In such case, Add a field in your user table for user type or group (e.g., user_role, membership_level, area).Do you have php knowledge? In our forum there is lot of suggestions are there with that code. I am sharing a little here. Kindly modify it according to your need.
PHP Example: Multi-Group Login API
This script authenticates users, retrieves their group, and returns a JWT token containing user info.
Note: For production, use a secure method for password hashing (e.g., password_hash()) and a proper JWT library.
Complete login.php:
<?php
// login.php
// Database connection (replace with your own credentials)
$conn = new mysqli('localhost', 'db_user', 'db_password', 'db_name');
if ($conn->connect_error) {
die(json_encode(['status' => 'error', 'message' => 'DB connection failed']));
}
// Get POST data
$username = $_POST['username'];
$password = $_POST['password'];
// Prepare statement to prevent SQL injection
$stmt = $conn->prepare("SELECT id, password, user_role FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$user = $result->fetch_assoc();
// Verify password (assuming passwords are hashed)
if (password_verify($password, $user['password'])) {
// Generate JWT token
require 'jwt.php'; // Include JWT functions or library
$payload = [
'user_id' => $user['id'],
'role' => $user['user_role'],
'exp' => time() + 3600 // Token expires in 1 hour
];
$token = generate_jwt($payload);
echo json_encode([
'status' => 'success',
'token' => $token,
'role' => $user['user_role']
]);
} else {
echo json_encode(['status' => 'fail', 'message' => 'Invalid password']);
}
} else {
echo json_encode(['status' => 'fail', 'message' => 'User not found']);
}
$conn->close();
// Example JWT generation function (use a library for production)
function generate_jwt($payload) {
$header = json_encode(['alg' => 'HS256', 'typ' => 'JWT']);
$base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($header));
$payloadJson = json_encode($payload);
$base64UrlPayload = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($payloadJson));
$secret = 'your_secret_key'; // Keep this safe
$signature = hash_hmac('SHA256', $base64UrlHeader . '.' . $base64UrlPayload, $secret, true);
$base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($signature));
return $base64UrlHeader . '.' . $base64UrlPayload . '.' . $base64UrlSignature;
}
?>
MIT App Blocks: Login and Access Control
1. Login Block
- Use the Web component to send POST request to your PHP login script.
- Store the token on success.
- Use the token for subsequent requests.
Blocks:
- Initialize: When user clicks login button:
- Set Web URL to your API endpoint (e.g.,
https://yourwebsite.com/login.php)
- Set Web Method: POST
- Set Web Request Headers: Content-Type: application/x-www-form-urlencoded
- Set Web Post Body: username and password fields
// Example pseudocode for blocks:
When ButtonLogin.Click:
Web1.Url = "https://yourwebsite.com/login.php"
Web1.PostText = "username=" + usernameTextBox.Text + "&password=" + passwordTextBox.Text
Web1.Post()
If Web1.ResponseContent contains "status":"success":
Extract token from response (use JSONTextDecode)
Store token in TinyDB or variable
Show message "Login successful"
Else:
Show message "Login failed"
2. Accessing Protected Content
- When requesting restricted content, send the token in headers or as a URL parameter.
Example:
// To get data:
Web2.Url = "https://yourwebsite.com/protected_content.php?token=" + storedToken
Web2.Get()
- In the server script (
protected_content.php), verify the token before serving content.
3. Token Verification (Server-side)
You’ll need a PHP script to verify JWT tokens sent from the app. For simplicity, this can decode and verify the token’s signature.