how to build a solid secured Area with jQuery Mobile?

Question

I was trying to build a secured area where the user has to log in through a login form. Nothing special here and I used what I always did : - a login - a success page I am using AJAX in order to validate the form

I though it would be more secured to have this into two distinct php pages so a user cannot hack in any way the DOM and go to the pageid of the success page -- since all the pages are supposed to be in the same file.

But I red this post : https://stackoverflow.com/a/15806954/1083453

and I don't know if it is finally possible to do what I am trying to do.

So my question is: How do I build a solid and secured login system with jQuery Mobile to work on any platform (W7/iOS/Android/Blackberry 10)

Thank you

EDIT:

For now I'm doing:

function verifyLogin(){        
        var email=document.getElementById("loginUserField").value;
        var pwd=document.getElementById("loginPwdField").value;  

          $.ajax({
                type : 'POST',           
                url : server_url + 'application/login', // Servlet URL           
                data:{
                    'email':email,
                    'pwd':pwd
                },
                success : function(data) {        
                    if(data.logged_in){                     
                        alert("Login Success!!");
                        window.navigate("home.php");

                    } else {
                        alert("Invalid Login!!");
                            console.log( data );
                        if( data.errors ) {
                            //define
                            var error = {};
                            error.alert = data.errors;

                            //Append
                            var template = Handlebars.compile( $('#alertTemplate').html() );
                            $('#errors').empty().append( template(error) );

                            //Erase
                            error = {};
                        }
                    }
                },
                error : function(xhr, type) { 
                    alert('server error occurred');
                } 
          });    
    }

(the windows navigate doesn't work ..) but anyway, is it the right way to do it? this is a separated login.php form that let you access the ocntent of the app (let's say home.php)

I suggest you create pages dynamically and disable hash change in url. — Omar, Aug 22 '13 at 11:39
thanks, so how would I go from my longin.php to succes_page.php ? — Miles M., Aug 22 '13 at 12:03

score 1 · Accepted Answer · answered Aug 22 '13 at 11:56

1

Well you could build your app upon a PHP framework. I did a similar project for my B.ch degree and I simply added jquery mobile as an UI template. In this way you already have the framworks login system and you use jQuery Mobile as a front end template.

answered Aug 22 '13 at 11:56

Andrei CACIO

2,101
15
28

I'm using CodeIgniter with Doctrine on the server, but what if the user try to access a .php file directly from within the app ? then I have no way to controle that. – Miles M. Aug 22 '13 at 12:02
1

If it helps, You could check this out http://stackoverflow.com/questions/409496/prevent-direct-access-to-a-php-include-file – Andrei CACIO Aug 22 '13 at 12:08
Just a note for CodeIgniter Users: $this->input->is_ajax_request() – jjwdesign Feb 01 '16 at 14:12

how to build a solid secured Area with jQuery Mobile?

1 Answers1