Super Simple Server Side Security
- Download S5.php and place it somewhere in your application.
- Edit the header and replace the database login information with your own.
- Create a file (I called mine createdatabase.php) in the same folder as S5.php
- Paste the following in the file you created
<?php
require 'S5.php';
$security = new S5();
$success = $security->prepare_database();
if($success) {
echo "Database prepared!";
} else {
echo "Error preparing database";
}
?>
- Visit the page in your browser (for example:
http://yourserver.com/createdatabase.php
) - Delete the file. You no longer need it
$security = new S5();
$security->register('username', 'password'); // -> true/false (Success)
$security->login('username', 'password'); // -> true/false (Credentials correct/incorrect)
$security->set_user_active('username'); // -> true/false (Sucess/Failure)
$security->set_user_inactive('username'); // -> true/false (Success/Failure)
$security->verify_account_active('username'); // -> true/false (Account active/inactive)
- Create a blank php file in the same folder a S5.php and paste in the following
<?php
require 'S5.php';
$security = new S5();
$credentials = $security->create_api_credentials();
echo "API Key: " . $credentials['key'];
echo "<br>";
echo "API Secret: " . $credentials['secret'];
?>
- View that page in a browser (for example: visit
http://yourserver.com/(file name).php
). It will display your credentials onscreen. - Delete the file to prevent anyone from creating their own api credentials
- Client calls
https://yourserver.com/api.php?api_key=(API KEY)&api_secret=(API SECRET)&user=(Username from S5)&token=(User's token)
- at the top of api.php (or whatever you call it) add
if(!$security->verify_get_api_request()) {
die("Request invalid");
}
// ... the rest of your code