Help making login for app

Solar2D General Questions/Discussion
#1

I am developing an app for my school.

I need help making a login part of the app so that only students, parents, and teachers can login with the correct credentials given to them.

I need help with these parts:

  1. I have gotten all the login info (school username and password to access computers in the school) for all the students at my school from the technicians, but I don’t know if I should put these in a database or in a local file on the app.

  2. Once done with the 1st step, I need to know how to make it so that if the student, parent, or teacher puts in the wrong username or password, it won’t let them use the app. But if they out the right info inm it allows them to access the app.

  3. Next, I also need to know how to make it so that if a student, parent, or teacher forgets their password, instead of coming to the school and asking, the app could send it to the email of the student, parent, or teacher. (the email address is included with the login info in step 1)

It would greatly help me if someone could give me detailed info on how to do this. (code examples would be great!)

Thanks!

~Landon [import]uid: 111492 topic_id: 28394 reply_id: 328394[/import]

#2

  1. For security reasons you need to store the password information on a server and not in a local file in the application. Anything you store in a local file can be accessed if someone has physical access to the device.

  2. The app will need to hash the password entered by the user (e.g. MD5) and send it to the server along with the logon email address (hashed for additional security) to the server (see item #3). The server will evaluate the information and return a go/no go for access.

  3. You also need to store a hashed version (e.g., MD5) of the password on the server and not the actual password (just in case the server database is hacked). If the user loses there password, the server sends a link to the user’s email address that will reset the password and issue a temporary password.

The bottom line is you need a server to make sure you have secure access and to allow for new users. This also means a server database and special PHP code to handle the communications with your app. Trying to do everything in a local app is a major security risk.

-Tom
[import]uid: 7559 topic_id: 28394 reply_id: 114625[/import]

#3

Thanks Tom for the reply,

I understand the first step as to not the store the login info locally.

I’m just confused on how to do steps 2 and 3 because I am new to developing.

Could you please explain both steps 2 and 3 on how to do a MD5 and how to hash the passwords.

Also,if you could, what do you mean by a special PHP code to handle the communications with your app.

Sorry that I am new to the coding world. I just want to make it a lot easier for the students, parents, and teachers of my school to get access to all the school info, because I know that no one in my highschool has thought of this idea. So I brought it upon myself to develop this app for my school :slight_smile:

Thanks again for the reply!

~Landon [import]uid: 111492 topic_id: 28394 reply_id: 114627[/import]