I am working on my first app so I am not so experienced with this stuff yet. I have figured out how to send a POST request url to a php page and process the php to register a new user in the mySQL database or log in to the app by connecting to the database to see if the user exists.
First off, does that seem correct? To just send the request to register a user with text field variables and to log in by checking if the text field information exists in the database or should I be implementing some other ways to do this?
Second, What should I be doing once the user enters in his credentials in order to tell the app that the user is logged in so that if the app closes down and the user goes back to the app, it will automatically log the user back in.
That being said, the way this app is going to work (as of now) is the user will log into the app, and the log in view will go to a different view but then the user can log out and it will go back to the log in view. Once I can tell the app that the user is logged in, I should be able to tell the app that the user isn't logged in anymore.
How you implement your database security is up to you. I would recommend you route your authorization/updates/gets/posts to an API so you don't need a PHP "middle man" (unless the PHP is your API) and you can send requests directly to the API layer and handle the rest on the server.
As for the plain text part, it is a common security practice to encrypt passwords on the database. On the client side, I'd suggest using the Apple Keychain to store the username/password for future use. In iOS, this can be easily implemented using this Keychain Wrapper if you're using ARC or this one if you aren't.
Related
I'm developing application with unity and I have api for login and logout users to their profile.
Imaging user logged in application and He/She uninstall application. Then another user install the app and when run it, He/She is Logged in !
What is the best way to logging out user when application uninstalled?
Use an external file to save a unique code for your user. After each run, check the file's value with the user's code on server's side data. if it matches, let him logs in.
After Uninstalling, remove this file. Then the game cannot find the user's code and will ask him to log in.
I've used NSUser Defaults in my app and generally it stores the user data while signing up and deletes those data while logging out. So, when the user signsup and then logs in, the stored data in NSUser Defaults makes the auto login part effective, even when the user closes the app and re opens it again.
But the problem is, when the user logs out, its asking him to signup again. What i want is that, if the user signsup, that information should be stored permenantly and when he signs out, it shouldnt ask him to signup again as it should only clear the memory of the login page , so that the other user can use the same app.
Iam using iOS 5. So, can i use SQLite database(to store the signedup info permenantly) and NSUser Defaults(to clear the memory of the login page) together in my app? Or is there any alternate solution to this?
If you are using an Auto login System and storing username and password you should be using the Keychain, not NSUSerDefaults
Read Here for more details about using the Keychain.
You can also use the keychain to control login sessions, Im not sure but i think even if the user deletes their app, the details stay in the keychain incase they reinstall the app
It seems that your app is offline and multiple users can signup and login in the same app (phone), so i think that best approach will be to save the signup data in sqlite database (you can use coredata)
and login info in NSUserDefaults. So when user logsout you just clear your NSUserDefaults value only. Also at login time you can check from your databases that user exist or not as all the users data who have signedup is stored in your database. Also if there is a functionality that user can delete his account, than just clear that user entry from the database.
Hope this helps....
I'm curious to know how facebook has implemented authentication on mobile app.
The app is installed on the mobile device, then (the first time), it ask you email and password and store them. Where? In a file? Or in a sqlite db? And how facebook protect them?
The next time, the app doesn't prompt the login, so i think that user and password are sent automatically by the app. Also I read that, after the login, the facebook's api generate a token used during the request/responses between mobile and server.
It would be this token I'm guessing that's associated with your account to allow communication between the mobile client and the facebook servers. I doubt that your password and username are stored in a file anywhere locally but they would be stored someplace within facebook servers encrypted.
i believe its stored in sqlite db. because at times when i'm trying to logging in over a slow network,or if the connection is unsuccessful i get this particular error message in logcat
"sqlite code returned 0".
I'm building an iPhone app that, in part, allows the user to log in to, pull data, and post data back to a Wordpress site (more specifically, Buddypress). One way I'm considering approaching this problem is to use a series of UIWebViews to display the mobile-themed version of the site.
Ideally, I want the user to be able to, upon first-launch of the app, input their username and password, and then never have to do it again (functionally similar to tons of other social apps out there, like Facebook, Twitter, etc.)
Here's my question - obviously it is easy to store the user's login credentials, but how do I, in the background, establish an authenticated and persistant session with those credentials each time the app opens, so for the user, they are never presented with a login screen again, and can just use the app like normal?
Does anybody have any suggestions?
WordPress uses XMLRPC to authenticate. You can, on top of the API given, write your own codes to store credentials. Persistent session can then be made.
Read this FAQ : XML-RPC Support for WordPress
I am Making an Iphone application which is web-service enabled. Also I have skeleton of this application.I am using rest to feed the contents of view controllers. When application is launched it is presented with Login page asking username and password. Clicking Login button sends request to server and in response xml data is fetched. Then I parse this data to get user logged. But i dont know how will i manage sessions,and how clicking logout button will end this session. This application is most-like RSSFeeder,means user gets real-time data.
Any help would be greatly appreciated.Thank You All.
As it seems obvious you are using REST connection,you need not take session in consideration.
just feed your username and password and other stuff in the URLRequest and make connections.
You can also use Setting perferences in settings.Bundle to autofeed your URLRequest.