Issue with SSL (https://) and my app inventor 2 app.

[8iMultimedia]

Hi! I have been working with ai 2 for a while but until recently, I found an issue with the new SSL certificate from my hosting provider. I cant´connect anymore my app when I direct my URL to https:// like when I did connect to http://.

My app inventor app gets to "call" a few .php files, but not anymore!.

NOTE: If type the address directly from the browser it does work and connect, but from the app inventor 2 app it does not! Any help would be greatly appreciated.

Thanks in advance and have a great day!

[Chris Ward]

Hello 8iMultimedia

I think we need to see your code blocks and we need to understand more about what it is you are trying to do - access a database on your own website? Download data or files?

[8iMultimedia]

Thanks for the quick response!

This is my connection (https://) Then after I get connected I will use a .php file to query a database. It actually worked before, when I used http://, but now with https:// it does not!

[Chris Ward]

Hi again

Since your website moved on to https, have you tried your code using http? I ask because since you submit User Name and Password, your request could be accepted via http even though the site is https (show us the error code returned if not).

It's late here so hopefully another Power-User will pick-up your post if required. Please let us know what happens, good or bad :)

It will probably be helpful to post one of the php files here too.

[8iMultimedia]

Thanks again.

Yes I have tried to use my code with http. And it works! But, the thing here is that I need to use it via https, because I require to implement the SSL security.

I am pasting the corresponding code to the blocks I previously shared. Appreciate much your support Chris! Hope someone else can help me from this point.

<?php

require("../../xpress/conex.php");

$sql=$conex->query("SELECT * FROM  `tblogindrv` where usuario='".$_REQUEST['usuario']."' and password='".$_REQUEST['password']."'" );

 

 //verifica si existe la consulta

if (!$sql) {

    die('No se pudo conectar');

}

 

// verifica si tiene registro y si es asi mostrar los datos

if($row_cnt = $sql->num_rows>0){

       

       $fila = $sql->fetch_array(MYSQLI_ASSOC);

 

        echo $fila['nivel'];

echo ",";

$sql=$conex->query("UPDATE `tblogindrv` SET activo=1 WHERE usuario='".$_REQUEST['usuario']."' and password='".$_REQUEST['password']."'" );

echo "login ok";

    }

else{

       echo "error login";

}

/* liberar la serie de resultados */

$sql->free();

/* cerrar la conexión */

$conex->close();

?>

[Chris Ward]

Hi again

Well, the SSL on your website is there primarily to protect the site from uninvited intrusions and downloads - that is basis of the security. By having a Username and password setup, permission is granted for site access if those credentials are good, which is why I suggested that the http code could work.

So, the login needs to be upgraded to https - and like App Inventor, use OAuth/OAuth2 to access the site?

Try this: https://eixerits.wordpress.com/2013/02/03/a-login-template

[Ghica]

Is it your own PHP that you are showing us?

To my opinion it is insecure, because you use $_REQUEST to read the POST variables. The malicious user could change the query by using a GET request instead and use SQL injection to enter your site. I am not going to point out how here.

Using $_POST would make it better, but you cannot type the URL directly anymore then, instead you would need a form.

See also here: http://php.net/manual/en/reserved.variables.request.php

Cheers, Ghica

[8iMultimedia]

Thanks Chris and Ghica, I will try both your suggestions for sure!. As soon as I get a result I will post and describe what happened with my app and its interaction with https.

I appreciate your time and knowledge shared.

Sincerely, Fernando Sañudo B.