Android PHP server

I am working with an Android app that sends information to a PHP server. The Android app should login first and if the login is successful start to send the data.

This is the php page (login):

<?php
$data = file_get_contents('php://input');
$json = json_decode($data);
$id=$json->{'im'};

$con = mysql_connect('localhost','root','1111');
mysql_select_db('root') or die(' ');
$sql = "SELECT name FROM chiled WHERE `im` LIKE $id ";

$query = mysql_query( $sql );

$a=mysql_fetch_row($query);
print(json_encode($a[0]));
$n=$json->{'name'};


mysql_close();
?>

The PHP page receives the id from the Android App and checks if the id exists in the DB then sends response to the Android App. According to the received request the App will decided if the l开发者_如何学Googin is successful or not, if the login is successful then it will start sending the data.

What do you think is the best way to receive the data in the PHP server (if the login is successful)? Can I use a new page to receive (create a new connection in Android App that connects to another page then start sending the data) the data or can I do that in the same login page?

You really should be creating a web service (SOAP/WSDL) for such, as it will take the sting out of the transport of data between PHP and Android/Java. SOAP = (Simple Object Access Protocol)

Vanilla PHP method:

http://davidwalsh.name/web-service-php-mysql-xml-json

As for the user authentication system, I'd look into well established frame works (like Zend, etc.) for best practices, and possibly even use the frame work itself to build the authentication system and the WSDL service for your Android app.

ZF method:

http://www.opensourceuniverse.com/zend-framework/quickstart-web-services-with-soap-and-zend-framework-263.html

Consuming the SOAP in Android:

http://code.google.com/p/ksoap2-android/

if the login is successful then you can start a php session that store the session and validation. Most websites works in this fasion (for example Stack Overflow).

A session in php by default is passed through cookie PHPSESSID. So, if the login is correct then you can return the cookie and locally (server side) associate the session with the user.

Also, PHP allow to create and manipulate a session cookie-less.

The only detail is that you must associate a session with the ip because security issues.

So, the cycle can be:

android --user/password--> login.php ---phpsessid--> android

android --phpsessid --> content_page.php ---information--->android

and if you are not logged (or the session has expired)

android --phpsessid --> content_page.php ---error page (you are not allowed)--->android

You could do it in the same login page, posting a variable to say if logged in and having an if (login = true) in the php, or you could make a new connection to a different page after a successfull login, it's up to you and depends what you are doing really.

Can you make use of http response codes to signal failure to your app? http://php.net/manual/en/function.header.php

A 401 error would occur using normal http basic authentication. Not sure how an android client would respond to that.

It should should at least give you access the response code. 200 for success and something else for not. (401,404)