堆栈内存溢出
  繁体   English   中英

用php Slim框架实现访问控制身份验证

[英]implementing access control authentication with php Slim framework

 原文  2017-05-12 11:00:11       php/ security/ slim/ restful-authentication

问题描述

我正在为我的应用程序后端使用php&slim构建一个宁静的api,我们也有一个网络版本,但我的团队使用纯php和网络套件,我们分开工作。 这只是我第一次承担后端责任,我对我如何以安全和专业的方式处理身份验证缺乏理解,我已经阅读了本文,但是我需要详细的方法来如何在php&slim和将其扩展到Web团队,以便使用相同的身份验证技术。

这就是我使用的登录/注册代码的方式:帮助我进行改进: 

    $app->post('/api/create_user', function( $request , $response , $args ){

require('../config.php');


$email = $_POST['email'];
$qry= "select * from user where email ='". $email."'";

$result=$mysqli->query($qry);

if(mysqli_num_rows($result)>0){

$user = new stdClass();
$user->status=0;
$user->error=" the email is registered ";
$result = new stdClass();
$result->result=$user;


}

else {


$password = md5($_POST['password']);
$image=$_FILES['image']['name'];
$email=$_POST['email'] ;
$nickname =$_POST['nickname'];
$birthDay=$_POST['birthdate'];

$insert_req="INSERT INTO user VALUES ('', '$email', '$password','$nickname')";

$insert_user_result=$mysqli->query($insert_req);    

if ($insert_user_result) {

$user = new stdClass();
$user->status=1;
$result = new stdClass();
$result->result=$user;}

else {$user = new stdClass();
$user->status=2;
$user->error=mysql_error();
$result = new stdClass();
$result->result=$user;}

}

if (isset($result)){
    header('Content-type: application/json');
echo json_encode($result);}

});


?>




    <?php
$app->post('/api/login', function( $request , $response , $args ){
require('../config.php');

$email =$_POST['email'];
$password = md5($_POST['password']);

$findemail_qry= "select user_id from user where email ='". $email."'";
$findemail_result =$mysqli->query($findemail_qry);

if(mysqli_num_rows($findemail_result)>0)
{
$login_qry="select user_id from user where email ='". $email."'AND password ='".$password."'";
$login_result =$mysqli->query($login_qry);
if(mysqli_num_rows($login_result)>0)
{
 $data =mysqli_fetch_assoc ($login_result);

$user_id=$data['user_id']; 
$user = new stdClass();
$user->status=1;
$user->user_id=$user_id;
$result = new stdClass();
$result->result=$user;}
           else
{$user = new stdClass();
$user->status=2;
$user->error="wrong password";
$result = new stdClass();
$result->result=$user; }
       }
           else 
{$user = new stdClass();
$user->status=0;
$user->error=" this email not registered ";
$result = new stdClass();
$result->result=$user;}


if (isset($result)){
    header('Content-type: application/json');
echo json_encode($result);
}

       });
?>

1 个解决方案

解决方案1
 0  2017-05-12 22:30:50

您可以在苗条的应用程序中使用JWT作为API的身份验证层

您可以使用此库来实现Slim JWT

您可以通过简单的方式使用类似这样的内容

尝试使用基本授权发送用户名和密码,然后您将生成一个新的JWT令牌,该令牌将在所有其他API中使用 

<?php

use \Firebase\JWT\JWT;
use \Slim\Middleware\HttpBasicAuthentication\AuthenticatorInterface;

require '../vendor/autoload.php';

$app = new \Slim\App;

class RandomAuthenticator implements AuthenticatorInterface {
   public function __invoke(array $arguments) {

    //validation for user and password 
     $Password=$arguments['password'];
      $user=$arguments['user'];
if(($Password=="admin") &&($user=="admin") ){
return true;
}  
else{

    return false ;

    }

}}

//add  http basic middleware for login route  
$app->add(new \Slim\Middleware\HttpBasicAuthentication([
    "path" => "/login",
     "realm" => "Protected",
    "authenticator" => new RandomAuthenticator()

]));


$app->post("/login", function ($request, $response, $arguments) {
//generate JWT token 
    $now = new DateTime();
    $future = new DateTime("now +20 minutes");
    $server = $request->getServerParams();

    $payload = [
        "iat" => $now->getTimeStamp(),
        "exp" => $future->getTimeStamp(),
        "sub" => $server["PHP_AUTH_USER"],
    ];
    $secret = "TOURSECERTKEY";
    $token = JWT::encode($payload, $secret, "HS512");
    $data["status"] = "ok";
    $data["token"] = $token;

    return $response->withStatus(201)
        ->withHeader("Content-Type", "application/json")
        ->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
});
//Add jWT token Authorization middleware for all API  
$app->add(new \Slim\Middleware\JwtAuthentication([
     "path" => ["/"],
    "passthrough" => ["/login"],
    "secret" => "TOURSECERTKEY",
    "error" => function ($request, $response, $arguments) {
        $data["status"] = "error";
        $data["message"] = $arguments["message"];
        return $response
            ->withHeader("Content-Type", "application/json")
            ->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
    }
]));

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Slim / PHP / Twig的访问控制 Slim框架中的访问控制源 将Slim框架实现为API PHP中的身份验证/访问控制 Slim Framework身份验证 Slim Framework和Ember.js中的Access-Control-Origin 部分网址需要在苗条3 php框架上进行JWT身份验证 在PHP F3框架中实现身份验证 Slim PHP框架帮助 SLIM框架PHP
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM