General login process, pretending that encryption isn't a thingYou have a cl

1. General login process, pretending that encryption isn't a thing
2.  
3. You have a client, a login server, and a database
4.  
5. Client sends username and hashed password to the login server
6. {
7. {
8. "username" : "huyngo1216"
9. "password" : "A63B8$ha8dh"
10. }
11.  
12. }
13. login server makes a request to the database to check for the username, and if that exists check if the password hashes match
14.  
15. SELECT * FROM accounts WHERE accounts.user = "huyngo1216" AND WHERE accounts.password = "A63B8$ha8dh";
16.  
17.  
18. the database will either return a record, or it won't. if it returns a record, the server sends back an "okay" and (for simplicity's sake) lets the user into the protected section of the app. Or it sends back a "not okay" and the user is redirected back to the login screen.
19.  
20. {
21. {
22. "success" : false
23. }
24. }