PHP & Web Development Blogs

To bridge the gap between web-based and cloud-based applications, businesses often rely on skilled DevOps developers. These professionals play a crucial role in ensuring seamless integration, efficient customization, and robust back-end infrastructure for applications. The expertise of DevOps developers is indispensable for optimizing development workflows and enhancing collaboration between development and operations teams in the dynamic landscape of app development services.

In the realm of cloud computing, web based application in cloud computing play a pivotal role. Technically, web apps, as the name suggests, are applications hosted on remote servers & accessible through web browsers. On the other hand, cloud-based apps are web applications that come with advanced functionalities & elaborate compatibility.


In the realm of contemporary software development, the demand for innovative solutions is evident in the competition between web and cloud-based applications. These two platforms share similarities but diverge significantly in crucial aspects. This article will delve into the distinctions between web-based and cloud-based applications, exploring facets such as back-end infrastructure, scalability, and technical perspectives, shedding light on the nuances that developers navigate in this dynamic landscape, including the pivotal role of technologies like chatbot development.
What Is a Web Application?

A web-based app is an application designed and developed for the web browser. Unlike cloud based application development, the web app completely depends on the web server for functionality & processing. This application program is mainly stored on the remote server & delivered through a web browser interface over the internet. According to web application development company, web apps have client-server architecture & their codes are divided into 2 major components – server-side architecture & client-side architecture.

Server-side architecture: The server-side architecture or script usually deals with data processing. The web server can process a client request & send a response back. This web app architecture defines a simultaneous interaction between database instances, components, user interfaces, middleware systems, and servers.

Client-side architecture: The client-side architecture mainly deals with interface functionalities such as drop-down boxes and buttons. When a user clicks on the link, the browser will start loading the client-side script & rendering a text and graphic element for interaction.
Types of Web Apps
Nowadays, many businesses are already adopting various kinds of web-based applications because of their several advantages, features, and functionalities. 8 most popular types of web apps include:
    . Static Web Apps
Static web applications, constructed using HTML, CSS, and JavaScript, lack the flexibility of dynamic counterparts. These web based services provide content directly to users without requiring server-side modifications, resulting in simplicity and straightforward development. Key benefits of these apps include:
Very fast load time
Highly secure
Less complex to build
    . Dynamic Web Apps
This is a complex type that provides real-time data based on the server response and the user’s request. Dynamic web apps can be developed either as a conventional website with several pages and levels of navigation or as a single-page web application. They use several server-side and client-side languages to create web pages such as HTML, CSS, JavaScript, Python, PHP, Ruby, etc. Key benefits of dynamic web apps include:
Wider audience reach
Scalable in comparison to static web apps
Very flexible in terms of a new content update
    . Single Page Apps
A single page web app entirely runs on the browser & never requires browser reloading. This is actually a dynamic web app that manages all data on a single HTML page. This type of web app is faster than traditional websites as its logic is implemented in the browser directly than a server. Gmail, Netflix, Pinterest & Paypal are the best examples of single page applications. Key benefits include:
Enhanced user experience
Minimized server load
Improved app performance
    . Multiple-Page Apps
Multiple page apps are designed multiple pages separately and combined to form a website. They have different pages with static information like texts & images. Web based app development companies recommend using multiple-page apps as they offer excellent control over search engine optimization techniques. Major benefits of Multiple page apps include:
Ideal for SEO
Quick browser back or forward navigation
Simple to develop
    . Animated Web Apps
This is a type of web application that effectively supports synchronization & animation on the web platform. These applications are widely used by freelancers and creative companies to present their creativity better. Technically, JavaScript, HTML5, FLASH, and CSS are used to create animated web applications. Key benefits of AWAs include
Improved User Engagement
Enhanced Navigation
Excellent Branding
    . Web Apps with CMS
In this web application, content is updated constantly. It helps to manage, modify and create digital content with ease. WordPress is one of the best examples of CMS web applications. A variety of languages are used to create content management systems such as C#, PHP, Java, and Python. Key advantages of CMS web apps include:
Quick content creation & management
Efficient & quick updates
A vast range of features
    . E-commerce Web Apps
It’s a complicated and advanced dynamic web application that allows users to buy & sell goods electronically. These web based services encompass transaction and payment integration as key components, facilitating seamless order processing, payment acceptance, and logistical management for businesses involved in online commerce. Key benefits of these web apps include:
Scale business quickly
Offers customer insights through tracking & analytics
Sell goods across the world
    . Progressive Web Apps
Progressive web apps or PWAs are also called cross-platform web apps usually built with HTML, CSS, & JavaScript. PWAs use different features, APIs, and progressive methods to deliver a seamless experience. Progressive web apps boost the adaptability and speed of web applications. These apps are still easy to access if internet connectivity is poor. Key benefits of progressive web apps include:
Fast loading time
No installation required
Quickly respond to user interactions
Enhanced cross-platform conversion

Looking for App Development Solutions?
Take your brand up a notch with our custom mobile app development services.
Talk to an Expert

Type
Widely Used In
Advantages
Dynamic web apps
Social media
Healthcare
IT Industry
Logistics and transportations
Retail and ecommerce sectors
On-demand
Directly manage websites to update & change the information
Quick user management to protect servers & control all website users
Static web apps
Book publishing sectors
Works in offline mode
No 3rd party software installation required to access web apps
Single page apps
Email service
Communication sectors
Allows navigation & optimized routing experience
Keeps visual structure of web apps consistently through presentation logic
Multiple page apps
E-commerce sectors
Enterprise industries
Enables optimizing every page for the search engine
Allows users to access other pages
Animated web apps
Animation
Education
Gaming industries
Hold user attention for a very long time due to its attractive approach & unique design
Aspect ratios, landscape orientations, portrait, and viewing distances & different pixel densities are considered
Web apps with CMS
Blogging platforms
Sales & marketing platform
News portals
Easily organizes the web content Offers group & user functionality
Simple language support & integration
E-commerce web apps
E-commerce sectors
Allows sellers to sell products using a single platform
Helps you expand business globally & reach maximum audience
Progressive Web Apps
On-demand
Healthcare
Retail and e-commerce
Logistics and transportations
Social media
IT sectors
Responsive & Browser Compatibility Works in online & offline mode
Updates with no user interaction

Key Benefits of Web Apps
Web apps enable businesses to interact with their customers more efficiently. These applications can make it easy to track & measure data that are essential to keep business operations streamlined. Key advantages of web apps include:
Easily accessible through any kind of web browser
Runs on multiple platforms that make it cross-platform compatible
Minimizes the risk of compatibility issues
Requires less maintenance & support from the developer’s end
Helps to ease usability for the customers
Effectively eliminates hard drive space limitations
Apps can be maintained & updated without software reinstallation on several devices
Offers high scalability and flexibility
Simple to deploy, maintain, and update
The cost of routine maintenance is minimized as the data is stored on remote servers
What is a Cloud Based App?
These apps are online software programs with elements accessible via a local server and executed on the cloud environment. As internet-based software, cloud applications are stored in the remote data center & handled by cloud-service providers. These apps are used for file sharing & storage, order entry, word processing, inventory management, financial accounting, customer relationship management, data collection, etc.

According to the report, the global market size of cloud apps is projected to reach approx 168.6 billion USD by 2025. Cloud apps usually support several user requirements through customization and provide several services to meet storage, backup & security needs. Some major characteristics of cloud apps include:
Agile application
Microservices-oriented
API-backed
Continuously integrated & delivered
DevOps-enabled
Analytics-infused
User experience-centric
Types of Cloud-based Applications
Cloud apps are divided into three major cloud computing models – SaaS, PaaS, and IaaS. Each model also shows several parts of cloud computing stacks. Take a closer look at these types:
    . SaaS or Software as a Service
SaaS is one of the best cloud apps that enable users to easily access full-functioning software applications over the internet. These cloud applications are primarily designed for freelance services, large enterprises & SMBs. Some of the best examples of SaaS applications are HubSpot CRM, Wrike, MS Office 365, Sisense, Wix, etc.
    . PaaS or Platform as a Service
PaaS provides users with the infrastructure, computing platforms, and solutions to build their own applications. Platform as a Service is ideal for businesses that mainly engage in collaboration, testing, and development of cloud solutions. PaaS applications have a deployment environment including run-time system libraries, operating systems, and graphic UI. Some of the best examples of PaaS apps are Google App Engine, Microsoft Azure, Rackspace Cloud Sites, etc.
    . IaaS or Infrastructure as a Service
IaaS consists of basic building blocks that offer access to networking functionalities, features & data storage space. It enables users to outsource IT infrastructures like servers, processing, virtual machines, storage, networking & other resources. IaaS applications also offer a good level of management control and flexibility over IT resources. Some of the best examples of IaaS apps are Amazon WorkSpaces, IBM Cloud, Google Cloud, etc.
Benefits of Cloud Apps
Web based application in cloud computing boost productivity, accessibility, security, and data safety. They help businesses make the process of collaboration more effective and easier. Key benefits of cloud applications include:
Minimal service provider interaction & management effort
Provides large computing capabilities, online & offline
Provides access to information from any device or place
Offers fast access to important applications through cloud servers
The performance of the availability of cloud apps enhances profitability & streamlines workflows
Serves multiple consumers with virtual and physical needs
Provides high transparency to resource providers & consumers
Offers improved collaboration options
Web Apps Vs Cloud Apps – Key Differences
Web apps and cloud apps both come with a wide range of functionalities & have noticeable distinctions. Web-based applications usually are accessible via web browsers, whereas cloud app’s infrastructure and data aren’t only accessible through the web browser but also downloadable. So, all cloud apps are web apps with additional features. Other differences between web and cloud apps are listed below.

Parameters
Cloud apps
Web apps
Internet
Work partially or entirely without the internet connectivity
Work with the internet only
Security
Ensures high security measures for sensitive & confidential information
It can verify client info on authentic servers
Technology
It needs a back–end framework & a JavaScript-based structure like React Js, Angular, etc
It has inbuilt languages such as PHP, Python & Ruby, and databases like MySQL.
Access
It’s not dependent on the web browser
Accessed via the web browser only
Customization
Customization features improve functionalities.
Never provides customization and similar functionalities
Costs
Expensive as compared to web apps
Development cost is less than cloud apps
Types
SaaS, PaaS, IaaS, RaaS
Static web apps, dynamic web apps portal web apps, etc
Scalability
Inherently scalable
Limited scalability
Availability
High uptime
Limited uptime
Storage
Multiple replicated center
Single data center

Are You In Search of The Best App Development Company?
With top-notch development services, we develop the best software applications that meet your needs.
Book an Appointment
Final Words
Web apps and cloud apps both are continuing to deliver users as the most crucial touch point. Since they are packed with similarities and dissimilarities in terms of software architecture, storage, and other aspects, selecting the right application always depends on customer preferences, business needs, and operations. Are you planning to build a custom web application or looking for web app development services? Get in touch with our experts for complete assistance.

Today’s digital transformation has significantly empowered every company to produce accurate information at all touch points. Whether it’s a large-scale enterprise or a small private venture, every organization irrespective of all sizes needs proper web app development services to build a sophisticated database for storing and managing its data. Examples of web applications include customer relationship management (CRM) systems, project management tools, and e-commerce platforms. These custom software developers play a crucial role in tailoring web applications to meet specific business needs, ensuring seamless integration and optimal functionality.

A database is a set of a vast range of structured & unstructured data stored in a system and adequately managed through DBMS or Database Management System. The data stored in the database is highly sensitive, hence companies need to be careful while accessing any data or information.

When considering the development of web applications, partnering with a reputable web development firm is essential to ensure the seamless integration and efficient management of databases. A skilled web development firm possesses the expertise to optimize database systems, enhancing data organization, security, and retrieval processes for an enhanced user experience. In this article, we will delve into the top database solutions for web applications in 2024 and explore the advantages they bring to the forefront of modern software development.

Types of Databases For Web Applications

Depending on your business model, industry domain, and other factors, your business application system will have certain requirements. Different databases types are used for different enterprise requirements. However, the database is technically divided into two types: SQL & NoSQL.

SQL or Structured Query Language is a relational database that comes with a relational structure. This is used for managing structured data only. On the other hand, the NoSQL database doesn’t have any relational structure & they are used to store unstructured data types. For your convenience, we have shared a complete comparison of both databases below.

SQL Databases
NoSQL Databases
Mix of proprietary & open-source
Open source database
Comes with rational structure
No rational structure
Ideal for managing structured data
Best for storing unstructured & semi-structured data
Vertically scalable
Horizontally scalable
Examples: MySQL, PostgreSQL, Oracle, etc
Examples: MongoDB, Cassandra, Firebase, etc

Enterprises have deeply relied on SQL to manage all their databases in web apps, but as cloud, microservices & distributed applications become popular, there are NoSQL options also available. Before you choose the right database, you must consider a number of factors such as size, structure & scalability requirements. Apart from that, you need to consider some of the following questions also:
* What type of data structure do you need?
* What is the amount of data you want to store?
* What is your total budget?
* Does it allow for support contracts & software licenses?
* What is the requirement for your data security?
* What third-party tools do you want to add to your database?

Best Databases For Web Applications In 2024

Finding out the right database option for a web app development may impact the scalability and success of any project. With too many options available, it’s quite challenging to select which one is the best for you. 2024’s widely-popular databases include:

1. MySQL:

MySQL is one of the best open-source relational databases developed by Oracle Corporation in 1995. According to the Stack Overflow developer survey, this database was used by 46.8% as of 2022. The robustness, maturity, and stability of this database make it perfect for web applications. Moreover, MySQL database uses a structured language & written in C & C++.
Latest version: MySQL 8.0.33

Key features of MySQL database include:
* Easy to deploy & manage
* It supports Consistency, Atomicity, Isolation & Durability
* It’s an RDBMS or Relational Database Management System
* Provides fast-loading utilities with several memory caches to maintain servers
* Offers top-notch results without compromising any functionality
* Contains solid Data Security layers to offer complete security solutions

2. PostgreSQL:

Launched in 1996, PostgreSQL is also a very popular database used as a data warehouse or primary data store for web, analytics, geospatial and mobile applications. This is also an open-source SQL-based RDBMS (relational database management system) that supports C, C++, C#, Ruby, Java, Python, and other programming languages. This agile database is compatible with different OSs such as Windows, Linux, Unix, MacOSX, etc.
Latest version: PostgreSQL 15.3

Key features of the PostgreSQL database include
* Houses different constraints such as primary keys, foreign keys, exclusion constraints, explicit locks, advisory locks, etc
* Supports different SQL features like SQL Sub-selects, Multi-Version Concurrency Control,
* Streaming Replication, complex queries, etc.
* Compatible with different data types like Structured, Customizations, Primitives, Geometry & Documents.
* Supports MVCC or multi-version concurrency control

3. Microsoft SQL Server:

Launched in 1989, Microsoft SQL Server is a powerful RDBMS used for transaction processing, analytics applications, and business intelligence in IT environments. It comes with built-in intelligence & enables businesses to boost their performance, security, and availability seamlessly. MS SQL Server comes in different editions with authentication & security features.
Latest version: Microsoft SQL Server 2022

Key features of the Microsoft SQL Server database include:
* Available on both Linux & Windows platforms
* Supports semi-structured, structured, and spatial data
* It has a custom-built graphical integration
* Helps users build different designs and tables without syntax
* Comes with several features for protection, monitoring, and data classification
* Gives alerts on security gaps, misconfigurations & suspicious activities

4. MongoDB:

MongoDB is a document-oriented open-source NoSQL database used for high-volume data storage. Written in JavaScript, C++, and Python, this is a very flexible and scalable database platform that removes relational DB approaches. MongoDB offers a high level of flexibility through load balancing and horizontal scaling capacities. This is a perfect option for web apps that need high performance.
Latest version: MongoDB 6.0.5

Key features of the MongoDB database include:
* Effectively supports ad hoc queries
* Highly scalable & flexible database
* Offers schema-less database
* Appropriate indexing for query executions
* Replication for data availability & stability

5. Oracle:

Oracle is a very popular RDBMS that is known for its high-performance and cost-optimization solutions. This is a commercial relational database written in C, C++ & Java. Oracle comes with a relational database architecture that offers an easy, scalable, performant solution for accessing, defining, and managing data.
Latest version: Oracle 21c

Key features of the Oracle database include:
* Executes fast backup & recovery
* Provides multiple database support
* Offers superior scalability
* Offers better user controls and identity management
* Utilizes a single database for every data type

6. Redis:

Redis stands for Remote Dictionary Server and is a widely-used open-source database used for web applications and cache management. Redis can also be used with different streaming solutions like Amazon Kinesis & Apache Kafka to analyze & process real-time data.

This database also supports different data structures like lists, streams, bitmaps, strings, maps, and so on. Because of its high performance, Redis is vastly used in many sectors such as IoT, Gaming, Financial Services, etc.
Latest version: Redis 7.0.11

Key features of the Redis database include:
* Provides premium speed with improved caching & in-memory capabilities.
* Supports a variety of data structures (strings, hashes, lists, bitmaps, HyperLogLogs, etc)
* Compatible with different languages (Java, PHP, Python, C, C#, C++, etc)
* Offers quick access to data for training, deploying, and developing applications

7. Cassandra:

Released in 2008, Cassandra is a distributed open-source NoSQL database that effectively manages vast amounts of data. It provides excellent scalability that supports multi-datacenter replication and automatic data replication. Cassandra database is ideal for applications that need prompt data access with high performance.
Latest version: Cassandra 4.1.0

Key features of the Cassandra database include:
* Easy to scale
* Highly scalable & comes with strong architecture
* Offers flexibility for data distribution
* Faster linear-scale performance
* Very flexible data storage
* Supports properties like Consistency, Atomicity, Isolation, and Durability

How Much Does The Web Application Database Cost?

In general, the average web app development cost ranges from $5,000 to $100,000. However, this cost depends on too many parameters like web app database complexity, features & functionalities, backend infrastructure, etc.

If you want to get a proper estimation of your web database application cost, you can take advantage of a web app cost calculator. For your convenience, we have listed the average web application development costs based on their categories.
Factors
Basic Web Apps
Medium Apps
Complex Apps
Highly Complex Apps
Estimated cost
$3,000 to $15,000
$15,000 to $60,000
$60,000 to $2,50,000
More than $250,000
Timeline
    . to 5 weeks
    . to 20 weeks
    . to 25 weeks
More than 9 months
Features
Simple landing page
Static content
Landing page
Database integration
Admin panel
User accounts
Online payment options
Third-party integrations
Landing page
Huge database integration
Admin panel
Multipleuser accounts
Online Payment options
Third-party integrations
Personalized features
Landing page
Top-notch database integration
Admin panel
Customized features
Examples
Online brochures
Portfolio
websites
MVP
Web portals
E-commerce websites
Online gaming sites with animation
Web applications for businesses
Automated billing systems
Human resources management system (HRMS)
Complex ecommerce websites
Custom web apps
On-demand web apps
App for complex businesses
High-end features with AI/ML integration
Custom web apps

Final Words

In the past, the process of selecting a database web application was straightforward. However, in this modern era of software development, this process has become very intrinsic as too many options are available today and the business requirements have also transformed.

For a business that works with small apps, NoSQL databases like MongoDB can be the best choice & for managing large & complex applications, databases like MySQL, MS SQL Server, and PostgreSQL can be the right choice. Would you like to know more about web applications with databases? Talk to our experts today.

Composer is the way that that PHP developers manage libraries and their dependencies. Previously, developers mainly stuck to existing frameworks. If you were a Symfony developer, you used Symfony and libraries built around it. You didn’t dare cross the line to Zend Framework. These days however, developers focus less on frameworks, and more on the libraries they need to build the project they are working on. This decoupling of projects from frameworks is largely possible because of Composer and the ecosystem that has built up around it.

Like PHP, Composer is easy to get started in, but complex enough to take time and practice to master. The Composer manual does a great job of getting you up and running quickly, but some of the commands are involved enough so that many developers miss some of their power because they simply don’t understand.

I’ve picked out five commands that every user of Composer should master. In each section I give you a little insight into the command, how it is used, when it is used and why this one is important.

1: Require

Sample:

$ composer require monolog/monolog

Require is the most common command that most developers will use when using Composer. In addition to the vendor/package, you can also specify a version number to load along with modifiers. For instance, if you want version 1.18.0 of monolog specifically and never want the update command to update this, you would use this command.

$ composer require monolog/monolog:1.18.0

This command will not grab the current version of monolog (currently 1.18.2) but will instead install the specific version 1.18.0.

If you always want the most recent version of monolog greater than 1.8.0 you can use the > modifier as shown in this command.

$ composer require monolog/monolog:>1.18.0

If you want the latest in patch in your current version but don’t want any minor updates that may introduce new features, you can specify that using the tilde.

$ composer require monolog/monolog:~1.18.0

The command above will install the latest version of monolog v1.18. Updates will never update beyond the latest 1.18 version.

If you want to stay current on your major version but never want to go above it you can indicate that with the caret.

$ composer require monolog/monolog:^1.18.0

The command above will install the latest version of monolog 1. Updates continue to update beyond 1.18, but will never update to version 2.

There are other options and flags for require, you can find the complete documentation of the command here.

2: Install a package globally

The most common use of Composer is to install and manage a library within a given project. There are however, times when you want to install a given library globally so that all of your projects can use it without you having to specifically require it in each project. Composer is up to the challenge with a modifier to the require command we discussed above, global. The most common use of this is when you are using Composer to manage packages like PHPUnit.

$ composer global require "phpunit/phpunit:^5.3.*"

The command above would install PHPUnit globally. It would also allow it to be updated throughout the 5.0.0 version because we specified ~5.3.* as the version number. You should be careful in installing packages globally. As long as you do not need different versions for different projects you are ok. However, should you start a project and want to use PHPUnit 6.0.0 (when it releases) but PHPUnit 6 breaks backwards compatibility with the PHPUnit 5.* version, you would have trouble. Either you would have to stay with PHPUnit 5 for your new project, or you would have to test all your projects to make sure that your Unit Tests work after upgrading to PHPUnit 6.

Globally installed projects are something to be thought through carefully. When in doubt, install the project locally.

3: Update a single library with Composer

One of the great powers of Composer is that developers can now easily keep their dependencies up-to-date. Not only that, as we discussed in tip #1, each developer can define exactly what “up-to-date” means for them. With this simple command, Composer will check all of your dependencies in a project and download/install the latest applicable versions.

$ composer update

What about those times when you know that a new version of a specific package has released and you want it, but nothing else updated. Composer has you covered here too.

$ composer update monolog/monolog

This command will ignore everything else, and only update the monolog package and it’s dependencies.

It’s great that you can update everything, but there are times when you know that updating one or more of your packages is going to break things in a way that you aren’t ready to deal with. Composer allows you the freedom to cherry-pick the packages that you want to update, and leave the rest for a later time.

4: Don’t install dev dependencies

In a lot of projects I am working on, I want to make sure that the libraries I download and install are working before I start working with them. To this end, many packages will include things like Unit Tests and documentation. This way I can run the unit Tests on my own to validate the package first. This is all fine and good, except when I don’t want them. There are times when I know the package well enough, or have used it enough, to not have to bother with any of that.

Many packages create a distribution package that does not contain tests or docs. (The League of Extraordinary Packages does this by default on all their packages.) If you specify the --prefer-dist flag, Composer will look for a distribution file and use it instead of pulling directly from github. Of course if you want want to make sure you get the full source and all the artifacts, you can use the --prefer-src flag.

5: Optimize your autoload

Regardless of whether you --prefer-dist or --prefer-source, when your package is incorporated into your project with require, it just adds it to the end of your autoloader. This isn’t always the best solution. Therefore Composer gives us the option to optimize the autoloader with the --optimize switch. Optimizing your autoloader converts your entire autoloader into classmaps. Instead of the autoloader having to use file_exists() to locate a file, Composer creates an array of file locations for each class. This can speed up your application by as much as 30%.

$ composer dump-autoload --optimize

The command above can be issued at any time to optimize your autoloader. It’s a good idea to execute this before moving your application into production.

$ composer require monolog/monolog:~1.18.0 -o

You can also use the optimize flag with the require command. Doing this every time you require a new package will keep your autoloader up-to-date. That having said, it’s still a good idea to get in the habit of using the first command as a safety net when you roll to production, just to make sure.

BONUS: Commit your composer.lock

After you have installed your first package with composer, you now have two files in the root of your project, composer.json and composer.lock. Of the two, composer.lock is the most important one. It contains detailed information about every package and version installed. When you issue a composer install in a directory with a composer.lock file, composer will install the exact same packages and versions. Therefore, by pulling a git repo on a production server will replicate the exact same packages in production that were installed in development. Of course the corollary of this is that you never want to commit your vendor/ directory. Since you can recreate it exactly, there is no need to store all of that code in your repo.

It is recommended that also commit your composer.json. When you check out your repo into production and do an install, composer will use the composer.lock instead of the composer.json when present. This means that your production environment is setup exactly like your development environment.

Hello Guys,

In our Last Blog Post, we have created restful apis,But not worked on its security and authentication. Login api can be public but after login apis should be authenticate using any secure token. one of them is JWT, So i am providing the Steps for Create and use JWT Token in our already created API.


Now its time To Implement JWT Authentication IN our Api, So these are the steps to implement it in our already created Apis

Step 1:Install and include Firebase JWT(JSON WEB TOKEN) in our project with following composer command        

 composer require firebase/php-jwt 

include the composer installed packages

require_once('vendor/autoload.php');

use namespace using following:

 use \Firebase\JWT\JWT; 

Step 2: Create a JWT server side using Firebase Jwt Library's encode method in Login action , and return it to Client

Define a private variable named Secret_Key in Class like following:

 private {
 $payload = array(
 'iss' => $_SERVER['HOST_NAME'],
 'exp' => time()+600, 'uId' => $UiD
 );
 try{
 $jwt = JWT::encode($payload, $this->Secret_Key,'HS256'); $res=array("status"=>true,"Token"=>$jwt);
 }catch (UnexpectedValueException $e) {
 $res=array("status"=>false,"Error"=>$e->getMessage());
 }
 return $res;
 }

In our login action , if the user has been logged in successfully then with the status,_data_ and message just replace the login success code with following code:

$return['status']=1;
$return['_data_']=$UserData[0];
$return['message']='User Logged in Successfully.';

 $jwt=$obj->generateToken($UserData[0]['id']);
 if($jwt['status']==true)
 {
 $return['JWT']=$jwt['Token'];
 }
 else{
 unset($return['_data_']);
 $return['status']=0;
 $return['message']='Error:'.$jwt['Error'];
 }

Step 3: Now with every request after login should have the JWT token in its Post(even we can receive it in get or authentication header also but here we are receiving it in post)

No afetr successfully login you will get the JWt Token in your response,Just add that Token with every post request of after login api calls. So we will do it using postman, Find the screenshot 1 for checking the JWT Token is coming in login api response

Step 4:After reciving the JWt in every after login api call, we need to check whether the token is fine using JWT decode method in After login Apis like

UserBlogs

is a After login Api, So for verify that we are creating Authencate method in class like following:

 public function Authenticate($JWT,$Curret_User_id)
 {
 try {
 $decoded = JWT::decode($JWT,$this->Secret_Key, array('HS256'));
 $payload = json_decode(json_encode($decoded),true);
 
 if($payload['uId'] == $Curret_User_id) {
 $res=array("status"=>true);
 }else{
 $res=array("status"=>false,"Error"=>"Invalid Token or Token Exipred, So Please login Again!");
 }
 }catch (UnexpectedValueException $e) {
 $res=array("status"=>false,"Error"=>$e->getMessage());
 } 
 return $res;
 
 }

Step 5: Cross check the response returned by Authenticate method in

UserBlogs

Action of api , replace the

UserBlogs

Action inner content with following code:

 if(isset($_POST['Uid']))
 {

 $resp=$obj->Authenticate($_POST['JWT'],$_POST['Uid']);
 if($resp['status']==false)
 {
 $return['status']=0;
 $return['message']='Error:'.$resp['Error'];
 }
 else{
 $blogs=$obj->get_all_blogs($_POST['Uid']);
 if(count($blogs)>0)
 {
 $return['status']=1;
 $return['_data_']=$blogs;
 $return['message']='Success.';
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:Invalid UserId!';
 }
 } 
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:User Id not provided!';
 }

Ah great its time to check out the UserBlogs Api, please find the screenshoot for that, Remember we need to put the JWt Token in POST Parameter as we have already recived that Value in Login Api call.



Now if you want to verify that token is expiring in given time(10 minutes after generation time/login time), i am just clicking the same api with same token after 10 minutes and you can see there will not return any data and it is returning status false with following message :





Also if you want to eloborate it more then i suggest you to try with modify Uid value with same token , you will another authentication issue and also if you modify the JWT token also then also you will not get the desired result and get authentication Issue

Thanks for reading out if you want the complete code of this file then please find following:

<?php 
header("Content-Type: application/json; charset=UTF-8");
require_once('vendor/autoload.php');
use \Firebase\JWT\JWT; 

class DBClass {

 private $host = "localhost";
 private $username = "root";
 private $password = ""; private $database = "news";

 public $connection;

 private $Secret_Key="*$%43MVKJTKMN$#"; 
 public function connect(){

 $this->connection = null;

 try{
 $this->connection = new PDO("mysql:host=" . $this->host . ";dbname=" . $this->database, $this->username, $this->password);
 $this->connection->exec("set names utf8");
 }catch(PDOException $exception){
 echo "Error: " . $exception->getMessage();
 }

 return $this->connection;
 }

 public function login($email,$password){

 if($this->connection==null)
 {
 $this->connect();
 }
 
 $query = "SELECT id,name,email,createdAt,updatedAt from users where email= ? and password= ?";
 $stmt = $this->connection->prepare($query);
 $stmt->execute(array($email,md5($password)));
 $ret= $stmt->fetchAll(PDO::FETCH_ASSOC);
 return $ret;
 }

 public function get_all_blogs($Uid){

 if($this->connection==null)
 {
 $this->connect();
 }
 
 $query = "SELECT b.*,u.id as Uid,u.email as Uemail,u.name as Uname from blogs b join users u on u.id=b.user_id where b.user_id= ?";
 $stmt = $this->connection->prepare($query);
 $stmt->execute(array($Uid));
 $ret= $stmt->fetchAll(PDO::FETCH_ASSOC);
 return $ret;
 }

 public function response($array)
 {
 echo json_encode($array);
 exit;
 }

 public function generateToken($UiD)
 {
 $payload = array(
 'iss' => $_SERVER['HOST_NAME'],
 'exp' => time()+600, 'uId' => $UiD
 );
 try{
 $jwt = JWT::encode($payload, $this->Secret_Key,'HS256'); $res=array("status"=>true,"Token"=>$jwt);
 }catch (UnexpectedValueException $e) {
 $res=array("status"=>false,"Error"=>$e->getMessage());
 }
 return $res;
 }

 public function Authenticate($JWT,$Current_User_id)
 { 
 try {
 $decoded = JWT::decode($JWT,$this->Secret_Key, array('HS256'));
 $payload = json_decode(json_encode($decoded),true);
 
 if($payload['uId'] == $Current_User_id) {
 $res=array("status"=>true);
 }else{
 $res=array("status"=>false,"Error"=>"Invalid Token or Token Exipred, So Please login Again!");
 }
 }catch (UnexpectedValueException $e) {
 $res=array("status"=>false,"Error"=>$e->getMessage());
 } 
 return $res;
 
 }
}

$return=array();
$obj = new DBClass();
if(isset($_GET['action']) && $_GET['action']!='')
{
if($_GET['action']=="login")
{
 if(isset($_POST['email']) && isset($_POST['password']))
 {
 $UserData=$obj->login($_POST['email'],$_POST['password']);
 if(count($UserData)>0)
 {
 $return['status']=1;
 $return['_data_']=$UserData[0];
 $return['message']='User Logged in Successfully.';

 $jwt=$obj->generateToken($UserData[0]['id']);
 if($jwt['status']==true)
 {
 $return['JWT']=$jwt['Token'];
 }
 else{
 unset($return['_data_']);
 $return['status']=0;
 $return['message']='Error:'.$jwt['Error'];
 }
 
 }
 else
 {
	$return['status']=0;
	$return['message']='Error:Invalid Email or Password!';
 }
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:Email or Password not provided!';
 }
}
elseif($_GET['action']=="UserBlogs")
{
 if(isset($_POST['Uid']))
 {

 $resp=$obj->Authenticate($_POST['JWT'],$_POST['Uid']);
 if($resp['status']==false)
 {
 $return['status']=0;
 $return['message']='Error:'.$resp['Error'];
 }
 else{
 $blogs=$obj->get_all_blogs($_POST['Uid']);
 if(count($blogs)>0)
 {
 $return['status']=1;
 $return['_data_']=$blogs;
 $return['message']='Success.';
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:Invalid UserId!';
 }
 } 
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:User Id not provided!';
 }
}
}
else
{
$return['status']=0;
$return['message']='Error:Action not provided!';
}
$obj->response($return);
$obj->connection=null;
?>

Hi Guys,
I am sharing you the way to create simple resful apis using php and mysql. We are creating 2 apis here
First is to Loggin a existing user and second is to get list of written blogs by logged in user.

Create any database, i am taking

news

as the database name here, After it create following 2 tables inside it.

CREATE TABLE <code>users</code> (
 <code>id</code> int(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY, 
 <code>name</code> varchar(100),
 <code>email</code> varchar(100),
 <code>password</code> varchar(100),
 <code>createdAt</code> datetime NOT NULL,
 <code>updatedAt</code> timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
);

CREATE TABLE <code>blogs</code> (
 <code>id</code> int(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY, 
 <code>user_id</code> int(11),
 <code>title</code> varchar(255),
 <code>summary</code> Tinytext,
 <code>body</code> Text,
 <code>createdAt</code> datetime NOT NULL,
 <code>updatedAt</code> timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
);

Now putting some dummy data to read via the api

--create 2 entries in users table--
INSERT INTO <code>news</code>.<code>users</code> (<code>id</code>, <code>name</code>, <code>email</code>, <code>password</code>, <code>createdAt</code>, <code>updatedAt</code>) VALUES (1, 'jeetendra singh', '[email protected]', MD5('123456'), '2018-12-28 02:05:12', CURRENT_TIMESTAMP), (2, 'Manvik Singh chaudhary', '[email protected]', MD5('654321'), '2018-12-28 03:08:11', CURRENT_TIMESTAMP);


-- create 2 blogs by userid 1--

INSERT INTO <code>news</code>.<code>blogs</code> (<code>id</code>, <code>user_id</code>, <code>title</code>, <code>summary</code>, <code>body</code>, <code>createdAt</code>, <code>updatedAt</code>) VALUES (1, '1', 'Blog title 1 by jeetendra', 'Blog summary 1 by jeetendra', 'Blog body 1 by jeetendra', '2018-12-28 02:00:00', CURRENT_TIMESTAMP), (2, '1', 'Blog Title 2 by jeetendra ', 'Blog summary 2 by jeetendra ', 'Blog body 2 by jeetendra ', '2018-12-28 05:10:21', CURRENT_TIMESTAMP);

-- create 2 blogs by userid 2
INSERT INTO <code>news</code>.<code>blogs</code> (<code>id</code>, <code>user_id</code>, <code>title</code>, <code>summary</code>, <code>body</code>, <code>createdAt</code>, <code>updatedAt</code>) VALUES (3, '2', 'Blog title 1 by manvik', 'Blog summary 1 by manvik', 'Blog body 1 by manvik', '2018-12-28 02:00:00', CURRENT_TIMESTAMP), (4, '2', 'Blog Title 2 by manvik ', 'Blog summary 2 by manvik ', 'Blog body 2 by manvik ', '2018-12-28 05:10:21', CURRENT_TIMESTAMP);

After creating this create a index.php and put this code for Db connection, login and get all blog method

<?php 
header("Content-Type: application/json; charset=UTF-8");

class DBClass {

 private $host = "localhost";
 private $username = "root";
 private $password = ""; private $database = "news";

 public $connection;

 public function connect(){

 $this->connection = null;

 try{
 $this->connection = new PDO("mysql:host=" . $this->host . ";dbname=" . $this->database, $this->username, $this->password);
 $this->connection->exec("set names utf8");
 }catch(PDOException $exception){
 echo "Error: " . $exception->getMessage();
 }

 return $this->connection;
 }

 public function login($email,$password){

 if($this->connection==null)
 {
 $this->connect();
 }
 
 $query = "SELECT id,name,email,createdAt,updatedAt from users where email= ? and password= ?";
 $stmt = $this->connection->prepare($query);
 $stmt->execute(array($email,md5($password)));
 $ret= $stmt->fetchAll(PDO::FETCH_ASSOC);
 return $ret;
 }

 public function get_all_blogs($Uid){

 if($this->connection==null)
 {
 $this->connect();
 }
 
 $query = "SELECT b.*,u.id as Uid,u.email as Uemail,u.name as Uname from blogs b join users u on u.id=b.user_id where b.user_id= ?";
 $stmt = $this->connection->prepare($query);
 $stmt->execute(array($Uid));
 $ret= $stmt->fetchAll(PDO::FETCH_ASSOC);
 return $ret;
 }

 public function response($array)
 {
 echo json_encode($array);
 exit;
 }
}

$return=array();
$obj = new DBClass();
if(isset($_GET['action']) && $_GET['action']!='')
{
if($_GET['action']=="login")
{
 if(isset($_POST['email']) && isset($_POST['password']))
 {
 $UserData=$obj->login($_POST['email'],$_POST['password']);
 if(count($UserData)>0)
 {
 $return['status']=1;
 $return['_data_']=$UserData[0];
 $return['message']='User Logged in Successfully.';
 }
 else
 {
	$return['status']=0;
	$return['message']='Error:Invalid Email or Password!';
 }
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:Email or Password not provided!';
 }
}
elseif($_GET['action']=="UserBlogs")
{
 if(isset($_POST['Uid']))
 {
 $blogs=$obj->get_all_blogs($_POST['Uid']);
 if(count($blogs)>0)
 {
 $return['status']=1;
 $return['_data_']=$blogs;
 $return['message']='Success.';
 }
 else
 {
	$return['status']=0;
	$return['message']='Error:Invalid UserId!';
 }
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:User Id not provided!';
 }
}
}
else
{
$return['status']=0;
$return['message']='Error:Action not provided!';
}
$obj->response($return);
$obj->connection=null;
?>

Now api file is set, just make the urls pretty(readable form) using .htaccess file, put following code in it

RewriteEngine On
RewriteRule ^api/(.*) index.php?action=

Now your Simple Restful Apis are ready to use, Now Let me show you the postman screenshot where i have used these apis.

Login Api Call:

User Post/Blog Api Call