Any help/advice/direction would be greatly appreciated. Try bearing with me even if this question is not specific.
I am working on a web application which will connect to a pre-existing commercial cloud-based calendar which will have schedules for a certain event.
I will have a authorize button which will simply ask the users to enter their credentials for that cloud-based calendar. Once users enter their credentials successfully, I want my application to connect to the cloud-based application's database and fetch the necessary data.
The flow will be like
Users -> Click Authorize button -> Enter credentials -> Connect to the system -> Get the necessary data -> Update it in my web application.
I am on a point of drawing a blank because I don't find any useful resources on how to gain access to a separate application and fetching the data. I am aware I have to build an API of some sort to communicate with that system, but I don't know exactly HOW.
Sorry, if I am not making sense, but I really want some help here. Are there some libraries which provide a similar functionality? How should I even start? I am using PHP as a server-side language.
Depends much on the resources available ate the platform. But if it has PHP, you can implement RESTFUL services that exchange data using JSON as Channaveer Hakari response, except that maybe you wouldn't take data from mySQL, but the flow and technologies and protocol are that (RESTFULL services, data delivered JSON type, because it can be consumed on a great variety of programming languages).
It really depends on how the cloud calendar likes to be interacted with.
Are you able to tell us what service it is?
For example, if it supports OAuth that may be a way to register your app with the service for that user, and then allow your app to update data to their account. This is how for example Facebook works when it asks your for a third party website to have permission to look at your contacts and make posts to your wall etc. This is almost the defacto standard of the Internet these days for your use case.
Alternatively it could be a case of like you said, grabbing their credentials and storing them, then connecting to the calendars REST API with those credentials and making updates. I would say this is a bad approach from a security point of view. No user should give their credentials to a third party and trust them. That is a bad idea. It's one of the reasons OAuth exists.
If you're building a small app for a small company for internal use only the second approach may be fine. I'll leave it up to you to decide.
Button On Click -> Redirect to Login Form
Loging Form ->User Enters Credentials -> Submit Form
In the respective action page ie. the page where you will post the data, you will have Username/Email and Password
You have to authenticate. Now to authenticate you can't have the direct access to the other server database (cloud database directly) so you need to call the API of the respective cloud base database for which you want to authenticate. For this call, you can use CURL call with POST parameters or any necessary HTTP request like GET, POST, PUT, DELETE, PATCH. Make sure you use the TOKEN based API call. Even you can go for any respectively secured API calls as per the cloud database design for security.
BONUS: So what is token-based API call? Whenever you're requesting the API call to cross server ie. other servers make sure you can some random text sent along with the other parameters. The server on the other hand which received your request make sure to validate this token from its respective database table to make sure that you're the valid user and allows you to perform the necessary action like get customer details, get product details and so on.
The authentication API returns the AUTHENTICATED data. Based on that you can continue to perform the actions.
In case if the authentication fails, then you can flash the invalid credentials error message to the user.
If its success then you will be granted the access and you can now perform an insertion data to your database.
To read the data from the other database table, since you won't have the necessary permission you can't directly access it. Make the API call to the respective function to get all the necessary data, whether it may be GET, POST, PUT, DELETE, PATCH.
As of now think that you want to get all the data of table CUSTOMER then you will have to make GET request to the API which returns the JSON data.
Now its left to you what you want to do with this data. Whether you want to save this in your respective database table or play around with it on the fly.
To learn how to write the API's
Eg:
NOTE: I have not added any security check make sure you work out on the same
Think that your doing GET request to get the details of the customers then you can do like the following
API URL: http://127.0.0.1/project/getCustomers.php?token=2fdsd5f42314sfd85sds REQUEST METHOD: GET
<?php
include_once 'dbConnect.php'; //I am having $link as database link
//Only !isset will also work
$errors = [];
if(empty($_GET['token']) || !isset($_GET['token'])){
$errors[] = 'Token not found!';
}else{
$token = $_GET['token'];
}
//tokens table will have (id, user_id, token) coloumns
$tokenQuery = mysqli_connect($link, "SELECT * FROM tokens WHERE token = '$token' LIMIT 1");
//If I get any result with the respective token
if(mysqli_num_rows($tokenQuery) > 0){
$tokenDetails = mysqli_fetch_assoc($tokenQuery);
$userId = $tokenDetails['user_id'];
/* Now you can check whether the user has Authorization to access the particular module */
$isUserAuthorized = checkUserAuthorizationModule($userId); //Please help your self to do this all checks
if($isUserAuthorized === TRUE){
$customersQuery = mysqli_query($link, "SELECT * FROM customers");
$customersDetails = [];
if(mysqli_num_rows($customersQuery) > 0){
while($row = mysqli_fetch_assoc($customersQuery)){
$customersDetails[] = $row;
}
}
return json_encode([
'customerDetails' => $customersDetails
]);
}
}else{
$errors[] = 'Token is not valid';
}
return json_encode([
'errors' => $errors
]);
There's one way you could do it...
I'm gona get creative here:
Hit an API endpoint on your server, deliver 'username' and 'password'.
Store username and password to a .txt file on this server. The name of the txt file is the timestamp 'now'
On this same server, launch a chain of USER INTERFACE commands, something like this (using a library like xdotool):
have the client webapp check constantly for that .txt file with the calendar info. Once the info is fetched, display it on your screen.
Voila.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With