Android App Php Token Authentication - android

I am developing a native android application that will post data to a php page. The php page will then update, delete, insert records into a mysql database. Using the app should be the only time the php page is called from. I have been reading, and it seems that using tokens to validate each request is the way to go. I just really don't understand how to do this from a native android application. Authentication is something I don't have experience in. I want to ensure that using the application is the only way that the php backend can modify the database to prevent outside attacks. Can anyone point me in the right track? Any help would be greatly appreciated.

Simplest way to achieve that is to have some random string stored in the Android application. You have to make sure that this string cannot be easily extracted from the app after decompilation. This can be achieved by using proguard + not storing the entire string in one place in the app (for example you can create a set of methods that can be used to generate that random string). You need to make requests to the server using HTTPS. You can then make the app send this string in every request. Server should successfully respond to the requests that contain this string (for example sent in POST parameter) and return an error for all other requests (you need to implement a check on the server to achieve that).

Related

How to save data online from all users using your app in android

I want to ask a question from my app users and get their answers but i don't know how to collect those data.
Please help me I need it.
You can use a form inside your application. And, ask users to fill that form. The forms needs to be connected to an database server. You may use 000webhost.com (free) to create your database. Just populate the table in database from the user response.
For this follow the following procedure:
1. Create a online database (000webhost.com)
2. Write php code to insert data into the database form and save that php on the file manager on server.
3. From android create a async task to execute that php.
4. Pass your parameter or user response as request attributes while executing the php.
5. php will save user's response on your server.
Now you can access that database from anywhere.
Note: This may require an internet connection in application.
Your question is much vague.
In general, app need to use HTTP POST with some standard data format as JSON/XML for communication between web server/client app.
This way client apps send/receive data in portable format across platforms &
implements UI/functionality as per platform standard e.g. Android or iOS
You could implement Google analytics in your app. Raise an event when you ask a question.

Android - Ruby on Rails - MySQL

I have started working on an Android app for which we need to use MySQL as database and Ruby on Rails for server side code. We will be using SQLLite too on device(will sync both DB as and when required). I searched the web and couldn't find any relevant tutorials/examples which can serve as a base to start with.
I have gone through MySQL and ROR tutorials but still has confusion on connecting Android with ROR.
Can somebody share some relevant tutorials/code snippet which can explain the complete linkage of the technologies. I mean how to send data from Android device to MySQL and vice versa. I know the concept theoretically but not sure how and where to start with.
My sincere apologies for asking such a basic question or if I sound ambiguous but I am a beginner and need to complete this task. Thanks in Anticipation..
Here is a brief overview of what you should know to accomplish your goal. I am not going to go that far into detail, especially since I have never personally used RoR. Note that some of these parts might not relate exactly to RoR, but the general idea behind it still applies. I will leave it up to you to research and figure out how to implement each individual component.
The general flow of everything is as follows:
Android App <==> Network <==> Web Service <==> MySQL
Note the double-edged arrows since data will be flowing in both directions.
The Android App is the client, and the Web Service and MySQL database are located on your Web Server. I only included the Network part for completeness, but you shouldn't have to do anything once the data has been sent onto the network.
A brief overview of each section:
Android App:
The Android App is the client that sends and retrieves data from the Web Server. I am assuming that in your app you are going to allow the user to do some tasks which in essence becomes the data that you want to send to the server at some point.
Take for example, the user should be able to enter his name and favorite animal. Lets say that there is an actual "Submit" button that the user may click. When this "Submit" button is clicked, it should wrap up the data into a proper format to be sent across the network. Two of the most common ones are JSON and XML. Once the data has been formatted properly, you will want to send the data to the server using some type of network protocol such as HTTP. In order to send the data, you of course must have some URL as the target. Lets say the target is www.example.com/webservice.php. This target is our Web Service located on the Web Server.
Once you send the data, the server will respond with some data at which point you can do whatever you want with it. Maybe display it to the user, or stick it in an SQLite database, or even both.
The key thing to remember is that there is no magic going on. Everything I have just described will be implemented in Java code that you will write in your Android Application at some point.
Key Ideas you should research more and figure out how to implement in Java code:
JSON and XML
HTTP in Java
REST and SOAP
Here is an excellent video on possible ways to set up the structure of your Android App.
Make sure that you are doing all network operations in your Android App on a different thread. An easy to use method is an Intent Service.
Web Service:
This is often the most confusing part. A Web Service is simply some entry point for clients attempting to access the Web Server. My explanation here might different slightly when using RoR, but the same idea applies. Notice above that the target URL was www.example.com/webservice.php. The web service is literally the PHP code that exists on the Web Server, called webservice.php. In your Android App, when you send data to the target URL using HTTP, the Web Service code will be executed on the server (and also have access to the data that you sent to it). Inside of your Web Service code, you will basically be extracting the data (which is in some format like JSON), grabbing the necessary parts, and then doing something with it. In this case you will most likely be querying the database. In PHP it is easy to write code that connects and queries a MySQL database that is also running on the server. When the response of the database is retrieved by the Web Server, you can send it back to the Android App. Just as before, remember, there is no magic going on. All of these ideas are implemented by writing some code.
Main ideas to research:
Ruby on Rails web service
How to access a MySQL database using Ruby on Rails
MySQL Database:
This is where you will store the data on the Web Server. I am not going to go that in depth here because this is just going to require you doing a lot of reading up on how to set up a MySQL database on a web server. It is also important that you learn how to create the appropriate queries such as SELECT, INSERT and so forth.
Main Ideas to research:
How to setup a MySQL database on a web server
If you need any clarification, let me know!

Phonegap for android store user credentials locally and pass in json for notifications

I've built some pretty straight forward apps earlier using phonegap for android.
Now i'm building one that will need statusbar notifications from a background service per user.
Using phonegaps backgroundservice plugin, im able to get notifications through the example twitter feed.
getMethod = new
HttpGet("http://search.twitter.com/search.json?q=phonegap&rpp=1&page1");
It works as expected, but i'm having big troubles with it.
1 - im not good with json
2 - ive yet to figure out how to store user credentials( user id f.example) on phone.
So lets say i want to build my own json file, myjson.php. in my java class, i cant pass a userid since this is not stored locally, and im unable to fetch it. my httpget would be:
getMethod = new
HttpGet("http://domain.com/myjson.php");
Myjson.php would serve me any new messages, so i have to have a way of specifying which user is requesting the file. Concidering it is all through sql, it has to be the same values.
php sessions wont cut it as phones often clears caches and forgets user credentials.
How can i do this? local sql? xml?
And if i manage to store the user credentials locally, how can i add these to my httpget request?
Any help and pointers are greatly appreciated as ive read and read and read and now = stuck.
You can store data locally using LocalStorage. It's very simple. (Link: https://developer.mozilla.org/en-US/docs/DOM/Storage)
Your first problem is you dont really do json. You just ask for a content encoded in Jason. Look at the native code contained here.

How do I connect to an online database in Android?

really having difficulty. New to Android development. How do I connect to an online database? Php, Java or? Php not working, dunno what to do with the php file, it wont work. How do i put in on the server side if i have to on myphpadmin? Is java a better way? I want to do a login screen and also populate listviews, add multiple data etc. to the database. Can't figure out how to reference the actual database on myphpadmin server, must i use the database password and username of the databe or reference the database html?
Also how do i check if i do connect to the database?
Please I'd appreciate any help at all.
Lookup tutorials on RESTful Web Service, you can implement this on Java Servlet, PHP, or ASP.NET. The idea is that the Web Service layer serves as the middleman between your app, and the database. Or, if you prefer, add another layer of application server logic between the Web Service and the database.
Once you have the Web Service implemented correctly, you can expose CRUD methods to your app as you see fit. e.g. PUT request to create a database entry, GET to retrieve it, POST to update it, and DELETE to delete it.
Of course, you need to add some kind of authentication logic, to limit or allow certain Web Services method to certain authorized users.

Store data in App Engine datastore from an Android app

I have created an AppEngine connected Android application, and I'm trying to modify it to be able to store some user data on the server. I do not know what's the easiest way to do so, because I want it to be as simple as possible. I just want to store some basic data for every user. This data is: Name, Email, and some other Strings. I have created a form in the android side which will allow the user to type all the requested data, but I do not know how to send this information to the GAE server and store it in the datastore. I guess I will have to use a Servlet and some kind of RPC service to call the methods. I'm really lost because it is my first time doing this. I'm not experienced neither in android nor in web apps. I hope you can help me.
Update
Well, maybe I did not explain myself well. The system I've been asked to build consists on a web service that store your personal login credentials for most common sites (facebook, gmail, etc). Using a chrome extension, you ask the server for the credentials on the website you are navigating, and then the server asks to your phone for authorization. It will ask (do you give me permission to send your credentials to "some user"), and you have to ansewer yes or no and then the server will act in consequence. The point is that you have to store your credentials in the server in some way, maybe from the android app (which is what I was trying) or from somewhere else. I will also need authentication.
Pd: I use java for the server side.
Since you already started with AppEngine connected Android application, it makes sense to continue customizing it: App Engine Data Access: Adding Entities and RPC.
Update:
There are of course many ways to exchange data between client and server. The most simple would be a servlet handling GET and POST requests with some query parameters.
Also, most popoular lately is REST:
Android REST client: http://appfulcrum.com/2010/08/20/android-how-to-call-rest-service-using-asynctask/ (try using GSON instead to parse JSON)
Server: use a REST framework. My personal choice is RESTEasy. An example: http://ankiewsky.blogspot.com/2010/08/resteasy-on-googleappengine-corerest.html
Update 2:
The simplest possible way - making/handlin a simple POST request:
Android client - making POST request with parameters: http://www.androidsnippets.com/executing-a-http-post-request-with-httpclient
Server handling POST (or GET) and extracting parameters: http://www.exampledepot.com/egs/javax.servlet/GetReqParam.html
Find and follow thoroughly the Topic Index on this page. Gud luck

Categories

Resources