How to implement app verification login in php? (code example)

As a server-side scripting language, PHP can interact with the front-end and provide login verification functions for mobile applications. This article will introduce how to implement app verification login in PHP.

1. Prerequisite knowledge

• Familiar with the basics of PHP language

• Familiar with HTTP requests and responses

• Familiar with the mobile APP login process

2. Implementation process

1. User Requesting login

APP initiates a login request and needs to send the account number, password and other information entered by the user to the server.

2. The server receives the request and processes the data

After the server receives the request, it extracts the account number, password and other data entered by the user, and uses a database (such as MySQL) for processing Comparison verification.

3. Database verification

By connecting to the database, extract the user name and password data from the database, compare the data entered by the user with the data in the database, if verified If passed, a session or token and other information will be generated and sent to the mobile APP as a response result.

4. APP verification

The APP receives the session or token information returned by the server and stores it in the local storage of the device for future requests.

5. Request verification

When the APP sends a request to the server, it puts the session or token information into the request header. When the server receives the request, it verifies the session or token. , if the verification passes, the request result is returned, otherwise the verification error message is returned.

6. Login timeout

In order to ensure security, the server needs to limit the validity period of login information. If the user does not perform an operation within a period of time, he needs to log in again and Regenerate session or token information.

3. Code Implementation

The following is a simple login verification code implementation process.

1. Database connection

Use the PDO (PHP Data Objects) of PHP language to connect and operate the database. You need to provide the database host address, user name and password and other information. The specific code As follows:

<?php $servername = "localhost";
$username = "username";
$password = "password";

try {
  $conn = new PDO("mysql:host=$servername;dbname=myDB", $username, $password);
  $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  echo "Connected successfully";
} catch(PDOException $e) {
  echo "Connection failed: " . $e->getMessage();
}
?>

2. User verification

Obtain the account and password data entered by the user through the POST method, use prepared statements to precompile query statements, and query whether the corresponding user exists in the database name and password, if they exist, success information will be returned, otherwise failure information will be returned. The specific code is as follows:

<?php // 验证用户输入数据
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  // 获取POST请求中的数据
  $username = $_POST["username"];
  $password = $_POST["password"];

  // 以预编译语句方式查询数据库中用户信息
  $stmt = $conn->prepare("SELECT * FROM users WHERE username=:username AND password=:password");
  $stmt->bindParam(':username', $username);
  $stmt->bindParam(':password', $password);
  $stmt->execute();

  $result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
  $rows = $stmt->fetchAll();

  if (count($rows) > 0) {
    // 用户验证成功
    echo "Login successfully";
    // 将session或token等信息返回给移动端APP
    // 略
  } else {
    // 用户验证失败
    echo "Login failed";
  }
}
?>

3. Request verification

When implementing request verification on the server side, the session or token information needs to be taken out from the request header to verify its validity. The specific code is as follows:

<?php // 请求验证处理
if ($_SERVER["REQUEST_METHOD"] == "GET") {
  // 从请求头中获取session或token信息
  $token = $_SERVER[&#39;HTTP_TOKEN&#39;];

  // 判断session或token是否存在或已失效
  if (isset($_SESSION[&#39;token&#39;]) && $_SESSION[&#39;token&#39;] == $token) {
    // 请求验证成功
    echo "Request authorized";
    // 略
  } else {
    // 请求验证失败
    echo "Request unauthorized";
  }
}
?>

4. Summary

Through the above implementation, we can effectively verify the mobile APP login and ensure the security of user information. In actual development, more situations need to be considered, such as cookies and client cache, multi-platform support, etc. At the same time, we also need to consider security issues, such as XSS, CSRF and other attack methods, and we need to strengthen the security protection of the code.

The above is the detailed content of How to implement app verification login in php? (code example). For more information, please follow other related articles on the PHP Chinese website!