close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

API Authentication using headers

Thread began 4/25/2019 5:46 am by anonymous | Last modified 4/30/2019 10:56 am by Ray Borduin | 1646 views | 14 replies |

anonymous

API Authentication using headers

I am trying to create an API where the username and password is passed thru headers to authenticate. This is the code that I have and it seems to error out each time. Any advice on what I am doing wrong? Thanks


<?php require_once('Connections/sdpc_i.php'); ?>
<?php require_once('webassist/mysqli/authentication.php'); ?>
<?php
if ("" == "") {
$Authenticate = new WA_MySQLi_Auth($sdpc_i);
$Authenticate->Action = "authenticate";
$Authenticate->Name = "sdpc_login";
$Authenticate->Table = "users";
$Authenticate->addFilter("username", "=", "s", "".((isset($_SERVER["HTTP_USERNAME"]))?$_SERVER["HTTP_USERNAME"]:"") ."");
$Authenticate->addFilter("password", "=", "s", "".(isset($_SERVER['HTTP_PASSWORD'])?sha1($_SERVER['HTTP_PASSWORD']):"") ."");
$Authenticate->storeResult("username",'username');
$Authenticate->AutoReturn = false;
$SuccessRedirect = "read2.php?page=1&verify=T";
$FailedRedirect = "error.php";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();
}
?>

Sign in to reply to this post

Ray BorduinWebAssist

I think the correct $_SERVER variables are:

$_SERVER["PHP_AUTH_USER"]
and
$_SERVER["PHP_AUTH_PW"]

Sign in to reply to this post
Did this help? Tips are appreciated...

anonymous

Hmm. Still doesn't seem to authenticate.

Sign in to reply to this post

Ray BorduinWebAssist

Write the values to the page to see if they are set correctly... just add this to the top:

php:
<?php

var_dump
($_SERVER);
die();
?>



That will tell you if the header values are set to what you think they are and may shed light on why it isn't working.

Sign in to reply to this post
Did this help? Tips are appreciated...

anonymous

The username is set to HTTP_USERNAME and the password is set to HTTP_PASSWORD which is what I originally had it set to. The url of the page is https://sdpc.a4l.org/read_test2.php.

Sign in to reply to this post

Ray BorduinWebAssist

Are the values passed to the page present in the database? How are you setting the header variables? How are you passing them in?

Sign in to reply to this post
Did this help? Tips are appreciated...

anonymous

They are present in the database and I was using Postman to test it where I defined the headers for them.

Sign in to reply to this post

Ray BorduinWebAssist

Perhaps you can't set session variables when posting through postman? The authenticate server behavior relies on session variables to maintain login status and information.

Sign in to reply to this post
Did this help? Tips are appreciated...

anonymous

Ok. I will look further into this to see. Thank you.

Sign in to reply to this post

anonymous

If postman does support retaining the session variables. Then when a person authenticates, they would get redirected to this page with restricted access:

<?php require_once('Connections/sdpc_i.php'); ?>
<?php require_once('webassist/mysqli/authentication.php'); ?>
<?php require_once('webassist/mysqli/rsobj.php');

error_reporting(E_ALL);
ini_set('display_errors', 1);?>
<?php
if ("" == "") {
$RestrictAccess = new WA_MySQLi_Auth();
$RestrictAccess->Action = "restrict";
$RestrictAccess->Name = "sdpc_login";
$RestricAccessRedirect = "error.php";
if (function_exists("rel2abs")) $RestricAccessRedirect = $RestricAccessRedirect?rel2abs($RestricAccessRedirect,dirname(__FILE__)):"";
$RestrictAccess->FailRedirect = $RestricAccessRedirect;
$RestrictAccess->execute();
}?>
<?php
include_once("db_connect.php");
$page = 1;
if(!empty($_GET['page'])) {
$page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT);
if(false === $page) {
$page = 1;
}
}
$items_per_page = 50;
$offset = ($page - 1) * 50;
$sql2 = "SELECT *, t1.districtID as thedistrict, t1.statusID as statusID_final, t1.agreement_typesID as agtype from ((SELECT dataID, districtID, softwareID, agreement_typesID, signed_agreement_file, statusID, date_approved, date_expired, year, grade_level, content_area, declined_reasoning, originator, data.softwareID as code1, data.districtID as code FROM data) t1 JOIN (Select districtID, district_name, state, account_status, tec_member from districts) t9 on (t1.code = t9.districtID) LEFT JOIN (SELECT *, addendums_data.addendumID as selected_addendum FROM addendums_data) t2 On (t1.dataID = t2.dataID) LEFT JOIN (SELECT * from addendums) t7 on (t2.addendumID = t7.addendumID) LEFT JOIN (Select agreement_typesID, public, agreement_name, state from agreement_types) t4 on (t1.agreement_typesID = t4.agreement_typesID) LEFT JOIN (Select * from status) t5 on (t1.statusID = t5.statusID) LEFT JOIN (SELECT district_data_elements.districtID as code3, district_data_elements.softwareID as code2, GROUP_CONCAT(element_name SEPARATOR ', ') as data_list from district_data_elements LEFT JOIN data_elements on data_elements.data_elementID = district_data_elements.data_elementID GROUP BY district_data_elements.softwareID) t3 On (t1.code1 = t3.code2) LEFT JOIN (SELECT softwareID, company_name,software_name from software) t6 on (t1.code1 = t6.softwareID)) Where (t5.public = 'Yes' or t4.public = 'Yes') GROUP by t1.dataID ORDER BY t9.district_name ASC";
$result = mysqli_query($conn, $sql2) or die("database error:". mysqli_error($conn));
if(false === $result) {
throw new Exception('Query failed with: ' . mysqli_error());
} else {
$row_count = mysqli_num_rows($result);
// free the result set as you don't need it anymore
mysqli_free_result($result);
}
$page_count = 0;
if (0 === $row_count) {
// maybe show some error since there is nothing in your table
} else {
// determine page_count
$page_count = (int)ceil($row_count / $items_per_page);
// double check that request page is in range
if($page > $page_count) {
// error to user, maybe set page to 1
$page = 1;
}
}
header("Content-Type:application/json");
if ("".($_GET['verify']) ."" == "T") { // WebAssist Show If
$state=$_GET['verify'];
$items = getItems($state, $conn);
if(empty($items) and "".($_GET['verify']) ."" == "T") {
jsonResponse(200,"There is no data found.",NULL);
} else {
jsonResponse(200,"Data Found",$items);
}
} else {
jsonResponse(400,"This is an Invalid Request or the url has not been verified correctly",NULL);
}
function jsonResponse($status,$status_message,$data) {
header("HTTP/1.1 ".$status_message);
$response['status']=$status;
$response['status_message']=$status_message;
$response['data']=$data;
$json_response = json_encode($response);
echo $json_response;
}
// set the number of items to display per page
function getItems($state, $conn) {
// determine page number from $_GET
$page = 1;
if(!empty($_GET['page'])) {
$page = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT);
if(false === $page) {
$page = 1;
}
}
$items_per_page = 50;
$offset = ($page - 1) * 50;
$sql = "SELECT *, t1.districtID as thedistrict, t1.statusID as statusID_final, t1.agreement_typesID as agtype from ((SELECT dataID, districtID, softwareID, agreement_typesID, signed_agreement_file, statusID, date_approved, date_expired, year, grade_level, content_area, declined_reasoning, originator, data.softwareID as code1, data.districtID as code FROM data) t1 JOIN (Select districtID, district_name, state, account_status, tec_member from districts) t9 on (t1.code = t9.districtID) LEFT JOIN (SELECT *, addendums_data.addendumID as selected_addendum FROM addendums_data) t2 On (t1.dataID = t2.dataID) LEFT JOIN (SELECT * from addendums) t7 on (t2.addendumID = t7.addendumID) LEFT JOIN (Select agreement_typesID, public, agreement_name, state from agreement_types) t4 on (t1.agreement_typesID = t4.agreement_typesID) LEFT JOIN (Select * from status) t5 on (t1.statusID = t5.statusID) LEFT JOIN (SELECT district_data_elements.districtID as code3, district_data_elements.softwareID as code2, GROUP_CONCAT(element_name SEPARATOR ', ') as data_list from district_data_elements LEFT JOIN data_elements on data_elements.data_elementID = district_data_elements.data_elementID GROUP BY district_data_elements.softwareID) t3 On (t1.code1 = t3.code2) LEFT JOIN (SELECT softwareID, company_name,software_name from software) t6 on (t1.code1 = t6.softwareID)) Where (t5.public = 'Yes' or t4.public = 'Yes') GROUP by t1.dataID ORDER BY t9.district_name ASC LIMIT " . $offset . "," . $items_per_page;"";
$resultset = mysqli_query($conn, $sql) or die("database error:". mysqli_error($conn));
$data = array();
while( $rows = mysqli_fetch_assoc($resultset) ) {
$data[] = $rows;
}
return $data;
}

Does this code look right to recognize the authentication? Or do I need to add something like: $_SESSION[“sdpc_login”] = $Username

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...