1

I am developing a mobile web-app using jQuery and HTML5 which I am going to deploy onto iOS and android app stores using PhoneGap.

This app needs users to Login using a Moodle username and password, before it can let them use the app.

I have absolutely no idea how to do this.

So here's my question. How do I take a user's Username and password, send it to Moodle to authenticate and handle the response?

Suhaib Janjua
  • 3,538
  • 16
  • 59
  • 73
Jamie McAllister
  • 729
  • 2
  • 11
  • 33

1 Answers1

0

Hmm. Your question is a bit vague as there are a number of ways you can achieve this.

The most direct approach (in my personal opinion) would be to open an MySQLi connection from the app straight to the Moodle database.

Your pseudo-approach would look something like this:

  1. User opens app and is prompted to enter username and password
  2. App records username and password to temporary memory slot

  3. App creates a request to query the database. The query is something within the lines of:

    • Does the username exist? If yes, proceed, if no, terminate..
    • Does the username have a corresponding password? If yes, proceed, if no, terminate.
    • Does the password in the database match the password in the temporary memory slot? If yes, proceed, if no, terminate.
    • Authenticate.

Normally, this sort of querying would be done through a server-side lingo such as PHP or Python or whatever, but you can do it with jQuery. Have a look here for method.

You've got to bear in mind that this is not the most secure approach and would not be suitable if you're dealing with sensitive data. This is because the credentials of the db account would have to be stored somewhere in the app, so hypothetically speaking, someone could reverse engineer it to read the credentials.

The data you're checking against is typically held in the mdl_user table. The columns you're looking for are username (varchar(100)) and password (varchar(32)). The passwords are MD5-encrypted.

Tldr: Use jQuery to run MySQL queries against Moodle's database.

Community
  • 1
  • 1
Tim
  • 797
  • 2
  • 10
  • 22
  • will have to run this by my manager before i can try it. I doubt she'll go for it if it isn't secure, do you know of a more secure method? – Jamie McAllister Apr 23 '15 at 08:38
  • Hmm. I'm not an app developer so I'm probably not the best person to ask, but I would assume that it would be safer if you had both the app and Moodle authenticate through a standalone directory (E.g. LDAP) rather than allowing the app access into your Moodle Database directly. HTH :) – Tim Apr 24 '15 at 09:46
  • You can also write a backend module with some secure auth of your choice, that queries the info from the moodle database and delivers to your app – ezabaw Dec 17 '15 at 19:42