Php deliberately awkward?

Question

I'm trying to create a login process (as people who have answered my previous question will know)

But it seems impossible to create one process that will work with a desktop app and a standard website.

Instead I have the login function in Usermanagement.php (which is a class, icyntk) but then in another php file (api/login.php) I have:

<?php
require_once '../usermanagement.php';
$m = new usermanage(); 
echo $m->login($_POST['username'], $_POST['password']);
?>

And then I will still need to make another login.php just to be used with the login form on the website. As I can't see anyway to get the result (the echo) of the api/login.php script from the index.php file (where the login form is, it only has HTML in though)

Is there anyway I can simplify this so I only need one login.php?

Answer 1

As the data from your Desktop App is unlikely to be sent via the $_POST array, I would say no. Websites and Desktop Apps are two completely different types of applications, and it would be unrealistic to think you could share much of the front-end code between the two.

I would try to abstract as much of the functionality as you can into core classes, and then create two separate front-end implementations that utilize the core, each in their own way.

Answer 2

As I understand you, what you want is:

1. a website/webapp having a login
2. a desktop app (not in PHP!) logging in using the same login method

One way is to export the login method using the same API in both your website and the remote application, so you would be using JavaScript on client-side to access the API from there (AJAX/JSON). You will want to use some framework for that like jQuery for client-side simplification of AJAX (among many other uses) and maybe the JSON module in PHP (to use json_encode; beware that the module may not be available on some webspaces so if that's out of control don't use it). Of course you do not need to use XML or JSON in your API responses but it's easier to open the API to other (including desktop) applications without the need to manually implement a lot of parsing functions to process the response in your interface classes.

Keep in mind that your website/webapp will not work without JavaScript if you do it this way! On non-public parts of a website that's okay, as is for a webapp used by a known user group, but you should not depend on client-side scripting for public parts of a website.

Another solution to simplify that is by using a PHP framework, so you can write the server-side frontend easier. This will basically enable you to give a button a serverside function which is simply calling your login method and acting accordingly by setting a redirect or replace some panel or whatever you like to continue with after the login.

Of course you can do all that by yourself but this will usually result in either a lot of messy code or an implementation of your own framework. If you want to do it on your own, start by posting the form to the same PHP file instead of an extra login.php and add a hidden field like:

<input type="hidden" name="action" value="login"></input>

In PHP, check $_POST['action']=='login' and call the login method.

Edit: While your website will work with a PHP session or a cookie, you may want to track login status with an own session token which you can pass to your desktop app so it can be used for consecutive calls to the API, so you don't need to handle cookies. These tokens should also be bound to the IP and maybe other "individual" information of the client; that information should ideally be hashed into the token or the token encrypted (client-side won't have to "decrypt" that, just return it for authentication). Tokens should also time out after inactivity.

Also, having read your older question, I fear you could be trying to do something bad like sending a hash over the network and simply check that hash with your user table because JS side encoding was discussed there. If you like to implement some encryption algorithm on client-side, either make sure it's secure (difficult to do that unless you are into cryptography) or resort to SSL.

Answer 3

I'm going to get really "limby" and go out on a freaking huge limb and say that this is what you're trying to do:

<?php
if(isset($_POST['username'])) {
    require_once '../usermanagement.php';
    $m = new usermanage(); 
    echo $m->login($_POST['username'], $_POST['password']);
}else{
    ?>Put your login form HTML here<?php
}

This way you only need one login.php file.