Home :: Forums :: Development :: General development forum

ProjectPier Mobile App

By Rachel - Posted on April 2nd, 2012
Tagged:  

I am about 75% finished developing a native app (Android, easily portable to iOS as it's built with the PhoneGap framework) that integrates with any project pier installation.

The one area I am having trouble with is the Authetication portion. I know I must be overlooking it in the code, but how does ProjectPier autheticate against the Users table in the database? I assume "token" represents an ecrypted password value, so I would need to know what kind of encryption is used so I can validate the user-entered password value against the token value on the database.

I posted this question in the "How-To" forum, but didn't receive a response. I apologize if the answer is simple. I look forward to posting and sharing the mobile app code!

‹ How to: Thumbnails and Lightbox in messages and files plugin development ›
Hi, nice to hear you are
Submitted by phpfreak on Mon, 04/02/2012 - 20:41.

Hi, nice to hear you are working on a native App!!!

Authentication has been carved out lately to allow more types of authentication. See here for the builtin one:
https://github.com/phpfreak/Project-Pier/blob/master/environment/classes/authentication/Bu...

Check out this isValidPassword here:
https://github.com/phpfreak/Project-Pier/blob/master/application/models/users/User.class.php
Copied the code here:

    function isValidPassword($check_password) {
      if ($this->getUseLDAP()) {
        return $this->doLDAP($check_password);
      }
      return sha1($this->getSalt() . $check_password) == $this->getToken();
    } // isValidPassword

The generated token is a combination of a salt and the password to prevent equal passwords (for different users) to generate the same token. So, even if you get hold of the database, you cannot guess the passwords from comparing. The salt that was used during generation of the token is stored in the user table. Concatenating the original salt (coming from the db) and the password during password check and then applying sha1 function gives you the token to match with. If the token matches, it is a valid password.

Perfect, thank you for the
Submitted by Rachel on Wed, 04/04/2012 - 02:59.

Perfect, thank you for the info! I will work on the log-in functionality this weekend!

Screen shot of the work-in-progress projects overview page is attached (using phonegap, jquery mobile/ajax, and on the server side some php w/ json)

AttachmentSize
projectsScreenShotJPG.jpg 44.89 KB
whooowhooo! Kudos for you!
Submitted by jaime on Mon, 04/16/2012 - 23:10.

whooowhooo! Kudos for you! Greatcha! Congrats! the screenshot looks really cool!

Great job! When will it be
Submitted by petr7 on Tue, 05/08/2012 - 12:06.

Great job!
When will it be possible to download a mobile version?

That looks great Rachel! Can
Submitted by bradpitcher on Mon, 05/21/2012 - 00:14.

That looks great Rachel! Can we beta test it for you?

Rachel, Did you ever release
Submitted by yougotborked on Thu, 03/21/2013 - 18:10.

Rachel, Did you ever release this? I would enjoy using it for my installation.