iOS开发查看用户是否已登录以及其他用户登录问题

Question

I am working on my first app so I am not so experienced with this stuff yet. I have figured out how to send a POST request url to a php page and process the php to register a new user in the mySQL database or log in to the app by connecting to the database to see if the user exists.

First off, does that seem correct? To just send the request to register a user with text field variables and to log in by checking if the text field information exists in the database or should I be implementing some other ways to do this?

Second, What should I be doing once the user enters in his credentials in order to tell the app that the user is logged in so that if the app closes down and the user goes back to the app, it will automatically log the user back in.

That being said, the way this app is going to work (as of now) is the user will log into the app, and the log in view will go to a different view but then the user can log out and it will go back to the log in view. Once I can tell the app that the user is logged in, I should be able to tell the app that the user isn't logged in anymore.

Answer 1

How you implement your database security is up to you. I would recommend you route your authorization/updates/gets/posts to an API so you don't need a PHP "middle man" (unless the PHP is your API) and you can send requests directly to the API layer and handle the rest on the server.

As for the plain text part, it is a common security practice to encrypt passwords on the database. On the client side, I'd suggest using the Apple Keychain to store the username/password for future use. In iOS, this can be easily implemented using this Keychain Wrapper if you're using ARC or this one if you aren't.