Server-based login authentication in PhoneGap + Persistence best practices

[Nizar Ashkar]

Hi,

I am new into Phonegap/Cordova world and I am trying to implement a custom sign-up/in mechanism for my application.
(custom means not using 3rd party like facebook/google logins but having my own database).

I need examples & best practices for:

• How to implement server side and database that meet the basic security standards? 
• How to integrate it with the client side login/sign up pages?
  
• How to remain logged in and identify the current logged in user? (pass parameters from login page to other pages?)

Are there any Open Source samples/apps that may be helpful?

I was looking for user authentication samples, unfortunately I only found the following demo:
http://www.raymondcamden.com/index.cfm/2012/6/21/Update-to-my-ServerBased-Login-PhoneGap-Demo
which is a partial solution and doesn't look as an ultimate best practice solution.

Thanks

[Rachel Rinaldi]

Ray's example there is pretty useful as far as the flow of the logic. I would Google best php practices of adding users. Much of the security implementation will be on the database side of things. Best practices would be never storing the password of the user in the DB table itself and using some type of offered hashing algorithm to create a token from the password and a salt instead. You will get a LOT of hits googling PHP Hashing. The actual JavaScript side of things will be in your PhoneGap app and is pretty straight forward - post to a PHP page to compare user entries vs your user table in the DB. Use Ray's article as a guide, it is good.