 98 characters in body
Source Link
Sahbaz
Sahbaz
  • 351
  • 1
  • 9

Getting authenticated member from sessionEDITED TO USE PREPARED STATEMENTS: User Authentication

<?php
require_once '../dbConnect.php';
session_start();

$object = json_decode(file_get_contents("php://input"), true);

if (isset($object['email']) && isset($object['password'])) {

    $email = $object['email'];
    $password = $object['password'];
    $query="select 
 *   $stmt = $mysqli->prepare("select id, password from members where email='$email'";email = ?");

    $resultif($stmt) ={
 $mysqli       $stmt->query>bind_param($query"s", $email);
 or die      $stmt->execute($mysqli);
        $stmt->error.__LINE__>bind_result($id, $password);
    $member = mysqli_fetch_assoc  $stmt->fetch($result);

        if($member$id) {
            if (password_verify($object['password'], $member['password']$password)) {
                $message = array('message' => 'Authentication Successful!');
                $_SESSION["id"] = $member['id'];$id;
                echo json_encode($message);
            } else {
                $message = array('message' => 'Wrong Credentials, Authentication failed!');
                session_destroy();
                http_response_code(400);
                echo json_encode($message);
            }
        } else {
            session_destroy();
            http_response_code(406);
        }
    }

    $mysqli->close(); 

} else {
    session_destroy();
    http_response_code(400);
}
?>

Getting authenticated member from session:

<?php
require_once '../dbConnect.php';
session_start();

$object = json_decode(file_get_contents("php://input"), true);

if (isset($object['email']) && isset($object['password'])) {

    $email = $object['email'];
    $password = $object['password'];
    $query="select * from members where email='$email'";
    $result = $mysqli->query($query) or die($mysqli->error.__LINE__);
    $member = mysqli_fetch_assoc($result);

    if($member) {
        if (password_verify($object['password'], $member['password'])) {
            $message = array('message' => 'Authentication Successful!');
            $_SESSION["id"] = $member['id'];
            echo json_encode($message);
        } else {
            $message = array('message' => 'Wrong Credentials, Authentication failed!');
            session_destroy();
            http_response_code(400);
            echo json_encode($message);
        }
    } else {
        session_destroy();
        http_response_code(406);
    }

    $mysqli->close();
} else {
    session_destroy();
    http_response_code(400);
}
?>

EDITED TO USE PREPARED STATEMENTS: User Authentication

<?php
require_once '../dbConnect.php';
session_start();

$object = json_decode(file_get_contents("php://input"), true);

if (isset($object['email']) && isset($object['password'])) {

    $email = $object['email'];
    $password = $object['password'];
     
    $stmt = $mysqli->prepare("select id, password from members where email = ?");

    if($stmt) {
        $stmt->bind_param("s", $email);
        $stmt->execute();
        $stmt->bind_result($id, $password);
        $stmt->fetch();

        if($id) {
            if (password_verify($object['password'], $password)) {
                $message = array('message' => 'Authentication Successful!');
                $_SESSION["id"] = $id;
                echo json_encode($message);
            } else {
                $message = array('message' => 'Wrong Credentials, Authentication failed!');
                session_destroy();
                http_response_code(400);
                echo json_encode($message);
            }
        } else {
            session_destroy();
            http_response_code(406);
        }
    }

    $mysqli->close(); 

} else {
    session_destroy();
    http_response_code(400);
}
?>
deleted 247 characters in body
Source Link
Jamal
Jamal
  • 35.2k
  • 13
  • 134
  • 238

I created small simple PHP Authentication API. I have a couple of scripts that I use for for session, authentication and registration. Since I'm not an experienced backend and PHP developer, I wanted someone more experienced to review my scripts and tell me what I did wrong and what I can improve.

I did not use any framework; this is plain PHP.

So now I will present my scripts:

This one is for userUser registration.:

And this one is for gettingGetting authenticated member from session.: <?php require_once '../dbConnect.php'; session_start();

   <?php
require_once '../dbConnect.php';
session_start();

$object = json_decode(file_get_contents("php://input"), true);
    
    if (isset($object['email']) && isset($object['password'])) {
    
        $email = $object['email'];
        $password = $object['password'];
        $query="select * from members where email='$email'";
        $result = $mysqli->query($query) or die($mysqli->error.__LINE__);
        $member = mysqli_fetch_assoc($result);
    
        if($member) {
            if (password_verify($object['password'], $member['password'])) {
                $message = array('message' => 'Authentication Successful!');
                $_SESSION["id"] = $member['id'];
                echo json_encode($message);
            } else {
                $message = array('message' => 'Wrong Credentials, Authentication failed!');
                session_destroy();
                http_response_code(400);
                echo json_encode($message);
            }
        } else {
            session_destroy();
            http_response_code(406);
        }
    
        $mysqli->close();
    } else {
        session_destroy();
        http_response_code(400);
    }
    ?>

**This is for getting authenticated member from PHP session cookie**

Getting authenticated member from PHP session cookie

<?php
require_once '../dbConnect.php';
session_start();

if (isset($_SESSION["id"])) {
    $memberId = $_SESSION["id"];
    $query="select id, firstName, lastName, email, profileImage from members where id='$memberId'";

    $result = $mysqli->query($query) or die($mysqli->error.__LINE__);
    $member = mysqli_fetch_assoc($result);

    echo $json_response = json_encode($member);

    $mysqli->close();
} else {
    http_response_code(401);
}

?>

And last is simple log outSimple logout script.:

I created small simple PHP Authentication API. I have couple of scripts that I use for for session, authentication and registration. Since I'm not an experienced backend and PHP developer, I wanted someone more experienced to review my scripts and tell me what I did wrong and what I can improve.

I did not use any framework; this is plain PHP.

So now I will present my scripts:

This one is for user registration.

And this one is for getting authenticated member from session. <?php require_once '../dbConnect.php'; session_start();

    $object = json_decode(file_get_contents("php://input"), true);
    
    if (isset($object['email']) && isset($object['password'])) {
    
        $email = $object['email'];
        $password = $object['password'];
        $query="select * from members where email='$email'";
        $result = $mysqli->query($query) or die($mysqli->error.__LINE__);
        $member = mysqli_fetch_assoc($result);
    
        if($member) {
            if (password_verify($object['password'], $member['password'])) {
                $message = array('message' => 'Authentication Successful!');
                $_SESSION["id"] = $member['id'];
                echo json_encode($message);
            } else {
                $message = array('message' => 'Wrong Credentials, Authentication failed!');
                session_destroy();
                http_response_code(400);
                echo json_encode($message);
            }
        } else {
            session_destroy();
            http_response_code(406);
        }
    
        $mysqli->close();
    } else {
        session_destroy();
        http_response_code(400);
    }
    ?>

**This is for getting authenticated member from PHP session cookie**
<?php
require_once '../dbConnect.php';
session_start();

if (isset($_SESSION["id"])) {
    $memberId = $_SESSION["id"];
    $query="select id, firstName, lastName, email, profileImage from members where id='$memberId'";

    $result = $mysqli->query($query) or die($mysqli->error.__LINE__);
    $member = mysqli_fetch_assoc($result);

    echo $json_response = json_encode($member);

    $mysqli->close();
} else {
    http_response_code(401);
}

?>

And last is simple log out script.

I created small simple PHP Authentication API. I have a couple of scripts that I use for session, authentication and registration. Since I'm not an experienced backend and PHP developer, I wanted someone more experienced to review my scripts and tell me what I did wrong and what I can improve.

I did not use any framework; this is plain PHP.

User registration:

Getting authenticated member from session:

<?php
require_once '../dbConnect.php';
session_start();

$object = json_decode(file_get_contents("php://input"), true);

if (isset($object['email']) && isset($object['password'])) {

    $email = $object['email'];
    $password = $object['password'];
    $query="select * from members where email='$email'";
    $result = $mysqli->query($query) or die($mysqli->error.__LINE__);
    $member = mysqli_fetch_assoc($result);

    if($member) {
        if (password_verify($object['password'], $member['password'])) {
            $message = array('message' => 'Authentication Successful!');
            $_SESSION["id"] = $member['id'];
            echo json_encode($message);
        } else {
            $message = array('message' => 'Wrong Credentials, Authentication failed!');
            session_destroy();
            http_response_code(400);
            echo json_encode($message);
        }
    } else {
        session_destroy();
        http_response_code(406);
    }

    $mysqli->close();
} else {
    session_destroy();
    http_response_code(400);
}
?>

Getting authenticated member from PHP session cookie

<?php
require_once '../dbConnect.php';
session_start();

if (isset($_SESSION["id"])) {
    $memberId = $_SESSION["id"];
    $query="select id, firstName, lastName, email, profileImage from members where id='$memberId'";

    $result = $mysqli->query($query) or die($mysqli->error.__LINE__);
    $member = mysqli_fetch_assoc($result);

    echo $json_response = json_encode($member);

    $mysqli->close();
} else {
    http_response_code(401);
}

?>

Simple logout script:

edited body
Source Link
user34073
user34073
Source Link
Sahbaz
Sahbaz
  • 351
  • 1
  • 9