PHP & Web Development Blogs

Search - PHP Blogs

Search Results For: securing
Showing 1 to 2 of 2 blog articles.
HowTos
55 views · 3 days ago
A Beginner's Guide to MariaDB


Are you looking to dive into the world of relational databases but feeling overwhelmed by the options available? MariaDB might just be the perfect starting point for you. In this beginner's guide, we'll introduce you to MariaDB, an open-source relational database management system (RDBMS) that's renowned for its ease of use, scalability, and robust performance. Whether you're a budding developer, a small business owner, or just curious about databases, this guide will walk you through the basics of MariaDB and get you started on your database journey.

What is MariaDB?


MariaDB is a community-developed, open-source RDBMS that was forked from MySQL in 2009. It's designed to be a drop-in replacement for MySQL, meaning that most MySQL features and commands work seamlessly with MariaDB. This makes it an attractive option for those already familiar with MySQL or looking to migrate from it.

Features of MariaDB:
   

. Open-Source: MariaDB is distributed under the GNU General Public License (GPL), making it freely available for anyone to use, modify, and distribute.
   
. High Performance: MariaDB is optimized for high performance, thanks to its efficient storage engines, query optimizer, and multi-threaded architecture.
   
. Scalability: Whether you're running a small-scale application or managing large-scale deployments, MariaDB can scale to meet your needs.
   
. Security: MariaDB takes security seriously, offering features such as encryption, role-based access control, and secure connections to ensure your data remains safe.
   
. Compatibility: As mentioned earlier, MariaDB strives to maintain compatibility with MySQL, which means you can easily migrate existing MySQL databases to MariaDB with minimal hassle.

Getting Started:


Installation:


Getting started with MariaDB is straightforward. You can install it on various operating systems, including Linux, Windows, and macOS. Here's a basic overview of the installation process:

-Linux: Most Linux distributions offer MariaDB in their official repositories. You can install it using your package manager. For example, on Ubuntu, you can run sudo apt-get install mariadb-server.

-Windows/macOS: MariaDB provides installers for Windows and macOS on their official website. Simply download the installer and follow the on-screen instructions to complete the installation.

Configuration:


Once MariaDB is installed, you'll need to perform some initial configuration steps, such as setting up a root password and securing the installation. This typically involves running a configuration script or accessing the MariaDB command-line interface (CLI).

Creating Databases and Tables:


With MariaDB installed and configured, you can start creating databases and tables to store your data. You can do this using SQL commands or a graphical interface such as phpMyAdmin.

Here's a simple example of creating a database and a table:

CREATE DATABASE my_database;
USE my_database;

CREATE TABLE users (
 id INT AUTO_INCREMENT PRIMARY KEY,
 username VARCHAR(50) NOT NULL,
 email VARCHAR(100) NOT NULL
);


This creates a database named my_database and a table named users with columns for id, username, and email.

Performing Basic Queries:


Once you have your database and tables set up, you can start querying your data using SQL. Here are some basic examples of SQL queries:

-Inserting Data:
INSERT INTO users (username, email) VALUES ('john_doe', '[email protected]');


-Selecting Data:
SELECT * FROM users;


-Updating Data:
UPDATE users SET email = '[email protected]' WHERE username = 'john_doe';


-Deleting Data:
DELETE FROM users WHERE username = 'john_doe';


Conclusion:


MariaDB is an excellent choice for beginners and experienced developers alike who are looking for a powerful, open-source relational database solution. In this guide, we've covered the basics of MariaDB, from installation to performing basic database operations. As you continue to explore MariaDB, you'll discover a wealth of features and capabilities that can help you build robust and scalable applications. So why wait? Dive into MariaDB today and unlock the full potential of relational databases.
0 · Post Comment Read more
g10dra
37336 views · 5 years ago
Securing PHP RESTful APIs using Firebase JWT Library
Securing PHP RESTful APIs using Firebase JWT Library

Hello Guys,

In our Last Blog Post, we have created restful apis,But not worked on its security and authentication. Login api can be public but after login apis should be authenticate using any secure token. one of them is JWT, So i am providing the Steps for Create and use JWT Token in our already created API.


Now its time To Implement JWT Authentication IN our Api, So these are the steps to implement it in our already created Apis


Step 1:Install and include Firebase JWT(JSON WEB TOKEN) in our project with following composer command        


 composer require firebase/php-jwt


include the composer installed packages
require_once('vendor/autoload.php');


use namespace using following:
 use \Firebase\JWT\JWT;



Step 2: Create a JWT server side using Firebase Jwt Library's encode method in Login action , and return it to Client



Define a private variable named Secret_Key in Class like following:

 private {
 $payload = array(
 'iss' => $_SERVER['HOST_NAME'],
 'exp' => time()+600, 'uId' => $UiD
 );
 try{
 $jwt = JWT::encode($payload, $this->Secret_Key,'HS256'); $res=array("status"=>true,"Token"=>$jwt);
 }catch (UnexpectedValueException $e) {
 $res=array("status"=>false,"Error"=>$e->getMessage());
 }
 return $res;
 }


In our login action , if the user has been logged in successfully then with the status,_data_ and message just replace the login success code with following code:

$return['status']=1;
$return['_data_']=$UserData[0];
$return['message']='User Logged in Successfully.';

 $jwt=$obj->generateToken($UserData[0]['id']);
 if($jwt['status']==true)
 {
 $return['JWT']=$jwt['Token'];
 }
 else{
 unset($return['_data_']);
 $return['status']=0;
 $return['message']='Error:'.$jwt['Error'];
 }





Step 3: Now with every request after login should have the JWT token in its Post(even we can receive it in get or authentication header also but here we are receiving it in post)



No afetr successfully login you will get the JWt Token in your response,Just add that Token with every post request of after login api calls. So we will do it using postman, Find the screenshot 1 for checking the JWT Token is coming in login api response

JWT DEMO LOGIN API RESPONSE


Step 4:After reciving the JWt in every after login api call, we need to check whether the token is fine using JWT decode method in After login Apis like 
UserBlogs
is a After login Api, So for verify that we are creating Authencate method in class like following:


 public function Authenticate($JWT,$Curret_User_id)
 {
 try {
 $decoded = JWT::decode($JWT,$this->Secret_Key, array('HS256'));
 $payload = json_decode(json_encode($decoded),true);
 
 if($payload['uId'] == $Curret_User_id) {
 $res=array("status"=>true);
 }else{
 $res=array("status"=>false,"Error"=>"Invalid Token or Token Exipred, So Please login Again!");
 }
 }catch (UnexpectedValueException $e) {
 $res=array("status"=>false,"Error"=>$e->getMessage());
 } 
 return $res;
 
 }


Step 5: Cross check the response returned by Authenticate method in 
UserBlogs
Action of api , replace the 
UserBlogs
Action inner content with following code:


 if(isset($_POST['Uid']))
 {

 $resp=$obj->Authenticate($_POST['JWT'],$_POST['Uid']);
 if($resp['status']==false)
 {
 $return['status']=0;
 $return['message']='Error:'.$resp['Error'];
 }
 else{
 $blogs=$obj->get_all_blogs($_POST['Uid']);
 if(count($blogs)>0)
 {
 $return['status']=1;
 $return['_data_']=$blogs;
 $return['message']='Success.';
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:Invalid UserId!';
 }
 } 
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:User Id not provided!';
 }


Ah great its time to check out the UserBlogs Api, please find the screenshoot for that, Remember we need to put the JWt Token in POST Parameter as we have already recived that Value in Login Api call.

JWT DEMO Authentication in userBlogs API Call

Now if you want to verify that token is expiring in given time(10 minutes after generation time/login time), i am just clicking the same api with same token after 10 minutes and you can see there will not return any data and it is returning status false with following message :


JWT DEMO Authentication in userBlogs API Call


Also if you want to eloborate it more then i suggest you to try with modify Uid value with same token , you will another authentication issue and also if you modify the JWT token also then also you will not get the desired result and get authentication Issue

Thanks for reading out if you want the complete code of this file then please find following:
<?php 
header("Content-Type: application/json; charset=UTF-8");
require_once('vendor/autoload.php');
use \Firebase\JWT\JWT; 

class DBClass {

 private $host = "localhost";
 private $username = "root";
 private $password = ""; private $database = "news";

 public $connection;

 private $Secret_Key="*$%43MVKJTKMN$#"; 
 public function connect(){

 $this->connection = null;

 try{
 $this->connection = new PDO("mysql:host=" . $this->host . ";dbname=" . $this->database, $this->username, $this->password);
 $this->connection->exec("set names utf8");
 }catch(PDOException $exception){
 echo "Error: " . $exception->getMessage();
 }

 return $this->connection;
 }

 public function login($email,$password){

 if($this->connection==null)
 {
 $this->connect();
 }
 
 $query = "SELECT id,name,email,createdAt,updatedAt from users where email= ? and password= ?";
 $stmt = $this->connection->prepare($query);
 $stmt->execute(array($email,md5($password)));
 $ret= $stmt->fetchAll(PDO::FETCH_ASSOC);
 return $ret;
 }

 public function get_all_blogs($Uid){

 if($this->connection==null)
 {
 $this->connect();
 }
 
 $query = "SELECT b.*,u.id as Uid,u.email as Uemail,u.name as Uname from blogs b join users u on u.id=b.user_id where b.user_id= ?";
 $stmt = $this->connection->prepare($query);
 $stmt->execute(array($Uid));
 $ret= $stmt->fetchAll(PDO::FETCH_ASSOC);
 return $ret;
 }

 public function response($array)
 {
 echo json_encode($array);
 exit;
 }

 public function generateToken($UiD)
 {
 $payload = array(
 'iss' => $_SERVER['HOST_NAME'],
 'exp' => time()+600, 'uId' => $UiD
 );
 try{
 $jwt = JWT::encode($payload, $this->Secret_Key,'HS256'); $res=array("status"=>true,"Token"=>$jwt);
 }catch (UnexpectedValueException $e) {
 $res=array("status"=>false,"Error"=>$e->getMessage());
 }
 return $res;
 }

 public function Authenticate($JWT,$Current_User_id)
 { 
 try {
 $decoded = JWT::decode($JWT,$this->Secret_Key, array('HS256'));
 $payload = json_decode(json_encode($decoded),true);
 
 if($payload['uId'] == $Current_User_id) {
 $res=array("status"=>true);
 }else{
 $res=array("status"=>false,"Error"=>"Invalid Token or Token Exipred, So Please login Again!");
 }
 }catch (UnexpectedValueException $e) {
 $res=array("status"=>false,"Error"=>$e->getMessage());
 } 
 return $res;
 
 }
}

$return=array();
$obj = new DBClass();
if(isset($_GET['action']) && $_GET['action']!='')
{
if($_GET['action']=="login")
{
 if(isset($_POST['email']) && isset($_POST['password']))
 {
 $UserData=$obj->login($_POST['email'],$_POST['password']);
 if(count($UserData)>0)
 {
 $return['status']=1;
 $return['_data_']=$UserData[0];
 $return['message']='User Logged in Successfully.';

 $jwt=$obj->generateToken($UserData[0]['id']);
 if($jwt['status']==true)
 {
 $return['JWT']=$jwt['Token'];
 }
 else{
 unset($return['_data_']);
 $return['status']=0;
 $return['message']='Error:'.$jwt['Error'];
 }
 
 }
 else
 {
	$return['status']=0;
	$return['message']='Error:Invalid Email or Password!';
 }
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:Email or Password not provided!';
 }
}
elseif($_GET['action']=="UserBlogs")
{
 if(isset($_POST['Uid']))
 {

 $resp=$obj->Authenticate($_POST['JWT'],$_POST['Uid']);
 if($resp['status']==false)
 {
 $return['status']=0;
 $return['message']='Error:'.$resp['Error'];
 }
 else{
 $blogs=$obj->get_all_blogs($_POST['Uid']);
 if(count($blogs)>0)
 {
 $return['status']=1;
 $return['_data_']=$blogs;
 $return['message']='Success.';
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:Invalid UserId!';
 }
 } 
 }
 else
 {
 $return['status']=0;
 $return['message']='Error:User Id not provided!';
 }
}
}
else
{
$return['status']=0;
$return['message']='Error:Action not provided!';
}
$obj->response($return);
$obj->connection=null;
?>

0 · Post Comment Read more

    Popular Topics

    beginners development codewithme developers laravel applications lets websockets libraries website starts forecasting relationship building harnessing templating data functionality aesthetics updates mysql ideas their skills transcriptions captioning cloudways managed security practices

    Popular Blogs

    298,909 g10dra 114,569 mike 78,677 crocodile2u 77,913 harikrishnanr 62,257 calevans 37,774 MindNovae 28,711 dmamontov 19,354 tanja 16,691 damnjan 13,100 ahmedkhan

    SPONSORS

    SPONSORS

    The Ultimate Managed Hosting Platform

    About

    Partner

    Promote

    Support

    Copyright © 2008-2024 Nomad PHP
    Powered by Nexil.io