0
jQuery.ajax({
type: "POST",
url: 'your_functions_address.php',
dataType: 'json',
data: {functionname: 'add', arguments: [1, 2]},

success: function (obj, textstatus) {
              if( !('error' in obj) ) {
                  yourVariable = obj.result;
              }
              else {
                  console.log(obj.error);
              }
        }
   });

and your_functions_address.php like this:

<?php

header('Content-Type: application/json');

$aResult = array();

if( !isset($_POST['functionname']) ) { $aResult['error'] = 'No function name!'; }

if( !isset($_POST['arguments']) ) { $aResult['error'] = 'No function arguments!'; }

if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               $aResult['result'] = add(floatval($_POST['arguments'][0]), floatval($_POST['arguments'][1]));
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

 echo json_encode($aResult);
 ?>

How to avoid that anybody who find the url : 'your_functions_address.php' can call any function on the web service ?

is there a way of adding an authentication or security ?

I am applying SSL security of course but does SSL solve this problem ?

strangeqargo
  • 1,276
  • 1
  • 15
  • 23
Tony
  • 1,099
  • 9
  • 19
  • 1
    Give the user of your web service some sort of authorization token. Alternatively implement an user/password system. Multiple options are possible here, as are libraries for this aswell. – Daan May 02 '16 at 13:19
  • e.g In DB we stored one value, then you can pass one secret key of flag value from ajax request. And you can get this value in php file and match this value with db value. If match is true then authenticate otherwise you can back the response blank or do unauthentication stuff. – Sanjay Chaudhari May 02 '16 at 13:20

1 Answers1

3

You can implement login function that will return a token that need to be send to other functions:

session_start();
if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'login':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               if ($_POST['arguments'][0] == 'user' && $_POST['arguments'][1] == 'passsword') {
                   $time = array_sum(explode(' ', microtime()));
                   $aResult['result'] = md5($time);
                   $_SESSION['token'] = $aResult['result'];
               }
           }
           break;
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               if ($_SESSION['token'] == $_POST['arguments'][0]) {
                   $aResult['result'] = add(floatval($_POST['arguments'][1]), floatval($_POST['arguments'][2]));
               }
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

then in javascript you first call login function to get the token and then pass it as first argument to other functions:

jcubic
  • 61,973
  • 54
  • 229
  • 402
  • Thank you very much for this helpful answer. But if I'm using this from a mobile app (phone gap) does the session end when the user close the app ? – Tony May 02 '16 at 13:41
  • the session will end after timeout http://stackoverflow.com/questions/9904105/php-sessions-default-timeout – jcubic May 02 '16 at 13:48
  • Okayy.. that extremely helpful, you solved my problem :D Thank you! – Tony May 02 '16 at 14:24