0 
jQuery.ajax({
type: "POST",
url: 'your_functions_address.php',
dataType: 'json',
data: {functionname: 'add', arguments: [1, 2]},

success: function (obj, textstatus) {
              if( !('error' in obj) ) {
                  yourVariable = obj.result;
              }
              else {
                  console.log(obj.error);
              }
        }
   });

and your_functions_address.php like this:

<?php

header('Content-Type: application/json');

$aResult = array();

if( !isset($_POST['functionname']) ) { $aResult['error'] = 'No function name!'; }

if( !isset($_POST['arguments']) ) { $aResult['error'] = 'No function arguments!'; }

if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               $aResult['result'] = add(floatval($_POST['arguments'][0]), floatval($_POST['arguments'][1]));
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

 echo json_encode($aResult);
 ?>

How to avoid that anybody who find the url : 'your_functions_address.php' can call any function on the web service ?

is there a way of adding an authentication or security ?

I am applying SSL security of course but does SSL solve this problem ?

Improve this question
2
  • 1
    Give the user of your web service some sort of authorization token. Alternatively implement an user/password system. Multiple options are possible here, as are libraries for this aswell. Commented May 2, 2016 at 13:19
  • e.g In DB we stored one value, then you can pass one secret key of flag value from ajax request. And you can get this value in php file and match this value with db value. If match is true then authenticate otherwise you can back the response blank or do unauthentication stuff. Commented May 2, 2016 at 13:20

1 Answer 1

Reset to default
3

You can implement login function that will return a token that need to be send to other functions:

session_start();
if( !isset($aResult['error']) ) {

    switch($_POST['functionname']) {
        case 'login':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               if ($_POST['arguments'][0] == 'user' && $_POST['arguments'][1] == 'passsword') {
                   $time = array_sum(explode(' ', microtime()));
                   $aResult['result'] = md5($time);
                   $_SESSION['token'] = $aResult['result'];
               }
           }
           break;
        case 'add':
           if( !is_array($_POST['arguments']) || (count($_POST['arguments']) < 2) ) {
               $aResult['error'] = 'Error in arguments!';
           }
           else {
               if ($_SESSION['token'] == $_POST['arguments'][0]) {
                   $aResult['result'] = add(floatval($_POST['arguments'][1]), floatval($_POST['arguments'][2]));
               }
           }
           break;

        default:
           $aResult['error'] = 'Not found function '.$_POST['functionname'].'!';
           break;
    }

}

then in javascript you first call login function to get the token and then pass it as first argument to other functions:

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you very much for this helpful answer. But if I'm using this from a mobile app (phone gap) does the session end when the user close the app ?
the session will end after timeout stackoverflow.com/questions/9904105/…
Okayy.. that extremely helpful, you solved my problem :D Thank you!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.