0

I'm sending json data from android volley post request for login system. How can I get the json data from android in php.

Android JSON structure:

{"email":"abc@gmail.com","password":"abcd"}

PHP Code:

<?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "phpsamples";

$conn = mysqli_connect($servername, $username, $password, $dbname);

if (isset($_POST['email']) && ($_POST['password'])) {
    $json = file_get_contents('php://input');
    $obj = json_decode($json);

    $Email = $obj->{'email'};
    $Password = $obj->{'password'};

    //$email = $_POST['email'];
    //$user_password = $_POST['password'];

    $email = $Email;
    $user_password = $Password;

    $qry = 'SELECT * FROM `registered_users` WHERE `email`="'.$email.'" && `password`="'.$user_password.'"';
    $login = mysqli_query($conn, $qry) or die(mysqli_error());
    $no_of_row = mysqli_num_rows($login);
    $row = mysqli_fetch_assoc($login);

    if ($no_of_row == 1) {
        $response["status"] = 1;
        $response["message"] = "Login Success";
        $response["id"] = $row['id'];
    }

    if (empty($email) || empty($user_password)) {
        $response["status"] = 0;
        $response["message"] = "Email and Password cannot be Empty";
    } elseif ($no_of_row != 1) {
        $response["status"] = 0;
        $response["message"] = "Invalid Credentials";
    }
} else {
    $response["status"] = 0;
    $response["message"] = "Invalid Request";
}

echo json_encode($response);
Dharman
  • 30,962
  • 25
  • 85
  • 135
Ganesh Kumar
  • 11
  • 3
  • 1
    **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Oct 03 '19 at 21:23
  • It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) – Dharman Oct 03 '19 at 21:23
  • You have an error. `mysqli_error()` needs one argument. Please consider switched error mode instead. [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) – Dharman Oct 03 '19 at 21:23

0 Answers0