{"id":383,"date":"2021-01-30T22:52:00","date_gmt":"2021-01-30T22:52:00","guid":{"rendered":"https:\/\/rishikantsri.in\/blog\/?p=383"},"modified":"2023-10-11T09:45:40","modified_gmt":"2023-10-11T09:45:40","slug":"building-a-secure-php-api-for-mobile-clients-logincrud-operations-jwt-authentication-and-meaningful-responses","status":"publish","type":"post","link":"https:\/\/rishikantsri.in\/blog\/building-a-secure-php-api-for-mobile-clients-logincrud-operations-jwt-authentication-and-meaningful-responses\/","title":{"rendered":"Building a Secure PHP API for Mobile Clients: Login,CRUD Operations, JWT Authentication, and Meaningful Responses"},"content":{"rendered":"\n

(updated) In today’s mobile-first world, building a robust and secure PHP API is crucial. This API should not only perform CRUD (Create, Read, Update, Delete) operations but also ensure API security, user authentication with JSON Web Tokens (JWT), and provide meaningful responses with status codes for mobile applications.<\/p>\n\n\n\n

Setting Up Your Environment<\/h3>\n\n\n\n

Before we dive into PHP API development, ensure you have the necessary tools and environment set up:<\/p>\n\n\n\n

    \n
  1. PHP Installed<\/strong>: Make sure you have PHP installed on your server.<\/li>\n\n\n\n
  2. MySQL Database<\/strong>: Set up a MySQL database to interact with your API.<\/li>\n\n\n\n
  3. Web Server<\/strong>: Configure a web server like Apache or Nginx to handle PHP requests.<\/li>\n<\/ol>\n\n\n\n

    Let’s create 6 files, you might have the following files:<\/p>\n\n\n\n

      \n
    1. index.php: default file<\/li>\n\n\n\n
    2. login.php<\/code>: Contains the Login operation.<\/li>\n\n\n\n
    3. create.php<\/code>: Contains the create<\/code> operation.<\/li>\n\n\n\n
    4. read.php<\/code>: Contains the Read operation.<\/li>\n\n\n\n
    5. update.php<\/code>: Contains the Update operation.<\/li>\n\n\n\n
    6. delete.php<\/code>: Contains the Delete operation.<\/li>\n<\/ol>\n\n\n\n

      <\/p>\n\n\n\n

      Each of these files would handle a specific API endpoint.<\/p>\n\n\n\n

      The full API URL for each function in a typical setup would depend on your web server configuration and URL structure. Assuming your API is hosted on http:\/\/example.com\/api\/, here are the full API URLs for each function:<\/p>\n\n\n\n

      create<\/code> Operation:<\/h2>\n\n\n\n

      Full API URL: http:\/\/phpapis.test\/api\/create<\/code>.php<\/p>\n\n\n\n

      HTTP Method: POST<\/p>\n\n\n\n

      Read Operation:<\/h2>\n\n\n\n

      Full API URL: http:\/\/phpapis.test\/api\/read.php<\/p>\n\n\n\n

      HTTP Method: GET<\/p>\n\n\n\n

      Update Operation:<\/h2>\n\n\n\n

      Full API URL: http:\/\/phpapis.test\/api\/update.php<\/p>\n\n\n\n

      HTTP Method: POST<\/p>\n\n\n\n

      Delete Operation:<\/h2>\n\n\n\n

      Full API URL: http:\/\/phpapis.test\/api\/delete.php<\/p>\n\n\n\n

      HTTP Method: POST<\/p>\n\n\n\n

      Login Operation:<\/h2>\n\n\n\n

      Full API URL: http:\/\/phpapis.test\/api\/login.php<\/p>\n\n\n\n

      HTTP Method: POST<\/p>\n\n\n\n

      you can achieve clean URLs without .php<\/code> extensions using Apache’s .htaccess<\/code> file as an example:<\/p>\n\n\n\n

      <\/p>\n\n\n\n

      PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
      # Enable URL rewriting<\/span><\/span>\nRewriteEngine <\/span>On<\/span><\/span>\n<\/span>\n# to send bearer token with request<\/span><\/span>\nRewriteCond <\/span>%<\/span>{HTTP:Authorization} <\/span>^<\/span>(<\/span>.<\/span>+<\/span>)$<\/span><\/span>\nRewriteRule <\/span>.<\/span>*<\/span> <\/span>-<\/span> [E<\/span>=<\/span>HTTP_AUTHORIZATION:<\/span>%<\/span>{HTTP:Authorization}]<\/span><\/span>\n<\/span>\n<\/span>\n<\/span>\n# Redirect URLs with .php extension to non-extension versions<\/span><\/span>\nRewriteCond <\/span>%<\/span>{THE_REQUEST} \\s<\/span>\/+<\/span>(<\/span>.<\/span>*?<\/span>)\\<\/span>.<\/span>php [NC]<\/span><\/span>\nRewriteRule <\/span>^<\/span> <\/span>\/%<\/span>1<\/span> [R<\/span>=<\/span>301<\/span>,<\/span>L]<\/span><\/span>\n<\/span>\n# Rewrite URLs without the .php extension to their corresponding .php files<\/span><\/span>\nRewriteCond <\/span>%<\/span>{REQUEST_FILENAME} <\/span>!-<\/span>d<\/span><\/span>\nRewriteCond <\/span>%<\/span>{REQUEST_FILENAME}<\/span>.<\/span>php <\/span>-<\/span>f<\/span><\/span>\nRewriteRule <\/span>^<\/span>([<\/span>^<\/span>\\<\/span>.<\/span>]<\/span>+<\/span>)$ $<\/span>1<\/span>.<\/span>php [NC<\/span>,<\/span>L]<\/span><\/span>\n<\/span>\n# Define rules to map clean URLs to PHP scripts<\/span><\/span>\nRewriteRule <\/span>^<\/span>api<\/span>\/<\/span>create$ create<\/span>.<\/span>php [L]<\/span><\/span>\nRewriteRule <\/span>^<\/span>api<\/span>\/<\/span>read$ read<\/span>.<\/span>php [L]<\/span><\/span>\nRewriteRule <\/span>^<\/span>api<\/span>\/<\/span>update$ update<\/span>.<\/span>php [L]<\/span><\/span>\nRewriteRule <\/span>^<\/span>api<\/span>\/<\/span>delete$ delete<\/span>.<\/span>php [L]<\/span><\/span>\nRewriteRule <\/span>^<\/span>api<\/span>\/<\/span>login$ login<\/span>.<\/span>php [L]<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
      Login Operation<\/h2>\n\n\n\n
      Let’s add a Login operation to the PHP API with JWT authentication for user login. We’ll also provide responses suitable for mobile clients.<\/p>\n\n\n\n
      PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
      <?<\/span>php<\/span><\/span>\n\/\/ Include JWT library<\/span><\/span>\nrequire<\/span> <\/span>'vendor\/autoload.php'<\/span>;<\/span><\/span>\n<\/span>\nuse<\/span> <\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>JWT<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Database configuration<\/span><\/span>\n$servername <\/span>=<\/span> <\/span>"localhost"<\/span>;<\/span><\/span>\n$username <\/span>=<\/span> <\/span>"root"<\/span>;<\/span><\/span>\n$password <\/span>=<\/span> <\/span>""<\/span>;<\/span><\/span>\n$dbname <\/span>=<\/span> <\/span>"phpapis"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ JWT secret key<\/span><\/span>\n$jwtSecretKey <\/span>=<\/span> <\/span>"your_jwt_secret_key"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Function to establish a database connection<\/span><\/span>\nfunction<\/span> connectToDatabase() {<\/span><\/span>\n    <\/span>global<\/span> $servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname;<\/span><\/span>\n    <\/span><\/span>\n    $connection <\/span>=<\/span> <\/span>new<\/span> <\/span>mysqli<\/span>($servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname);<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($connection<\/span>-><\/span>connect_error) {<\/span><\/span>\n        <\/span>die<\/span>(<\/span>"Connection failed: "<\/span> <\/span>.<\/span> $connection<\/span>-><\/span>connect_error);<\/span><\/span>\n    }<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $connection;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to authenticate a user and generate a JWT<\/span><\/span>\nfunction<\/span> authenticateUser($username<\/span>,<\/span> $password) {<\/span><\/span>\n    <\/span>global<\/span> $jwtSecretKey;<\/span><\/span>\n<\/span>\n    <\/span>\/\/ Replace this with your actual user authentication logic<\/span><\/span>\n    <\/span>\/\/ For this example, we'll assume you have a user database<\/span><\/span>\n    $user <\/span>=<\/span> getUserFromDatabase<\/span>(<\/span>$username<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($user <\/span>!==<\/span> <\/span>null<\/span> <\/span>&&<\/span> password_verify<\/span>(<\/span>$password<\/span>,<\/span> $user[<\/span>'password'<\/span>]<\/span>)<\/span>) {<\/span><\/span>\n        <\/span>\/\/ User exists in the database, and the provided password matches the hashed password<\/span><\/span>\n        <\/span>\/\/ Create a payload for the JWT with user-related data<\/span><\/span>\n        $payload <\/span>=<\/span> array(<\/span><\/span>\n            <\/span>"user_id"<\/span> <\/span>=><\/span> $user[<\/span>'id'<\/span>]<\/span>,<\/span><\/span>\n            <\/span>"username"<\/span> <\/span>=><\/span> $user[<\/span>'username'<\/span>]<\/span>,<\/span><\/span>\n            <\/span>"registration_date"<\/span> <\/span>=><\/span> $user[<\/span>'date'<\/span>]<\/span>,<\/span><\/span>\n            <\/span>\/\/ You can add more user-related data here<\/span><\/span>\n        );<\/span><\/span>\n        $algorithm <\/span>=<\/span> <\/span>'HS256'<\/span>;<\/span><\/span>\n        <\/span>\/\/ Encode the payload into a JWT using the secret key<\/span><\/span>\n        $jwt <\/span>=<\/span> <\/span>JWT<\/span>::<\/span>encode<\/span>(<\/span>$payload<\/span>,<\/span> $jwtSecretKey<\/span>,<\/span>$algorithm<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n        <\/span>return<\/span> $jwt;<\/span><\/span>\n    }<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> <\/span>false<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Login Operation<\/span><\/span>\nif<\/span> ($_SERVER[<\/span>"REQUEST_METHOD"<\/span>] <\/span>==<\/span> <\/span>"POST"<\/span> <\/span>&&<\/span> isset<\/span>(<\/span>$_POST[<\/span>"username"<\/span>]<\/span>)<\/span> <\/span>&&<\/span> isset<\/span>(<\/span>$_POST[<\/span>"password"<\/span>]<\/span>)<\/span>) {<\/span><\/span>\n    $username <\/span>=<\/span> $_POST[<\/span>"username"<\/span>];<\/span><\/span>\n    $password <\/span>=<\/span> $_POST[<\/span>"password"<\/span>];<\/span><\/span>\n<\/span>\n    <\/span>\/\/ echo $username . $password;<\/span><\/span>\n<\/span>\n    $jwt <\/span>=<\/span> authenticateUser<\/span>(<\/span>$username<\/span>,<\/span> $password<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($jwt) {<\/span><\/span>\n        http_response_code<\/span>(<\/span>200<\/span>)<\/span>;<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"success"<\/span>,<\/span> <\/span>"jwt"<\/span> <\/span>=><\/span> $jwt]<\/span>)<\/span>;<\/span><\/span>\n    } <\/span>else<\/span> {<\/span><\/span>\n        http_response_code<\/span>(<\/span>401<\/span>)<\/span>;<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Authentication failed"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n} <\/span>else<\/span> {<\/span><\/span>\n    http_response_code<\/span>(<\/span>400<\/span>)<\/span>;<\/span><\/span>\n    echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Invalid request"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n<\/span>\n\/\/ Function to retrieve user data from the database (dummy example)<\/span><\/span>\nfunction<\/span> getUserFromDatabase($username) {<\/span><\/span>\n    <\/span>\/\/ Replace this with your actual database query to fetch user data by username<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>SELECT<\/span> <\/span>*<\/span> <\/span>FROM<\/span> users <\/span>WHERE<\/span> username <\/span>=<\/span> :username'<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>execute<\/span>()<\/span>;<\/span><\/span>\n    $user <\/span>=<\/span> $stmt<\/span>-><\/span>fetch<\/span>(<\/span>PDO<\/span>::<\/span>FETCH_ASSOC<\/span>)<\/span>;<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>null<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $user;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n?><\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
      Create (C) Operation<\/h4>\n\n\n\n
      Creating a new record in your database is essential, and now it’s secure with JWT authentication:<\/p>\n\n\n\n
      PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
      <?<\/span>php<\/span><\/span>\n<\/span>\n\/\/ Include JWT library<\/span><\/span>\nrequire<\/span> <\/span>'vendor\/autoload.php'<\/span>;<\/span><\/span>\n<\/span>\nuse<\/span> <\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>JWT<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Database configuration<\/span><\/span>\n$servername <\/span>=<\/span> <\/span>"localhost"<\/span>;<\/span><\/span>\n$username <\/span>=<\/span> <\/span>"root"<\/span>;<\/span><\/span>\n$password <\/span>=<\/span> <\/span>""<\/span>;<\/span><\/span>\n$dbname <\/span>=<\/span> <\/span>"phpapis"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ JWT secret key<\/span><\/span>\n$jwtSecretKey <\/span>=<\/span> <\/span>"your_jwt_secret_key"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Function to establish a database connection<\/span><\/span>\nfunction<\/span> connectToDatabase()<\/span><\/span>\n{<\/span><\/span>\n    <\/span>global<\/span> $servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname;<\/span><\/span>\n<\/span>\n    $connection <\/span>=<\/span> <\/span>new<\/span> <\/span>mysqli<\/span>($servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname);<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($connection<\/span>-><\/span>connect_error) {<\/span><\/span>\n        <\/span>die<\/span>(<\/span>"Connection failed: "<\/span> <\/span>.<\/span> $connection<\/span>-><\/span>connect_error);<\/span><\/span>\n    }<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $connection;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n<\/span>\n\/\/ User Registration Operation<\/span><\/span>\nif<\/span> ($_SERVER[<\/span>"REQUEST_METHOD"<\/span>] <\/span>==<\/span> <\/span>"POST"<\/span> <\/span>&&<\/span> isset<\/span>(<\/span>$_POST[<\/span>"username"<\/span>]<\/span>)<\/span> <\/span>&&<\/span> isset<\/span>(<\/span>$_POST[<\/span>"password"<\/span>]<\/span>)<\/span>) {<\/span><\/span>\n    $newUsername <\/span>=<\/span> $_POST[<\/span>"username"<\/span>];<\/span><\/span>\n    $newPassword <\/span>=<\/span> $_POST[<\/span>"password"<\/span>];<\/span><\/span>\n<\/span>\n    <\/span>\/\/ Check if the username is available (not already taken)<\/span><\/span>\n    <\/span>if<\/span> (isUsernameAvailable<\/span>(<\/span>$newUsername<\/span>)<\/span>) {<\/span><\/span>\n        <\/span>\/\/ Hash the password before storing it in the database<\/span><\/span>\n        $hashedPassword <\/span>=<\/span> password_hash<\/span>(<\/span>$newPassword<\/span>,<\/span> PASSWORD_BCRYPT<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n        <\/span>\/\/ Store the new user in the database<\/span><\/span>\n        <\/span>if<\/span> (createUserInDatabase<\/span>(<\/span>$newUsername<\/span>,<\/span> $hashedPassword<\/span>)<\/span>) {<\/span><\/span>\n            http_response_code<\/span>(<\/span>201<\/span>)<\/span>; <\/span>\/\/ HTTP status code for successful resource creation<\/span><\/span>\n            echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"success"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"User created successfully"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n        } <\/span>else<\/span> {<\/span><\/span>\n            http_response_code<\/span>(<\/span>500<\/span>)<\/span>; <\/span>\/\/ HTTP status code for server error<\/span><\/span>\n            echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"User creation failed"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n        }<\/span><\/span>\n    } <\/span>else<\/span> {<\/span><\/span>\n        http_response_code<\/span>(<\/span>400<\/span>)<\/span>; <\/span>\/\/ HTTP status code for bad request<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Username already taken"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n} <\/span>else<\/span> {<\/span><\/span>\n    http_response_code<\/span>(<\/span>400<\/span>)<\/span>;<\/span><\/span>\n    echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Invalid request"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n<\/span>\n\/\/ Function to check if a username is available<\/span><\/span>\nfunction<\/span> isUsernameAvailable($username)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>\/\/ Replace this with your actual database query to check if the username is available<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>SELECT<\/span> <\/span>*<\/span> <\/span>FROM<\/span> users <\/span>WHERE<\/span> username <\/span>=<\/span> :username'<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>execute<\/span>()<\/span>;<\/span><\/span>\n    $user <\/span>=<\/span> $stmt<\/span>-><\/span>fetch<\/span>(<\/span>PDO<\/span>::<\/span>FETCH_ASSOC<\/span>)<\/span>;<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>null<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $user <\/span>===<\/span> <\/span>false<\/span>; <\/span>\/\/ If no user is found, the username is available<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to create a user in the database<\/span><\/span>\nfunction<\/span> createUserInDatabase($username<\/span>,<\/span> $password)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>\/\/ Create a timestamp for the current date and time<\/span><\/span>\n    $currentDate <\/span>=<\/span> date<\/span>(<\/span>'Y-m-d H:i:s'<\/span>)<\/span>;<\/span><\/span>\n    <\/span><\/span>\n    <\/span>\/\/ Replace this with your actual database insert query to create a new user<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n<\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>INSERT INTO<\/span><\/span>\n    users (username, <\/span>password<\/span>, <\/span>date<\/span>) <\/span><\/span>\n    <\/span>VALUES<\/span> (:username, :<\/span>password<\/span>, :registration_date)'<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':password'<\/span>,<\/span> $password<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':registration_date'<\/span>,<\/span> $currentDate<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($stmt<\/span>-><\/span>execute<\/span>()<\/span>) {<\/span><\/span>\n        <\/span>return<\/span> <\/span>true<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> <\/span>false<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to retrieve user data from the database (dummy example)<\/span><\/span>\nfunction<\/span> getUserFromDatabase($username)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>\/\/ Replace this with your actual database query to fetch user data by username<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>SELECT<\/span> <\/span>*<\/span> <\/span>FROM<\/span> users <\/span>WHERE<\/span> username <\/span>=<\/span> :username'<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>execute<\/span>()<\/span>;<\/span><\/span>\n    $user <\/span>=<\/span> $stmt<\/span>-><\/span>fetch<\/span>(<\/span>PDO<\/span>::<\/span>FETCH_ASSOC<\/span>)<\/span>;<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>null<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $user;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n<\/span>\n<\/span>\n?><\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
      Read (R) Operation<\/h4>\n\n\n\n
      Reading data from your database now requires JWT authentication:<\/p>\n\n\n\n
      PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
      <?<\/span>php<\/span><\/span>\n<\/span>\n\/\/ Include JWT library<\/span><\/span>\nrequire<\/span> <\/span>'vendor\/autoload.php'<\/span>;<\/span><\/span>\n<\/span>\nuse<\/span> <\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>JWT<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Database configuration<\/span><\/span>\n$servername <\/span>=<\/span> <\/span>"localhost"<\/span>;<\/span><\/span>\n$username <\/span>=<\/span> <\/span>"root"<\/span>;<\/span><\/span>\n$password <\/span>=<\/span> <\/span>""<\/span>;<\/span><\/span>\n$dbname <\/span>=<\/span> <\/span>"phpapis"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ JWT secret key<\/span><\/span>\n$jwtSecretKey <\/span>=<\/span> <\/span>"your_jwt_secret_key"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Function to establish a database connection<\/span><\/span>\nfunction<\/span> connectToDatabase()<\/span><\/span>\n{<\/span><\/span>\n    <\/span>global<\/span> $servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname;<\/span><\/span>\n<\/span>\n    $connection <\/span>=<\/span> <\/span>new<\/span> <\/span>mysqli<\/span>($servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname);<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($connection<\/span>-><\/span>connect_error) {<\/span><\/span>\n        <\/span>die<\/span>(<\/span>"Connection failed: "<\/span> <\/span>.<\/span> $connection<\/span>-><\/span>connect_error);<\/span><\/span>\n    }<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $connection;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\nif<\/span> ($_SERVER[<\/span>"REQUEST_METHOD"<\/span>] <\/span>==<\/span> <\/span>"GET"<\/span> <\/span>&&<\/span> isset<\/span>(<\/span>$_GET[<\/span>"username"<\/span>]<\/span>)<\/span>) {<\/span><\/span>\n    <\/span>\/\/ Read Operation: Retrieve user data<\/span><\/span>\n    $usernameToRead <\/span>=<\/span> $_GET[<\/span>"username"<\/span>];<\/span><\/span>\n<\/span>\n    <\/span>\/\/ Check if the username exists<\/span><\/span>\n    $user <\/span>=<\/span> getUserFromDatabase<\/span>(<\/span>$usernameToRead<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($user <\/span>!==<\/span> <\/span>false<\/span>) {<\/span><\/span>\n        http_response_code<\/span>(<\/span>200<\/span>)<\/span>; <\/span>\/\/ HTTP status code for success<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"success"<\/span>,<\/span> <\/span>"user"<\/span> <\/span>=><\/span> $user]<\/span>)<\/span>;<\/span><\/span>\n    } <\/span>else<\/span> {<\/span><\/span>\n        http_response_code<\/span>(<\/span>404<\/span>)<\/span>; <\/span>\/\/ HTTP status code for not found<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"User not found"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n} <\/span>else<\/span> {<\/span><\/span>\n    http_response_code<\/span>(<\/span>400<\/span>)<\/span>;<\/span><\/span>\n    echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Invalid request"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to retrieve user data from the database (dummy example)<\/span><\/span>\nfunction<\/span> getUserFromDatabase($username)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>\/\/ Replace this with your actual database query to fetch user data by username<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>SELECT<\/span> username, <\/span>date<\/span> <\/span>FROM<\/span> users <\/span>WHERE<\/span> username <\/span>=<\/span> :username'<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>execute<\/span>()<\/span>;<\/span><\/span>\n    $user <\/span>=<\/span> $stmt<\/span>-><\/span>fetch<\/span>(<\/span>PDO<\/span>::<\/span>FETCH_ASSOC<\/span>)<\/span>;<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>null<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $user;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n?><\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
      Update (U) Operation<\/h4>\n\n\n\n
      Updating an existing record is now more secure with JWT-based authentication:<\/p>\n\n\n\n
      PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
      <?<\/span>php<\/span><\/span>\n<\/span>\n\/\/ Include JWT library<\/span><\/span>\nrequire<\/span> <\/span>'vendor\/autoload.php'<\/span>;<\/span><\/span>\n<\/span>\nuse<\/span> <\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>JWT<\/span>;<\/span><\/span>\nuse<\/span> <\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>Key<\/span>;<\/span><\/span>\n\/\/ Database configuration<\/span><\/span>\n$servername <\/span>=<\/span> <\/span>"localhost"<\/span>;<\/span><\/span>\n$username <\/span>=<\/span> <\/span>"root"<\/span>;<\/span><\/span>\n$password <\/span>=<\/span> <\/span>""<\/span>;<\/span><\/span>\n$dbname <\/span>=<\/span> <\/span>"phpapis"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ JWT secret key<\/span><\/span>\n$jwtSecretKey <\/span>=<\/span> <\/span>"your_jwt_secret_key"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Function to establish a database connection<\/span><\/span>\nfunction<\/span> connectToDatabase()<\/span><\/span>\n{<\/span><\/span>\n    <\/span>global<\/span> $servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname;<\/span><\/span>\n<\/span>\n    $connection <\/span>=<\/span> <\/span>new<\/span> <\/span>mysqli<\/span>($servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname);<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($connection<\/span>-><\/span>connect_error) {<\/span><\/span>\n        <\/span>die<\/span>(<\/span>"Connection failed: "<\/span> <\/span>.<\/span> $connection<\/span>-><\/span>connect_error);<\/span><\/span>\n    }<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $connection;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to validate and decode the JWT<\/span><\/span>\nfunction<\/span> validateJWT($jwt)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>global<\/span> $jwtSecretKey;<\/span><\/span>\n   <\/span><\/span>\n<\/span>\n    $headers <\/span>=<\/span> <\/span>null<\/span>; <\/span>\/\/ We're not interested in the headers in this example<\/span><\/span>\n<\/span>\n    <\/span>try<\/span> {<\/span><\/span>\n         <\/span><\/span>\n        $decoded <\/span>=<\/span> <\/span>JWT<\/span>::<\/span>decode<\/span>(<\/span>$jwt<\/span>,<\/span> <\/span>new<\/span> <\/span>Key<\/span>($jwtSecretKey<\/span>,<\/span> <\/span>'HS256'<\/span>)<\/span>)<\/span>;<\/span><\/span>\n        <\/span>return<\/span> $decoded;<\/span><\/span>\n    }<\/span>catch<\/span> (<\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>ExpiredException<\/span> $e) {<\/span><\/span>\n        <\/span>\/\/ Handle token expiration<\/span><\/span>\n        echo $e;<\/span><\/span>\n        <\/span>return<\/span> <\/span>null<\/span>;<\/span><\/span>\n    } <\/span>catch<\/span> (<\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>BeforeValidException<\/span> $e) {<\/span><\/span>\n        <\/span>\/\/ Handle token not yet valid<\/span><\/span>\n        echo $e;<\/span><\/span>\n        <\/span>return<\/span> <\/span>null<\/span>;<\/span><\/span>\n    } <\/span>catch<\/span> (<\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>SignatureInvalidException<\/span> $e) {<\/span><\/span>\n        <\/span>\/\/ Handle invalid signature<\/span><\/span>\n        echo $e;<\/span><\/span>\n        <\/span>return<\/span> <\/span>null<\/span>;<\/span><\/span>\n    } <\/span>catch<\/span> (<\/span>Exception<\/span> $e) {<\/span><\/span>\n        <\/span>\/\/ Handle other exceptions<\/span><\/span>\n        echo $e;<\/span><\/span>\n        <\/span>return<\/span> <\/span>null<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to update the user's password<\/span><\/span>\nfunction<\/span> updateUserPassword($username<\/span>,<\/span> $newPassword)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>\/\/ Hash the new password before storing it in the database<\/span><\/span>\n    $hashedPassword <\/span>=<\/span> password_hash<\/span>(<\/span>$newPassword<\/span>,<\/span> PASSWORD_BCRYPT<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>\/\/ Replace this with your actual database update query to update the user's password<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>UPDATE<\/span> users <\/span>SET<\/span> <\/span>password<\/span> <\/span>=<\/span> :<\/span>password<\/span> <\/span>WHERE<\/span> username <\/span>=<\/span> :username'<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':password'<\/span>,<\/span> $hashedPassword<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($stmt<\/span>-><\/span>execute<\/span>()<\/span>) {<\/span><\/span>\n        <\/span>return<\/span> <\/span>true<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> <\/span>false<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n<\/span>\n<\/span>\nif<\/span> ($_SERVER[<\/span>"REQUEST_METHOD"<\/span>] <\/span>==<\/span> <\/span>"POST"<\/span> <\/span>&&<\/span> isset<\/span>(<\/span>$_POST[<\/span>"username"<\/span>]<\/span>)<\/span>) {<\/span><\/span>\n    <\/span>\/\/ Update Operation: Update user password<\/span><\/span>\n    $requestedUsername <\/span>=<\/span> $_POST[<\/span>"username"<\/span>];<\/span><\/span>\n<\/span>\n    <\/span>\/\/ Check if the JWT is provided in the request header<\/span><\/span>\n    <\/span>if<\/span> (isset<\/span>(<\/span>$_SERVER[<\/span>'HTTP_AUTHORIZATION'<\/span>]<\/span>)<\/span>) {<\/span><\/span>\n        $authorizationHeader <\/span>=<\/span> $_SERVER[<\/span>'HTTP_AUTHORIZATION'<\/span>];<\/span><\/span>\n        $jwt <\/span>=<\/span> <\/span>str_replace<\/span>(<\/span>'Bearer '<\/span>,<\/span> <\/span>''<\/span>,<\/span> $authorizationHeader<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n        <\/span>\/\/ echo $jwt;<\/span><\/span>\n        <\/span>\/\/ Validate the JWT<\/span><\/span>\n        $decodedJWT <\/span>=<\/span> validateJWT<\/span>(<\/span>$jwt<\/span>)<\/span>;<\/span><\/span>\n      <\/span><\/span>\n<\/span>\n        <\/span>if<\/span> ($decodedJWT <\/span>!==<\/span> <\/span>null<\/span>) {<\/span><\/span>\n            <\/span>\/\/ The JWT is valid, and you can access the claims, including the user's information<\/span><\/span>\n            <\/span>\/\/ Here, we assume that the "username" claim in the JWT is the authenticated user's username<\/span><\/span>\n            $authenticatedUsername <\/span>=<\/span> $decodedJWT<\/span>-><\/span>username;<\/span><\/span>\n<\/span>\n            <\/span>if<\/span> ($authenticatedUsername <\/span>===<\/span> $requestedUsername) {<\/span><\/span>\n                <\/span>\/\/ The authenticated user is updating their own password<\/span><\/span>\n                <\/span>\/\/ Retrieve the new password from the request<\/span><\/span>\n                $newPassword <\/span>=<\/span> $_POST[<\/span>"password"<\/span>];<\/span><\/span>\n<\/span>\n                <\/span>\/\/ Update the user's password in the database<\/span><\/span>\n                <\/span>if<\/span> (updateUserPassword<\/span>(<\/span>$requestedUsername<\/span>,<\/span> $newPassword<\/span>)<\/span>) {<\/span><\/span>\n                    http_response_code<\/span>(<\/span>200<\/span>)<\/span>; <\/span>\/\/ HTTP status code for success<\/span><\/span>\n                    echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"success"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Password updated successfully"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n                } <\/span>else<\/span> {<\/span><\/span>\n                    http_response_code<\/span>(<\/span>500<\/span>)<\/span>; <\/span>\/\/ HTTP status code for server error<\/span><\/span>\n                    echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Password update failed"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n                }<\/span><\/span>\n            } <\/span>else<\/span> {<\/span><\/span>\n                http_response_code<\/span>(<\/span>403<\/span>)<\/span>; <\/span>\/\/ HTTP status code for forbidden<\/span><\/span>\n                echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Access forbidden"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n            }<\/span><\/span>\n        } <\/span>else<\/span> {<\/span><\/span>\n            http_response_code<\/span>(<\/span>401<\/span>)<\/span>; <\/span>\/\/ HTTP status code for unauthorized<\/span><\/span>\n            echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Invalid JWT"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n        }<\/span><\/span>\n    } <\/span>else<\/span> {<\/span><\/span>\n        http_response_code<\/span>(<\/span>401<\/span>)<\/span>; <\/span>\/\/ HTTP status code for unauthorized<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"JWT not provided"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n} <\/span>else<\/span> {<\/span><\/span>\n    http_response_code<\/span>(<\/span>400<\/span>)<\/span>;<\/span><\/span>\n    echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Invalid request"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to retrieve user data from the database (dummy example)<\/span><\/span>\nfunction<\/span> getUserFromDatabase($username)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>\/\/ Replace this with your actual database query to fetch user data by username<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>SELECT<\/span> <\/span>*<\/span> <\/span>FROM<\/span> users <\/span>WHERE<\/span> username <\/span>=<\/span> :username'<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>execute<\/span>()<\/span>;<\/span><\/span>\n    $user <\/span>=<\/span> $stmt<\/span>-><\/span>fetch<\/span>(<\/span>PDO<\/span>::<\/span>FETCH_ASSOC<\/span>)<\/span>;<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>null<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $user;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n?><\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
      <\/p>\n\n\n\n
      Delete (D) Operation<\/h4>\n\n\n\n
      Deleting a record is protected by JWT authentication:<\/p>\n\n\n\n
      PHP<\/span><\/span><\/path><\/path><\/svg><\/span>
      <?<\/span>php<\/span><\/span>\n<\/span>\n\/\/ Include JWT library<\/span><\/span>\nrequire<\/span> <\/span>'vendor\/autoload.php'<\/span>;<\/span><\/span>\n<\/span>\nuse<\/span> <\/span>Firebase<\/span>\\<\/span>JWT<\/span>\\<\/span>JWT<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Database configuration<\/span><\/span>\n$servername <\/span>=<\/span> <\/span>"localhost"<\/span>;<\/span><\/span>\n$username <\/span>=<\/span> <\/span>"root"<\/span>;<\/span><\/span>\n$password <\/span>=<\/span> <\/span>""<\/span>;<\/span><\/span>\n$dbname <\/span>=<\/span> <\/span>"phpapis"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ JWT secret key<\/span><\/span>\n$jwtSecretKey <\/span>=<\/span> <\/span>"your_jwt_secret_key"<\/span>;<\/span><\/span>\n<\/span>\n\/\/ Function to establish a database connection<\/span><\/span>\nfunction<\/span> connectToDatabase()<\/span><\/span>\n{<\/span><\/span>\n    <\/span>global<\/span> $servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname;<\/span><\/span>\n<\/span>\n    $connection <\/span>=<\/span> <\/span>new<\/span> <\/span>mysqli<\/span>($servername<\/span>,<\/span> $username<\/span>,<\/span> $password<\/span>,<\/span> $dbname);<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($connection<\/span>-><\/span>connect_error) {<\/span><\/span>\n        <\/span>die<\/span>(<\/span>"Connection failed: "<\/span> <\/span>.<\/span> $connection<\/span>-><\/span>connect_error);<\/span><\/span>\n    }<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $connection;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\nif<\/span> ($_SERVER[<\/span>"REQUEST_METHOD"<\/span>] <\/span>==<\/span> <\/span>"GET"<\/span> <\/span>&&<\/span> isset<\/span>(<\/span>$_GET[<\/span>"username"<\/span>]<\/span>)<\/span>) {<\/span><\/span>\n    <\/span>\/\/ Read Operation: Retrieve user data<\/span><\/span>\n    $usernameToRead <\/span>=<\/span> $_GET[<\/span>"username"<\/span>];<\/span><\/span>\n<\/span>\n    <\/span>\/\/ Check if the username exists<\/span><\/span>\n    $user <\/span>=<\/span> getUserFromDatabase<\/span>(<\/span>$usernameToRead<\/span>)<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>if<\/span> ($user <\/span>!==<\/span> <\/span>false<\/span>) {<\/span><\/span>\n        http_response_code<\/span>(<\/span>200<\/span>)<\/span>; <\/span>\/\/ HTTP status code for success<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"success"<\/span>,<\/span> <\/span>"user"<\/span> <\/span>=><\/span> $user]<\/span>)<\/span>;<\/span><\/span>\n    } <\/span>else<\/span> {<\/span><\/span>\n        http_response_code<\/span>(<\/span>404<\/span>)<\/span>; <\/span>\/\/ HTTP status code for not found<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"User not found"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n} <\/span>elseif<\/span> ($_SERVER[<\/span>"REQUEST_METHOD"<\/span>] <\/span>==<\/span> <\/span>"<\/span>DELETE<\/span>"<\/span> <\/span>&&<\/span> isset<\/span>(<\/span>$_GET[<\/span>"username"<\/span>]<\/span>)<\/span>) {<\/span><\/span>\n    <\/span>\/\/ Delete Operation: Delete a user<\/span><\/span>\n    $usernameToDelete <\/span>=<\/span> $_GET[<\/span>"username"<\/span>];<\/span><\/span>\n<\/span>\n    <\/span>\/\/ Check if the user was successfully deleted<\/span><\/span>\n    <\/span>if<\/span> (deleteUserFromDatabase<\/span>(<\/span>$usernameToDelete<\/span>)<\/span>) {<\/span><\/span>\n        <\/span><\/span>\n        <\/span>\/\/ http_response_code(204); \/\/ no content will be displayed HTTP status code for successful deletion<\/span><\/span>\n        http_response_code<\/span>(<\/span>200<\/span>)<\/span>; <\/span>\/\/ HTTP status code for successful deletion<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"success"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"User deleted successfully"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n    } <\/span>else<\/span> {<\/span><\/span>\n        http_response_code<\/span>(<\/span>404<\/span>)<\/span>; <\/span>\/\/ HTTP status code for not found<\/span><\/span>\n        echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"User not found or deletion failed"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n    }<\/span><\/span>\n} <\/span>else<\/span> {<\/span><\/span>\n    http_response_code<\/span>(<\/span>400<\/span>)<\/span>;<\/span><\/span>\n    echo json_encode<\/span>(<\/span>[<\/span>"status"<\/span> <\/span>=><\/span> <\/span>"error"<\/span>,<\/span> <\/span>"message"<\/span> <\/span>=><\/span> <\/span>"Invalid request"<\/span>]<\/span>)<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to retrieve user data from the database (dummy example)<\/span><\/span>\nfunction<\/span> getUserFromDatabase($username)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>\/\/ Replace this with your actual database query to fetch user data by username<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>SELECT<\/span> username, <\/span>date<\/span> <\/span>FROM<\/span> users <\/span>WHERE<\/span> username <\/span>=<\/span> :username'<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>execute<\/span>()<\/span>;<\/span><\/span>\n    $user <\/span>=<\/span> $stmt<\/span>-><\/span>fetch<\/span>(<\/span>PDO<\/span>::<\/span>FETCH_ASSOC<\/span>)<\/span>;<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>null<\/span>;<\/span><\/span>\n<\/span>\n    <\/span>return<\/span> $user;<\/span><\/span>\n}<\/span><\/span>\n<\/span>\n\/\/ Function to delete a user from the database (dummy example)<\/span><\/span>\nfunction<\/span> deleteUserFromDatabase($username)<\/span><\/span>\n{<\/span><\/span>\n    <\/span>\/\/ Replace this with your actual database delete query<\/span><\/span>\n    <\/span>\/\/ Example database query (using PDO):<\/span><\/span>\n    $db <\/span>=<\/span> <\/span>new<\/span> <\/span>PDO<\/span>(<\/span>'mysql:host=localhost;dbname=phpapis'<\/span>,<\/span> <\/span>'root'<\/span>,<\/span> <\/span>''<\/span>);<\/span><\/span>\n    $stmt <\/span>=<\/span> $db<\/span>-><\/span>prepare<\/span>(<\/span>'<\/span>DELETE<\/span> <\/span>FROM<\/span> users <\/span>WHERE<\/span> username <\/span>=<\/span> :username'<\/span>)<\/span>;<\/span><\/span>\n    $stmt<\/span>-><\/span>bindParam<\/span>(<\/span>':username'<\/span>,<\/span> $username<\/span>)<\/span>;<\/span><\/span>\n    <\/span><\/span>\n    <\/span>\/\/ Execute the delete query<\/span><\/span>\n    <\/span>return<\/span> $stmt<\/span>-><\/span>execute<\/span>()<\/span>;<\/span><\/span>\n}<\/span><\/span>\n<\/span><\/code><\/pre><\/div>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
      API Security and Authorization<\/h3>\n\n\n\n
      Our API now emphasizes security and user access control:<\/p>\n\n\n\n
        \n
      • Security Measures<\/strong>: We’ve implemented input validation, password hashing, and secured API communication with HTTPS.<\/li>\n\n\n\n
      • JWT Authentication<\/strong>: Users must provide a valid JWT to access protected API endpoints.<\/li>\n\n\n\n
      • Role-Based Access Control (RBAC)<\/strong>: You can implement RBAC to control user access to different parts of your API.<\/li>\n\n\n\n
      • Middleware<\/strong>: Middleware checks the validity of JWTs and ensures users have the necessary permissions for specific operations.<\/li>\n<\/ul>\n\n\n\n
        Testing with Mobile Clients<\/h3>\n\n\n\n
        Testing is crucial to ensure a seamless mobile app experience:<\/p>\n\n\n\n
          \n
        • Mobile App Integration<\/strong>: Test your API from your mobile app, ensuring that authentication and authorization work correctly.<\/li>\n\n\n\n
        • Error Handling<\/strong>: The mobile app should handle API errors gracefully and provide user-friendly messages.<\/li>\n<\/ul>\n\n\n\n
          API Response with Status Codes<\/h3>\n\n\n\n
          We continue to use meaningful HTTP status codes and a standard response format:<\/p>\n\n\n\n
            \n
          • HTTP Status Codes<\/strong>: We use appropriate HTTP status codes (e.g., 200, 201, 400, 401, 404, 500) to indicate the outcome of each API operation.<\/li>\n\n\n\n
          • Standard Response Format<\/strong>: Responses follow a standard format, including a status indicator (e.g., “status”: “success” or “error”), a message explaining the result, and relevant data.<\/li>\n\n\n\n
          • JSON Responses<\/strong>: JSON remains the chosen format for mobile API responses due to its lightweight and easy parsing.<\/li>\n<\/ul>\n\n\n\n
            By integrating JWT-based authentication into our PHP API for all CRUD operations, we’ve significantly enhanced its security and user access control. Mobile clients can now authenticate and securely access protected resources, ensuring the integrity and confidentiality of user data.<\/p>\n","protected":false},"excerpt":{"rendered":"
            (updated) In today’s mobile-first world, building a robust and secure PHP API is crucial. This API should not only perform CRUD (Create, Read, Update, Delete) operations but also ensure API security, user authentication with JSON Web Tokens (JWT), and provide meaningful responses with status codes for mobile applications. Setting Up Your Environment Before we dive […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45,10],"tags":[44,46,4],"_links":{"self":[{"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/posts\/383"}],"collection":[{"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/comments?post=383"}],"version-history":[{"count":10,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/posts\/383\/revisions"}],"predecessor-version":[{"id":403,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/posts\/383\/revisions\/403"}],"wp:attachment":[{"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/media?parent=383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/categories?post=383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rishikantsri.in\/blog\/wp-json\/wp\/v2\/tags?post=383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}