Use OAuth to securely send username & password to your server & receive back response...As Facebook, Google, Twitter are using OAuth to Authenticate Users...
OAUth 1.0 - http://oauth.net/
OAuth 2.0 - http://oauth.net/2/
OAuth 2.0 Tutorials
http://tutorials.jenkov.com/oauth2/index.html
http://net.tutsplus.com/tag/oauth-2-0/
or
You can use Below steps to securely Authenticate Users in your android App with HTTP Post Request to your PHP server.
Create HTTP Post request & send username & password with HTTP request to your server
public void postData() {
// Create a new HttpClient and Post Header
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("http://www.yoursite.com/script.php");
try {
// Add your data
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
nameValuePairs.add(new BasicNameValuePair("username", "12345"));
nameValuePairs.add(new BasicNameValuePair("password", "12345676890"));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
// Execute HTTP Post Request
HttpResponse response = httpclient.execute(httppost);
BufferedReader reader = new BufferedReader(new InputStreamReader(response.getEntity().getContent(), "UTF-8"));
StringBuilder builder = new StringBuilder();
for (String line = null; (line = reader.readLine()) != null;) {
builder.append(line).append("\n");
}
builder.toString();
//Use builder.toString() to see output
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
} catch (IOException e) {
// TODO Auto-generated catch block
}
}
Receive username & password in script.php file on your server
below code is for mysql database -
if(isset($_POST)){
$username = $_POST['username'];
$password = $_POST['password'];
//Connect to your database & check if above values exists in your user database or not
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($myusername);
$password = stripslashes($mypassword);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
//echo back the success string with code in JSON or any other format
echo "SUCCESS:User is registered";
}
else {
echo "FAILURE:Wrong Username or Password";
}
}
Parse out response from HTTP request in your Android Activity & based on response check if user is registered or not
Parse response from this line..
HttpResponse response = httpclient.execute(httppost);
BufferedReader reader = new BufferedReader(new InputStreamReader(response.getEntity().getContent(), "UTF-8"));
StringBuilder builder = new StringBuilder();
for (String line = null; (line = reader.readLine()) != null;) {
builder.append(line).append("\n");
}
builder.toString();
//Use builder.toString() to see output
