Community Auth: Api alike login |
I have actually a project where i want to set a url like this index.php/api/login
after some hours of read through the documentation, i found how the login method is done still not understand it at all, but if there's any pre-built-in function which would help me to do the next job: 1. user submit a forms with the password and email. 2. backend process it and check the database and return a login token which will be created and stored in a table (for the moment/testing, it should return the user's data then dont worry about this), this as a json object. After some testing with the documentation examples i got this controller. PHP Code: class Api extends MY_Controller { Also the Form is Code: <form action="index.php/api/login" method="post"> Any help is great.
First, it seems that you are aware of the missing login token, and you will definitely need it to be able to login. I think you are perhaps misunderstanding the use of the tokens library. You should just consider the tokens the same as usage for CI CSRF tokens. I just happen to like the way mine works better.
Next, your usage of the tokens in your controller is flawed. The reason for this is that $CI->tokens->token() creates a new token, which you are applying to $_POST['login_token']. This will never work, because the freshly generated token will never match the one that was supposed to be generated and submitted for the login attempt. Also, in theory what you are trying to do is to circumnavigate proper token usage, which defeats the benefits of using them in the first place. Next, if you want to return all of the user's data as a json object, that's just something that you would do with CI, and doesn't really have anything to do with CommunityAuth (unless you want this data available on every request). If you do want the data available on every request, you should read the blog post on the Community Auth website that addresses user profiles. It will give you some hints as to extending Community Auth to allow for customization of the auth data (and make profile data availiable). So, check here first: http://community-auth.com/blog-posts/int...r-profiles
After many time playing, i achieved what i was looking for, first i dropped the use of a optional login, and used the normal logging method which worked well, the use of the injected token worked also, i just wanted to use community auth as the auth provider for this "api" and achieved it like this:
first i changed the LOGIN_PAGE constant to be something like this api/failed <-- if the login attemps is failed of there is not login at all (which is detected with a token which is provided in the login) you will be redirected to this page where a code error is shown. the the in the route for LOGIN_PAGE i have something like this api/bad_login where the code print the error code resides. in the login controller i have this: PHP Code: public function login(){ And that made it works, then in the pages to update the user info, the client provides the login token and the UUID and email in case of match it access is granted, if case of missmatch(also in partial matches, this mean if email matches but login not or token not, and same for all other data ) access is denied and all the tokens emails and UUID related to that device are deleted form database and client proceed to delete all the saved(encrypted info) and redirect to the login (static page) in client |
Welcome Guest, Not a member yet? Register Sign In |