PHP AJAX Login with JWT and Fetch API: Login users using AJAX to send JWT to a server API

Recommend this page to a friend!

Download

Info

Example

Files

Install with Composer

Download

Reputation

Support forum

Blog

Links

Ratings				Unique User Downloads		Download Rankings
Not enough user ratings				Total: 138		All time: 9,244 This week: 51

Version		License		PHP version		Categories
`ajax-login` 1.0.0		MIT/X Consortium ...		7		HTTP, Cryptography, User Management, W..., S..., A..., P...

Description

Author

Rodrigo Faustino

This package can log users in using AJAX to send JWT to a server API.

It implements a REST API to process requests on user accounts stored in a database on the server side.

The package provides code that uses the JavaScript Fetch API to send AJAX requests to server side API to perform several types of operations with user accounts.

It uses JWT (JSON Web Tokens) to send user authentication and authorization requests securely.

Login com Jwt, padr�o MVC e REST - teste na URL abaixo, projeto criado para ensinar como gerenciar perfis distintos com arquitetura desacoplada

Innovation Award

December 2023
Number 7

A JSON Web Token (JWT) is a text string with values encoded in the JSON format that stores values that may be signed using cryptography methods, so it can be used to transmit messages verified when the messages reach the destination.

Modern browsers already support the JavaScript Fetch API. Using this API, developers can use a more modern way to send asynchronous requests from browsers to an API running on the Web server side.

This package uses both JWT and the Fetch API to implement a user login and management system that can replace traditional systems that use XMLHttpRequest object support to send AJAX requests to a server-side API implemented in PHP to authenticate and authorize user access securely.

Manuel Lemos

Rodrigo Faustino

Performance

Level

Name:	Rodrigo Faustino `<contact>`
Classes:	37 packages by Rodrigo Faustino
Country:	Brazil
Age:	41
All time rank:	2330	158 in Brazil
Week rank:	1

Level 1

Innovation award

Nominee: 23x

Winner: 4x

Example


<?php

namespace App\Router;

require "../../vendor/autoload.php";



use App\Controller\PerfilPermissaoController;

use App\Controller\UsuarioController;

use App\Model\Perfil;

use App\Model\Usuario;

use App\Controller\PermissaoController;



use Bramus\Router\Router;

$usuario = new Usuario();

$router = new Router();

$permitido = new PermissaoController();



    // In case one is using PHP 5.4's built-in server

    $filename = __DIR__ . preg_replace('#(\?.*)$#', '', $_SERVER['REQUEST_URI']);

    if (php_sapi_name() === 'cli-server' && is_file($filename)) {

    return false;

}





    $router->set404(function () {

        header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');

        echo '404, route not found!';

    });



  

    $router->set404('/test(/.*)?', function () {

        header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');

        echo '<h1><mark>404, route not found!</mark></h1>';

    });



    $router->set404('/api(/.*)?', function() {

        header('HTTP/1.1 404 Not Found');

        header('Content-Type: application/json');

        $jsonArray = array();

        $jsonArray['status'] = "404";

        $jsonArray['status_text'] = "route not defined";

        echo json_encode($jsonArray);

    });



 

    $router->before('GET', '/.*', function () {

        header('X-Powered-By: bramus/router');

    });

    

   

    

    // GET token

    $router->get('/token', function () {

        $permitido = new PermissaoController();

        $permitido->verToken();

    });

    // Rota Login

    $router->post('/login', function () {

        $body = json_decode(file_get_contents('php://input'), true);

        $usuario = new Usuario();

        if (isset($body['email'])) {

            $usuario->setEmail($body['email']);

            $senha=$body['senha'];

            $lembrar=$body['lembrar'];

            $usuariosController = new UsuarioController($usuario);

            $resultado = $usuariosController->login($senha,$lembrar);

            if(!$resultado['status']){

                echo json_encode(['status' => $resultado['status'], 'message' => $resultado['message']]);

               exit;

            }

            echo json_encode(['status' => $resultado['status'], 'message' => $resultado['message'],'token'=>$resultado['token']]);

            exit;

        }

    });

    $router->post('/recuperarsenha', function () {

        $body = json_decode(file_get_contents('php://input'), true);

        $usuario = new Usuario();

        if (isset($body['email'])) {

            $usuario->setEmail($body['email']);

            $usuariosController = new UsuarioController($usuario);

            $resultado = $usuariosController->recupasenha();

            if(!$resultado['status']){

                echo json_encode(['status' => $resultado['status'], 'message' => $resultado['message']]);

               exit;

            }

            echo json_encode(['status' => $resultado['status'], 'message' => $resultado['message']]);

            exit;

        }

    });

    // Todos metodos Usuarios

    $router->mount('/Usuarios', function () use ($router) {

        $router->get('/', function () {

            $permitido = new PermissaoController();

            $permitido->autorizado();

            $usuario = new Usuario();

            $usuariosController = new UsuarioController($usuario);

            $resultado = $usuariosController->listarUsuarios();

            if(!$resultado){

                echo json_encode(["status" => false, "Usuarios" => $resultado,"mensagem"=>"nenhum resultado encontrado"]);

                exit;

            }else{

                echo json_encode(["status" => true, "Usuarios" => $resultado]);

                exit;

            }

        });



        $router->get('/(\d+)', function ($id) {

            $permitido = new PermissaoController();

            $permitido->autorizado();

            $usuario = new Usuario();

            $usuariosController = new UsuarioController($usuario);

            $resultado = $usuariosController->buscarPorId($id);

                if(!$resultado){

                    echo json_encode(["status" => false, "Usuarios" => $resultado,"mensagem"=>"nenhum resultado encontrado"]);

                    exit;

                }else{

                    echo json_encode(["status" => true, "Usuario" => $resultado]);

                    exit;

                }

        });



        $router->put('/(\d+)', function ($id) {

            $permitido = new PermissaoController();

            $permitido->autorizado();

            echo 'Update usuario id ' . htmlentities($id);

        });

        $router->post('/Registrar', function () {

            $body = json_decode(file_get_contents('php://input'), true);

            $usuario = new Usuario();

            $usuario->setNome($body['nome']);

            $usuario->setEmail($body['email']);

            $usuario->setSenha($body['senha']);

            $usuario->setPerfilId(2);

            $usuariosController = new UsuarioController($usuario);

            $resultado = $usuariosController->adicionarUsuario();

            echo json_encode(['status' => $resultado]);

        });

    });

    $router->get('/Perfil', function () {

        $permitido = new PermissaoController();

        $permitido->autorizado();

        $controller = new PerfilPermissaoController();

            $resultado = $controller->listarTodos();

            if (!$resultado) {

                echo json_encode(["status" => false, "mensagem" => "Nenhum perfil encontrado"]);

                exit;

            } else {

                echo json_encode($resultado);

                exit;

            }     

    });

    // Todos metodos Permissao

    $router->mount('/Permissao', function () use ($router) {

        $router->get('/', function () {

            $permitido = new PermissaoController();

            $permitido->autorizado();

            $controller = new PerfilPermissaoController();

            $resultado = $controller->listarPermissoes();

            if (!$resultado) {

                echo json_encode(["status" => false, "mensagem" => "Nenhuma permissao encontrado"]);

                exit;

            } else {

                echo json_encode($resultado);

                exit;

            }     

        });



        $router->get('/(\d+)', function ($id) {

            $permitido = new PermissaoController();

            $permitido->autorizado();

            $perfil = new Perfil();

            $perfil->setId($id);

            $controller = new PerfilPermissaoController();

            $resultado = $controller->obterPermissoesDoPerfil($perfil);

            if (!$resultado) {

                echo json_encode(["status" => false, "mensagem" => "Nenhum resultado encontrado"]);

                exit;

            } else {

                echo json_encode($resultado);

                exit;

            }

        });

        $router->post('/', function () {

            $permitido = new PermissaoController();

            $permitido->autorizado();

            $body = json_decode(file_get_contents('php://input'), true);

            $perfil = new Perfil();

            $controller = new PerfilPermissaoController();

            $perfil->setId($body['perfilId']);

            $resultado = $controller->adicionarPermissao($perfil, $body['nome']);

            echo json_encode(['status' => $resultado]);

        });

        $router->put('/(\d+)', function ($id) {

            $permitido = new PermissaoController();

            $permitido->autorizado();

            echo 'Update usuario id ' . htmlentities($id);

        });

        $router->delete('/(\d+)', function ($id) {

            $permitido = new PermissaoController();

            $permitido->autorizado();

            $controller = new PerfilPermissaoController();

            $perfil = new Perfil();

            $body = json_decode(file_get_contents('php://input'), true);

            $perfil->setId($id);

            $resultado = $controller->removerPermissao($perfil, $body['nome']);

            echo json_encode(['status' => $resultado]);

        });

    });



    $router->run();



// EOF

Details

Sistema de Login com JWT

Sistema de autentica��o simples utilizando JSON Web Tokens (JWT).

Requisitos

PHP
Biblioteca `firebase/php-jwt`

Instala��o

Clone o reposit�rio depois instale a dependencia abaixo Instale a biblioteca via composer:

composer require firebase/php-jwt
composer require bramus/router
composer update

Uso

Ap�s a instal�ao das depend�ncias acima mencionadas, uma para gerenciar a cria��o e valida��o do token, a outra � para gerenciar rotas semelhante o que acontece com os principais frameworks, onde � capturado o metodo e o recurso e direciona para a fun��o no contralador especifico.

Login

Ao realizar o login, um token JWT � gerado para o usu�rio com base em suas credenciais. o frontend recebe o token caso a autentica��o seja bem sucedida, e o javascript "x.js" a cada 1 minuto faz uma requisi��o para verificar o token e verificar as telas autorizadas pela passoa logada.

$key = "YOUR_SECRET_KEY";
$payload = [
 "iss" => "localhost",
 "aud" => "localhost",
 "iat" => time(),
 "exp" => time() + 3600,  // Expira em 1 hora
 "sub" => "[email protected]"
];

$jwt = JWT::encode($payload, $key);

Valida��o de Token Para validar o token recebido em requisi��es subsequentes:

$key = "YOUR_SECRET_KEY";

try {
    $decoded = JWT::decode($token, $key, ['HS256']);
    // Token � v�lido
} catch(Exception $e) {
    // Token inv�lido
}

Estrutura do Projeto

backend/Controller/UsuarioController.php: Cont�m a l�gica para gerar e validar o JWT. backend/Router/: Roteamento e processamento das requisi��es HTTP.

Como Usar

Login Para fazer login, envie uma requisi��o POST para backend/Router/ com os campos email e senha. Se for bem-sucedido, voc� receber� um JWT que ser� usado para futuras autentica��es, salvando em sessionStorage.

    const response = await fetch(urlBase+'backend/Router/login', {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json'
        },
        body: JSON.stringify({ email, senha: password,lembrar })
    });
    const data = await response.json();
    if (data.status) {
        sessionStorage.setItem('token', data.token);
        window.location.href = "index.html"; 
    }

Validar Token Para validar o token, envie uma requisi��o GET para backend/Router/loginRouter.php com o token no cabe�alho de Autoriza��o. O token ser� validado e, se ainda estiver v�lido, a resposta ser� positiva.

B�nus (recursos adicionais)

Os javascripts cards e times fazem uma busca fetch para um json que est� estruturado, e o javascript ler o conte�do e monta os cards, essa parte foi criada para mostrar a manipula��o do DOM sem um banco de dados

Files (154)

File	Role	Description
`backend` (2 files, 5 directories)
`css` (2 files)
`img` (7 files)
`js` (8 files, 1 directory)
`sql` (1 file)
`vendor` (1 file, 4 directories)
`composer.json`	Data	Auxiliary data
`composer.lock`	Data	Auxiliary data
`esqueci.html`	Data	HTML page
`index.html`	Data	HTML page
`login.html`	Data	HTML page
`pessoas.html`	Data	HTML page
`projetos.html`	Data	HTML page
`readme.md`	Doc.	Documentation
`registrar.html`	Data	HTML page

File	Role	Description
`Controller` (4 files)
`Cryptonita` (1 file)
`Database` (5 files)
`Model` (3 files)
`Router` (5 files)
`.htaccess`	Data	Auxiliary data
`index.php`	Example	Example script

File	Role	Description
`EnviaEmail.php`	Class	Class source
`PerfilPermissaoController.php`	Class	Class source
`PermissaoController.php`	Class	Class source
`UsuarioController.php`	Class	Class source

File	Role	Description
`banco_x.sqbpro`	Data	Auxiliary data
`config.php`	Aux.	Auxiliary script
`configEmail.php`	Aux.	Auxiliary script
`Connection.php`	Class	Class source
`Crud.php`	Class	Class source

File	Role	Description
`Perfil.php`	Class	Class source
`Permissao.php`	Class	Class source
`Usuario.php`	Class	Class source

File	Role	Description
`styleaTime.css`	Data	Auxiliary data
`w3.css`	Data	Auxiliary data

File	Role	Description
`1.png`	Icon	Image
`2.png`	Icon	Image
`3.png`	Icon	Image
`img_avatar4.png`	Icon	Image
`team1.jpg`	Photo	Team member image
`team2.jpg`	Photo	Team member image
`team3.jpg`	Photo	Team member image

File	Role	Description
`json` (2 files)
`cards.js`	Data	Auxiliary data
`esqueci.js`	Data	Auxiliary data
`gerenciar.js`	Data	Auxiliary data
`getUsers.js`	Data	Auxiliary data
`login.js`	Data	Auxiliary data
`registrar.js`	Data	Auxiliary data
`times.js`	Data	Auxiliary data
`token.js`	Data	Auxiliary data

File	Role	Description
`cards.json`	Data	Auxiliary data
`times.json`	Data	Auxiliary data

File	Role	Description
`bramus` (1 directory)
`composer` (11 files)
`firebase` (1 directory)
`phpmailer` (1 directory)
`autoload.php`	Aux.	Auxiliary script

File	Role	Description
`.github` (1 directory)
`demo-multilang` (2 files)
`demo` (2 files)
`src` (1 directory)
`tests` (2 files)
`.php_cs.dist`	Example	Example script
`CHANGELOG.md`	Data	Auxiliary data
`composer.json`	Data	Auxiliary data
`LICENSE`	Lic.	License text
`phpunit.xml.dist`	Data	Auxiliary data
`README.md`	Doc.	Documentation

File	Role	Description
`bootstrap.php`	Aux.	Auxiliary script
`RouterTest.php`	Class	Class source

File	Role	Description
`autoload_classmap.php`	Aux.	Auxiliary script
`autoload_namespaces.php`	Aux.	Auxiliary script
`autoload_psr4.php`	Aux.	Auxiliary script
`autoload_real.php`	Class	Class source
`autoload_static.php`	Class	Class source
`ClassLoader.php`	Class	Class source
`installed.json`	Data	Auxiliary data
`installed.php`	Aux.	Auxiliary script
`InstalledVersions.php`	Class	Class source
`LICENSE`	Lic.	License text
`platform_check.php`	Aux.	Auxiliary script

File	Role	Description
`src` (8 files)
`CHANGELOG.md`	Data	Auxiliary data
`composer.json`	Data	Auxiliary data
`LICENSE`	Lic.	License text
`README.md`	Doc.	Documentation

File	Role	Description
`BeforeValidException.php`	Class	Class source
`CachedKeySet.php`	Class	Class source
`ExpiredException.php`	Class	Class source
`JWK.php`	Class	Class source
`JWT.php`	Class	Class source
`JWTExceptionWithPayloadInterface.php`	Class	Class source
`Key.php`	Class	Class source
`SignatureInvalidException.php`	Class	Class source

File	Role	Description
`language` (53 files)
`src` (7 files)
`COMMITMENT`	Data	Auxiliary data
`composer.json`	Data	Auxiliary data
`get_oauth_token.php`	Example	Example script
`LICENSE`	Lic.	License text
`README.md`	Example	Example script
`SECURITY.md`	Data	Auxiliary data
`VERSION`	Data	Auxiliary data

File	Role	Description
`phpmailer.lang-af.php`	Aux.	Auxiliary script
`phpmailer.lang-ar.php`	Aux.	Auxiliary script
`phpmailer.lang-az.php`	Aux.	Auxiliary script
`phpmailer.lang-ba.php`	Aux.	Auxiliary script
`phpmailer.lang-be.php`	Aux.	Auxiliary script
`phpmailer.lang-bg.php`	Aux.	Auxiliary script
`phpmailer.lang-ca.php`	Aux.	Auxiliary script
`phpmailer.lang-cs.php`	Aux.	Auxiliary script
`phpmailer.lang-da.php`	Aux.	Auxiliary script
`phpmailer.lang-de.php`	Aux.	Auxiliary script
`phpmailer.lang-el.php`	Aux.	Auxiliary script
`phpmailer.lang-eo.php`	Aux.	Auxiliary script
`phpmailer.lang-es.php`	Aux.	Auxiliary script
`phpmailer.lang-et.php`	Aux.	Auxiliary script
`phpmailer.lang-fa.php`	Aux.	Auxiliary script
`phpmailer.lang-fi.php`	Aux.	Auxiliary script
`phpmailer.lang-fo.php`	Aux.	Auxiliary script
`phpmailer.lang-fr.php`	Aux.	Auxiliary script
`phpmailer.lang-gl.php`	Aux.	Auxiliary script
`phpmailer.lang-he.php`	Aux.	Auxiliary script
`phpmailer.lang-hi.php`	Aux.	Auxiliary script
`phpmailer.lang-hr.php`	Aux.	Auxiliary script
`phpmailer.lang-hu.php`	Aux.	Auxiliary script
`phpmailer.lang-hy.php`	Aux.	Auxiliary script
`phpmailer.lang-id.php`	Aux.	Auxiliary script
`phpmailer.lang-it.php`	Aux.	Auxiliary script
`phpmailer.lang-ja.php`	Aux.	Auxiliary script
`phpmailer.lang-ka.php`	Aux.	Auxiliary script
`phpmailer.lang-ko.php`	Aux.	Auxiliary script
`phpmailer.lang-lt.php`	Aux.	Auxiliary script
`phpmailer.lang-lv.php`	Aux.	Auxiliary script
`phpmailer.lang-mg.php`	Aux.	Auxiliary script
`phpmailer.lang-mn.php`	Aux.	Auxiliary script
`phpmailer.lang-ms.php`	Aux.	Auxiliary script
`phpmailer.lang-nb.php`	Aux.	Auxiliary script
`phpmailer.lang-nl.php`	Aux.	Auxiliary script
`phpmailer.lang-pl.php`	Aux.	Auxiliary script
`phpmailer.lang-pt.php`	Aux.	Auxiliary script
`phpmailer.lang-pt_br.php`	Aux.	Auxiliary script
`phpmailer.lang-ro.php`	Aux.	Auxiliary script
`phpmailer.lang-ru.php`	Aux.	Auxiliary script
`phpmailer.lang-si.php`	Aux.	Auxiliary script
`phpmailer.lang-sk.php`	Aux.	Auxiliary script
`phpmailer.lang-sl.php`	Aux.	Auxiliary script
`phpmailer.lang-sr.php`	Aux.	Auxiliary script
`phpmailer.lang-sr_latn.php`	Aux.	Auxiliary script
`phpmailer.lang-sv.php`	Aux.	Auxiliary script
`phpmailer.lang-tl.php`	Aux.	Auxiliary script
`phpmailer.lang-tr.php`	Aux.	Auxiliary script
`phpmailer.lang-uk.php`	Aux.	Auxiliary script
`phpmailer.lang-vi.php`	Aux.	Auxiliary script
`phpmailer.lang-zh.php`	Aux.	Auxiliary script
`phpmailer.lang-zh_cn.php`	Aux.	Auxiliary script

File	Role	Description
`DSNConfigurator.php`	Class	Class source
`Exception.php`	Class	Class source
`OAuth.php`	Class	Class source
`OAuthTokenProvider.php`	Class	Class source
`PHPMailer.php`	Class	Class source
`POP3.php`	Class	Class source
`SMTP.php`	Class	Class source

	ajax-login-2023-12-05.zip 914KB
	ajax-login-2023-12-05.tar.gz 856KB
	Install with Composer