for a project I'm developing an app with web services
My problem concerns the login page, that is when I manage that the user has not registered, I would like to show an alert on the same login page..
#Path("postlogincookie")
#POST
#Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response postLoginAdminCookie(#FormParam("username") String username, #FormParam("password") String password)
{
java.sql.Connection con = null;
SqliteConnection sqlite = new SqliteConnection();
sqlite.setDbPath(dbPath);
con = sqlite.connect();
String query = "SELECT Username,Password,Role FROM User WHERE Username ='"+username+"' and Password='"+password+"'";
ResultSet rs = con.createStatement().executeQuery(query);
if(!rs.next())
{
return Response.status(Response.Status.UNAUTHORIZED).entity("Non sei registrato, registrati!").build();
}
currently I use return Response.status(Response.Status.UNAUTHORIZED).entity("Non sei registrato, registrati!").build(); but I don't want to change page to give the error message.
is there a solution to give a message of alert or error on login page?
I have an Android app which writes/reads from an external SQL database through a PHP script. Both the database and the PHP script is hosted on Amazon Web Services (AWS). The app sends HTTP request to the PHP script, and the PHP script communicates with the database.
Are there easier ways to connect the app with the database? I feel like this method is kinda hacky. Or is this how it is done? Is it possible to avoid the PHP script entirely and just communicate with the database through Java in the app?
Below is the code for fetching everything in the database.
The php script:
$servername = "";
$username = "";
$password = "";
$conn = mysqli_connect($servername, $username, $password);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT * FROM table";
$result = $conn->query($sql);
if($result->num_rows > 0){
while($row = $result->fetch_assoc()){
echo "rowname1: " . $row["rowname1"]. " rowname2: " . $row["rowname2"] . "\n";
}
} else {
echo "0 results";
}
$conn->close();
The Java code:
requestQueue = Volley.newRequestQueue(this);
String url = "";
StringRequest stringRequest = new StringRequest(Request.Method.GET, url, new Response.Listener<String>() {
#Override
public void onResponse(String response) {
textDatabase.setText(response);
}
}, new Response.ErrorListener() {
#Override
public void onErrorResponse(VolleyError error) {
textDatabase.setText(error.toString());
}
});
requestQueue.add(stringRequest);
This is the correct way to do that, via API.
Frontend Application (Android, iOS, browser) <-> API <-> Backend
You can connect direct to the database, but you should not. To be able to do that, you have to put user and password in your application. Doing this, how do you prevent users to connect on your database and changing all they want? There are many more points against this approach.
Look for REST APIs, or maybe GraphQL.
I am working on a login/register app.
That's my Java Code in my MainActivity:
private void loginUser(){
pd = ProgressDialog.show(LoginActivity.this, "", "Loading...");
StringRequest stringRequest = new StringRequest(Request.Method.POST, LOGIN_URL,
new Response.Listener<String>() {
#Override
public void onResponse(String response) {
try {
JSONObject jsonResponse = new JSONObject(response);
System.out.println("JSON RESPONSE: " + jsonResponse.toString());
boolean success = jsonResponse.getBoolean("success");
if (success) {
launchHomeScreen();
pd.dismiss();
Toast.makeText(LoginActivity.this,"Welcome back " + username,Toast.LENGTH_LONG).show();
}
else {
Toast.makeText(LoginActivity.this,"Wrong Username or Password!",Toast.LENGTH_LONG).show();
pd.dismiss();
}
}
catch (JSONException e) {
e.printStackTrace();
pd.dismiss();
Toast.makeText(LoginActivity.this,response,Toast.LENGTH_LONG).show();
}
}
},
new Response.ErrorListener() {
#Override
public void onErrorResponse(VolleyError error) {
pd.dismiss();
System.out.println("Error: " + error);
}
}){
#Override
protected Map<String,String> getParams(){
Map<String,String> params = new HashMap<>();
params.put(KEY_USERNAME,username);
params.put(KEY_PASSWORD,password);
return params;
}
};
RequestQueue requestQueue = Volley.newRequestQueue(this);
requestQueue.add(stringRequest);
}
}
login.php:
<?php
$con = mysqli_connect("x", "x", "x", "x");
$username = $_POST["username"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $colUserID, $colUsername, $colPassword);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
if (password_verify($password, $colPassword)) {
$response["success"] = true;
}
}
header('Content-Type: application/json');
echo json_encode($response);
?>
The mysql table looks like: user_id;username;passsword;mobilenumber;email
When i trying to login I get this back in Android logcat, so that error is caused by writting the LOGIN_URL wrong.
E/Volley: [251] BasicNetwork.performRequest: Unexpected response code 404 for http://myserver.xyz/pubic_html/login.php
I/System.out: Error: com.android.volley.ServerError
But there is another Error. I send the right logindatas to the server but everytime I get back success:false.
The weird thing is that I use a similar java code for registration (only with a register.php), and it works, so what is wrong?
This is register.php
<?php
$connect = mysqli_connect("localhost", "root", "", "user");
$username = $_POST["username"];
$password = $_POST["password"];
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
$mobilenumber = $_POST["mobilenumber"];
$email = $_POST["email"];
registerUser();
$response["success"] = false;
function registerUser() {
global $connect, $username, $hashedPassword, $mobilenumber, $email;
$statement = mysqli_prepare($connect, "INSERT INTO user (username, hashedPassword, mobilenumber, email) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "siss", $username, $hashedPassword, $mobilenumber, $email);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
$response["success"] = true;
}
header('Content-Type: application/json');
echo json_encode($response);
?>
404 means the app cannot find the login.php page. Make sure your path to the script is correct.
Try removing the "public_html" from the link. That is your root folder. You do not need to specify this in your link. It should work if you remove that.
EDIT
Since you edited your post after I answered that question, let me edit mine to answer your next. Judging from the password_very function in you php file, you are using password_hash and your password is encrypted with password_hash('yourPass', PASSWORD_BCRYPT);?
In this case, I do not see that you included the library in you PHP script. Just add the following line to your php file and it should work.
include('path/to/password_hash.php');
The problem is, because the file is not found, password_verify is not recognized. I am sure if you change $_POST['username'] and $_POST['password'] to 'YourUsername' and 'YourPassword' and run your file from a browser, you will see all errors, and that will be one of them.
Hope this helps!
EDIT 2
Since you are having issues with the password. In your statement where you insert the password to the database use the password_hash function to hash the password BEFORE you insert it to the database like so:
$hashedPassword = ('Yourpassword', PASSWORD_BCRYPT);
Do your MySQL query and add the $hashedPassword value to the database in the password field. Then retrieve the password and username like you did at the very beginning and use the password_verify function to match the passwords like so:
if (password_verify($_POST['password'], $hashedPassword) {
// Do your login stuff.
}
Now it should login. (Optional Extra) Also, try looking at PDO to do your sql queries. It is much better. To use PDO do the following:
//Initiate Connection
$conn = new PDO('mysql:host='.$db_host.';dbname='.$db_name, $db_user, $db_password);
$stmt = $conn->prepare("SELECT password FROM user WHERE username = :username");
if ($stmt->execute(array(':username' => $_POST['username']))) {
if ($result = $stmt->fetch(PDO::FETCH_ASSOC)) {
$passwordFromDb = $result['password']; //This is the password you match in password verify. This password should be hashed in the database. if it is hashed it will look something like this - $2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq.
}
}
The problem I think is that you have 'Geige' stored as your password in the database and not that hashed string. So when the password_verify function tries to match the passwords, it fails. Your code might be right, but the password in the database might be wrong. When inserting the password to the database, make sure you are hashing it and inserting the hashed password.
I really hope this helps.
EDIT 3 Register Rewrite
<?php
//Initiate Connection
$conn = new PDO('mysql:host='.$db_host.';dbname='.$db_name, $db_user, $db_password);
$username = $_POST["username"];
$password = $_POST["password"];
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
$mobilenumber = $_POST["mobilenumber"];
$email = $_POST["email"];
$stmt = $conn->prepare("INSERT INTO user (username, hashedPassword, mobilenumber, email) VALUES (:username, :password, :mobile, :email)");
if ($stmt->execute(array(':username' => $username, ':password' => $hashedPassword, ':mobile' => $mobilenumber, ':email' => $email))) {
$response["success"] = true;
} else {
$response["success"] = false;
}
header('Content-Type: application/json');
echo json_encode($response);
?>
I am having a minimal Spring-based Restful server with the following hopefully public method
#RequestMapping("/regUser")
public #ResponseBody String addUser( #RequestParam(value="name", required=true) String username,
#RequestParam(value="email", required=true) String email,
#RequestParam(value="newsletter", required=true) String newsletter){
User newUser = new User();
newUser.setEmail(email);
newUser.setUsername(username);
newUser.setReceiveNewsletter(true);;
System.out.println("+++++++++++++++");
System.out.println("USER: " + username + " | email: " + email + " | newsletter: " + newsletter);
System.out.println("+++++++++++++++");
userRepo.save(newUser);
return "true";
}
When I open the link in the browser and provide the needed parameters using GET in the URL everything is working perfectly fine. So I assume the problem will be in the following Android part.
I want to call the method above from my Android Device. The user has to enter the needed information in three EditText and press a button for sending everthing to the Restful server.
#Override
protected UserWrapper doInBackground(String... params) {
try{
final String url = params[0];
RestTemplate tmpl = new RestTemplate();
tmpl.getMessageConverters().add(new MappingJackson2HttpMessageConverter());
UserWrapper greet = tmpl.getForObject(url, UserWrapper.class);
for(User usr : greet.getUsers()){
Log.d("User", "Post - Name: " + String.valueOf(usr.getUsername()));
Log.d("User", "Post - eMail: " + String.valueOf(usr.getEmail()));
}
return greet;
}catch(Exception ex){
ex.printStackTrace();
}
return null;
}
This is my Code for sending everything to the server. I did this in an AsyncTask because not blocking the main UI Thread in Android if the server takes a little bit longer.
So, what is happening?
First of all I got the message:
Error, required field name is not present.
If I switch form requiered = true to requiered = false, I got the short message "true" and the server reports the following short message:
+++++++++++++++
USER: null | email: null | newsletter: null
+++++++++++++++
How can I send the needed parameters using POST to the server?
Thanks to all of you trying to help!
What if you create a Map of params, then call your restfull service.
Map<String, String> params = new HashMap<String, String>();
//add params
params.put("name", "the name");
params.put("email", "the email");
params.put("newsletter", "the newsletter");
//call service method
String result = tmpl.getForObject(url, String.class, params);
Based on the suggestions, I've found another tutorial which is doing exactly what I wanted to to
http://johnathanmarksmith.com/spring/java/javaconfig/programming/spring%20java%20configuration/spring%20mvc/web/rest/resttemplate/2013/06/18/how-to-use-spring-resttemplate-to-post-data-to-a-web-service/
Using this tutorial everything is working the way I wanted it to work!
I am new to Dropwizard and am having a little trouble with the conversion from POJO to Json. I am using jQuery at the frontend where I am calling the ajax function with the type POST. I am trying to validate a login against data in a MySQL database. I know the database is connected and the correct user can be located in the database based on the credentials entered on the HTML login page.
Here is the backend code:
#POST
#UnitOfWork
#Path("/login")
#Produces("application/json")
public User login(String credentials) {
try {
ObjectMapper mapper = new ObjectMapper();
JsonNode root = mapper.readValue(credentials, JsonNode.class);
String username = root.get("Username").toString().replaceAll("\"", "");
String password = root.get("Password").toString().replaceAll("\"", "");
User user = userDAO.findByUsername(username);
//Check password matches and respond
boolean passwordMatched = user.isPasswordMatched(password);
//Return correct response
if (passwordMatched) {
return user;
}
}
catch (Exception e) {
System.out.println(e.getMessage());
}
return null;
}
Then at the front end I simply post the username and password to the url:
$(document).ready(function() {
$("#login").click(function() {
var username = $("#username").val();
var password = $("#password").val();
$.ajax({
url:'http://localhost:8080/User/login',
type: 'POST',
data: JSON.stringify({"Username" : username, "Password" : password}),
complete: function(data, status) {
alert("Status: " + status + "Data: " + JSON.stringify(data));
}
});
The console output from the server is HTTP code 200 and when I set a breakpoint in the login function I can see the correct database entry being found and being returned from function. However, the alert that is triggered on complete from the jQuery code prints an error.
The data returned from my server is valid JSon according to JsonLint. So it looks like ajax is not receiving the data which is strange because it sends the original login details successfully. Can anyone help with this?
Following the answer at Enabling cors in dropwizard not working seemed to fix my issue. It was a problem with CORS.