我一直在努力让它正常工作,我想我终于找到了正确的解决方案,因为当我登录iphone时,它似乎工作得很好。我是php的新手,所以我想知道我是否犯了任何错误,或者我是否可以改进。
我正在研究这个例子http://www.raywenderlich.com/2941/how-to-write-a-simple-phpmysql-web-service-for-an-ios-app用于编写web服务。
如果我输入的用户名和密码是有效的,那么所有这些都要返回403。
<?php
// Helper method to send a HTTP response code/message
function sendResponse($status = 200, $body = '', $content_type = 'text/html')
{
$status_header = 'HTTP/1.1 ' . $status . ' ' . getStatusCodeMessage($status);
header($status_header);
header('Content-type: ' . $content_type);
echo $body;
}
class RedeemAPI {
private $db;
// Constructor - open DB connection
function __construct() {
$this->db = new mysqli('127.0.0.1', 'username', 'password', 'promos');
$this->db->autocommit(FALSE);
}
// Destructor - close DB connection
function __destruct() {
$this->db->close();
}
function redeem() {
// Check for required parameters
if (isset($_POST["AccountEntry"]) && isset($_POST["PasswordEntry"])) {
// Put parameters into local variables
$AccountEntry = $_POST["AccountEntry"];
$PasswordEntry = $_POST["PasswordEntry"];
$user_id = 0;
$stmt = $this->db->prepare("SELECT username, password FROM usernames WHERE username=? AND password=?");
$stmt->bind_param("ss", $AccountEntry, $PasswordEntry);
$stmt->execute();
$stmt->bind_result($user, $pass);
while ($stmt->fetch()) {
break;
}
$stmt->close();
if ($AccountEntry === $user && $PasswordEntry == $pass ) {
sendResponse(403, 'YESSIRRRRR');
return true;
}
}
sendResponse(400, 'Not working');
return false;
}
}
$api = new RedeemAPI;
$api->redeem();
//Extra helper functions
// Helper method to get a string description for an HTTP status code
// From http://www.gen-x-design.com/archives/create-a-rest-api-with-php/
function getStatusCodeMessage($status)
{
// these could be stored in a .ini file and loaded
// via parse_ini_file()... however, this will suffice
// for an example
$codes = Array(
100 => 'Continue',
101 => 'Switching Protocols',
200 => 'OK',
201 => 'Created',
202 => 'Accepted',
203 => 'Non-Authoritative Information',
204 => 'No Content',
205 => 'Reset Content',
206 => 'Partial Content',
300 => 'Multiple Choices',
301 => 'Moved Permanently',
302 => 'Found',
303 => 'See Other',
304 => 'Not Modified',
305 => 'Use Proxy',
306 => '(Unused)',
307 => 'Temporary Redirect',
400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
406 => 'Not Acceptable',
407 => 'Proxy Authentication Required',
408 => 'Request Timeout',
409 => 'Conflict',
410 => 'Gone',
411 => 'Length Required',
412 => 'Precondition Failed',
413 => 'Request Entity Too Large',
414 => 'Request-URI Too Long',
415 => 'Unsupported Media Type',
416 => 'Requested Range Not Satisfiable',
417 => 'Expectation Failed',
500 => 'Internal Server Error',
501 => 'Not Implemented',
502 => 'Bad Gateway',
503 => 'Service Unavailable',
504 => 'Gateway Timeout',
505 => 'HTTP Version Not Supported'
);
return (isset($codes[$status])) ? $codes[$status] : '';
}
// This is the first thing that gets called when this page is loaded
// Creates a new instance of the RedeemAPI class and calls the redeem method
?>
编辑:对不起,我不太清楚,我主要想确保这段代码是有效的,以及我是否正确检查了用户名/密码。
if (isset($_POST["AccountEntry"]) && isset($_POST["PasswordEntry"])) {
// Put parameters into local variables
$AccountEntry = $_POST["AccountEntry"];
$PasswordEntry = $_POST["PasswordEntry"];
$user_id = 0;
$stmt = $this->db->prepare("SELECT username, password FROM usernames WHERE username=? AND password=?");
$stmt->bind_param("ss", $AccountEntry, $PasswordEntry);
$stmt->execute();
$stmt->bind_result($user, $pass);
while ($stmt->fetch()) {
break;
}
$stmt->close();
if ($AccountEntry === $user && $PasswordEntry == $pass ) {
sendResponse(403, 'YESSIRRRRR');
return true;
首先,如果用户名和密码正确,为什么要发送"未找到"?不管怎样,我就是这么做的。这是完全不同的代码,但它能满足您的要求。
//Connect To Database. I put 127.0.0.1 because that is what was in your code. It is usually "localhost" though.
$conn = mysql_connect("127.0.0.1", "DATABASE-USER-NAME", "DATABASE-USER-PASSWORD") or die(mysql_error());
mysql_select_db('DATABASE-NAME', $conn) or die(mysql_error());
//Put everything in variables
$username = $_POST['AccountEntry'];
$password = $_POST['PasswordEntry'];
//Get the information from the database.
$result = mysql_query("SELECT * FROM usernames WHERE username = '$username' && password = '$password'");
$num_rows = mysql_num_rows($result);
//If there are one (1) result in the database, returning 403.
if ($num_rows==1 || $num_rows=="1") {
//Correct passcode. Return 403 (thats what you wanted right?).
returnStatusCode(403);
} else {
//Incorrect passcode. Return 400 (thats what you wanted right?).
returnStatusCode(400);
}
//send the headers...
function returnStatusCode($code) {
$status_header = 'HTTP/1.1 ' . $code . ' ' . getStatusCodeMessage($status);
header($status_header);
header('Content-type: text/html');
//Don't need the echo($body) since your body was empty anyway.
}
//I didn't change this:
function getStatusCodeMessage($status)
{
// these could be stored in a .ini file and loaded
// via parse_ini_file()... however, this will suffice
// for an example
$codes = Array(
100 => 'Continue',
101 => 'Switching Protocols',
200 => 'OK',
201 => 'Created',
202 => 'Accepted',
203 => 'Non-Authoritative Information',
204 => 'No Content',
205 => 'Reset Content',
206 => 'Partial Content',
300 => 'Multiple Choices',
301 => 'Moved Permanently',
302 => 'Found',
303 => 'See Other',
304 => 'Not Modified',
305 => 'Use Proxy',
306 => '(Unused)',
307 => 'Temporary Redirect',
400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
406 => 'Not Acceptable',
407 => 'Proxy Authentication Required',
408 => 'Request Timeout',
409 => 'Conflict',
410 => 'Gone',
411 => 'Length Required',
412 => 'Precondition Failed',
413 => 'Request Entity Too Large',
414 => 'Request-URI Too Long',
415 => 'Unsupported Media Type',
416 => 'Requested Range Not Satisfiable',
417 => 'Expectation Failed',
500 => 'Internal Server Error',
501 => 'Not Implemented',
502 => 'Bad Gateway',
503 => 'Service Unavailable',
504 => 'Gateway Timeout',
505 => 'HTTP Version Not Supported'
);
return (isset($codes[$status])) ? $codes[$status] : '';
}
编辑:修复$代码和$状态。
编辑2:或者,如果你需要这样的代码,你可以使用Gabriel的答案。
在php中,需要使用运算符$this->来调用函数成员。
所以
getStatusCodeMessage($status);
将成为
$this->getStatusCodeMessage($status);
你的代码可以进行大量修改/优化,但我认为,既然你是从PHP开始的,你就需要不断学习。