How would I authentication users logging in to my iOS app with alamofire in swift 5?

Question

I thought I finished my login system but it turned out I could write random letters and to be able to proceed to my tab bar controller. The information didn't authenticate. This is my first app and I'm not sure where to start. Any help on this problem?

Here is my login.php code:

<?php

//Step 1 Check variables passing to this file via POST
$username = htmlentities($_REQUEST["username"]);
$password = htmlentities($_REQUEST["password"]);

if (empty($username) || empty($password)) {
  $returnArray["status"] = "400";
  $returnArray["message"] = "Missing required information";
  echo json_encode($returnArray);
  return;
}

//Step 2. Build connection
//Secure way to build conn
$file = parse_ini_file("../../../iHertzmusic.ini");

// store in php var inf from ini var
$host = trim($file["dbhost"]);
$user = trim($file["dbuser"]);
$pass = trim($file["dbpass"]);
$name = trim($file["dbname"]);

// include access.php to call func from access.php file
require ("secure/access.php");
$access = new access($host, $user, $pass, $name);
$access->connect();

//Step 3. Get user information
//Assign result of execution of getUser to $user var
$user = $access->getUser($username);

//if we did not get any user information
if (empty($user)) {
    $returnArray["statusCode"] = "403";
    $returnArray["message"] = "User is not found";
    echo json_encode($returnArray);
    return;
}

//Step 4. Check validity of entered password
//get password and salt from db
$secured_password = $user["password"];
$salt = $user["salt"];

// check do passwords match: from db & entered one
if ($secured_password == sha1($password . $salt)) {
    $returnArray["statusCode"] = "200";
    $returnArray["message"] = "Logged in successfully";
    $returnArray["id"] = $user["id"];
    $returnArray["username"] = $user["username"];
    $returnArray["email"] = $user["email"];
    $returnArray["fullname"] = $user["fullname"];
} else {
    $returnArray["statusCode"] = "403"; //changed
    $returnArray["message"] = "passwords do not match";
  }

//STEP 5. Close connection
$access->disconnect();

//STEP 6. Throw back all infomation to users
echo json_encode($returnArray);



 ?>

Here is my .swift code

@IBAction func loginTapped(_ sender: Any) {

        // If no text entered
        if usernameTextfield.text!.isEmpty || passwordTextField.text!.isEmpty {

            //send message if fields are not filled
            print("User name \(String(describing: usernameTextfield)) or password \(String(describing: passwordTextField)) is empty")
            self.errorLabel.alpha = 1
            return
        } else {

            //Shortcuts
            let username = usernameTextfield.text
            let password = passwordTextField.text

            //send request to sql db
            let url = "http://10.0.0.157/iHertzmusic/login.php"

            let parameters: Parameters=[
             "username":usernameTextfield.text!,
             "password":passwordTextField.text!
            ]

            AF.request(url, method: .post, parameters: parameters as Parameters, encoding:
            URLEncoding.default).validate().response { (response) in

                    switch response.result {
                         case .success:
                         //sign in
                         let tabVC =
                         self.storyboard?.instantiateViewController(identifier: Constants.Storyboard.TabBarController) as? UITabBarController
                         self.view.window?.rootViewController = tabVC
                         self.view.window?.makeKeyAndVisible()

                         case .failure(let error):
                         // Couldn't sign in
                            self.errorLabel.text = error.localizedDescription
                         self.errorLabel.alpha = 1
                    }
                  }

score 1 · Answer 1 · answered Apr 12 '20 at 23:20

1

Based on the answer to What is the use of the validate() method in Alamofire.request?:

It would appear that the issue is due to the fact that you are returning the statusCode in the field status and are using a String and not an Int.

Try changing

$returnArray["status"] = "403";

to:

$returnArray["statusCode"] = 403;

and

$returnArray["status"] = "200";

to:

$returnArray["statusCode"] = 200;

answered Apr 12 '20 at 23:20

Wyetro

8,439
9
46
64

I edited my php code like you said, but I'm still getting let in with incorrect info – Sean Oneal Apr 13 '20 at 00:29
@SeanOneal do you need to set the header like in this question: https://stackoverflow.com/questions/5061675/emulate-a-403-error-page. The issue has to do with the fact that Alamofire is getting a 200 from your server. – Wyetro Apr 13 '20 at 00:41
I add this line ? header('HTTP/1.0 403 Forbidden'); – Sean Oneal Apr 13 '20 at 00:49
Try adding that. I'm not a php developer so I won't be too much help there. I can tell you that the issue is not in the Swift code. – Wyetro Apr 13 '20 at 00:51

score 0 · Answer 2 · answered Apr 12 '20 at 23:02

If your php code returns success, you should save some data into app like

UserDefaults.standard.set(true, forKey: "isLoggedIn")

and then in your appdelegate you should check this value

let isLoggedIn = UserDefaults.standard.bool(forKey: "isLoggedIn")

if isLoggedIn {
    // push main view cont
} else {
    //not logged in show login view 
}

you may need additional data like user info and want to save object see

Save custom objects into NSUserDefaults

this is just for swift code didn't check your php api is correcty written

This isn't answering the question – Wyetro Apr 12 '20 at 23:11 — Wyetro, Apr 12 '20 at 23:11

How would I authentication users logging in to my iOS app with alamofire in swift 5?

2 Answers2