gistfile1.php

<?php

require "/classes/Database.php";
header("Content-type: text/json");

$dbinfo = array(
    "host" => "127.0.0.1",
    "user" => "root",
    "pass" => "",
    "name" => "hiskor"
);

$db = new Database ( $dbinfo );

// Checks the type of request
$_POST['type'] = isset($_POST['type']) ? $_POST['type'] : null ;
switch ($_POST['type'])
{
    case 'login':
        login();
    break;

    case 'register':
        register();
    break;
}

function sendResponse($status = '200', $body = '', $content_type = 'text/json')
{
    $status_header = 'HTTP/1.1 ' . $status;
    header($status_header);
    header('Content-type: ' . $content_type);
    echo $body;
}

function login()
{

    global $HTTP_RAW_POST_DATA, $db;
    // remove the second argument or pass false if you want to use an object
    //$user_info = json_decode($HTTP_RAW_POST_DATA, false);
    // Check for required parameters
    if (isset($_POST['username']) && isset($_POST['passwordMD5']))
    {
        //Put parameters into local variables
        $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string($_POST['passwordMD5']);

        $db->query("SELECT password FROM users WHERE username=?")->bind(1, $username)->execute();
        if ($db->getTotalRows()) {
            $result = $db->fetch();
            $resultpassword = $result['password'];
        }

        // Username or password invalid
        if ($passwordMD5 == $resultpassword) {
            $token = generateToken();
            sendResponse(200, json_encode(array(
                'username' => $username,
                'token'    => $token
            )));
            return true;
        } else {
            sendResponse(400, 'Invalid Username or Password');
            return false;
        }
    }
    //sendResponse(401, 'Not enough parameters');
    return false;
}

function register()
{
    global $HTTP_RAW_POST_DATA, $db;

    if (isset($_POST['username']) && isset($_POST['passwordMD5']) && isset($_POST['email']))
    {
        $username = mysql_real_escape_string($_POST['username']);
        $passwordMD5 = mysql_real_escape_string($_POST['passwordMD5']);
        $email = mysql_real_escape_string($_POST['email']);

        $db->query("SELECT username, email FROM users WHERE username=? OR email=?")->bind(1, $username)->bind(2, $email)->execute();
        if ($db->getTotalRows()) {
            $result = $db->fetch();
            $resultusername = $result['username'];
            $resultemail = $result['email'];
        }

        if ($username != $resultusername || $email != $resultemail) {
                $db->query("INSERT INTO users (username', 'password', 'email') VALUES (username, passwordMD5, email)")->bind(1, $username)->bind(2, $passwordMD5)->bind(3, $email)->execute();
                sendResponse(200, json_encode(array(
                    'username'  => $username,
                    'email'     => $email,
                    'status'    => 'Registration Passed'
                )));
                return true;
            } else {
                sendResponse(400, json_encode(array(
                    'username'  => $username,
                    'email'     => $email,
                    'status'    => 'Registration Failed'
                )));
                return false;
            }
    }
    return false;
}

function generateToken()
{
    $token_length = 25;
    $token = '';
 
    for ($length = 0; $length < $token_length; $length++) {

        $num = mt_rand(48, 122);

        if ($num == '92') {
            $num = '93';
        }

        $token .= chr($num);
    }
    return $token;
}