I just finished reading the thread posted by Freddythunder on his login and password script. I've had the same problem dealing with sending the user to a certain frame if after reading my php script, CheckLog=1. I tried using the ideas in that thread but I'm still having problems. Can anyone help, its driving me crazy!! Here is what I have:


frame 2

//Load the php file
loadVariables("checkCreated.php", this, "POST");


frame 3

if (CheckLog == "1") {
gotoAndPlay (7);
} else {
gotoAndPlay (5);
}



PHP


print "retVal=Login Complete&CheckLog=1";

loadVariables shouldn't really be used for an login system, use LoadVars....try this:

sendlv = new LoadVars();
loadlv = new LoadVars();
loadlv.onLoad = function(success) {
if(success) {
if (this.CheckLog === "1") {
gotoAndPlay (7);
} else {
gotoAndPlay (5);
}
} else trace("cannot load script")
}
sendlv.sendAndLoad("checkCreated.php", loadlv, "POST"); let me know how that goes :)

ok.

I've tried just about everything possible with my tiny skills and I've got the following problem.

I have my login page in a holder movieclip. In other words, it's an external swf which is loaded inside the mainmovie. Sort of a pop up, you might say.

So, I think my login thingy, based on Freddythunder's tut would work just fine, except I can't get the checklog -variable into Flash, or at least into the correct timeline and I don't know which timeline that would be, since _root doesn't work and this.myClip doesn't work and _parent doesn't work.



Anyone with an idea?

I'm so tired, tired of waiting, tired of waiting for youuuu-u-uuh :D

no, not for real, but seriously, does anyone have an idea on this:

I get variables from php into Flash and am able to use the to guide and command my Flash movie. I also get variable from Flash to php and they work like a charm, but...

I can not get my variables from php, into a loaded external movieclip inside a flashmovie. Why might that be?

I've tried every possible way I can imagine, do you know any ways to do this?

Please post and we'll talk, ok?

how are you loading the external swf?

in the simple way, via "loadMovie".

As I said, I tested the thingy on it's own and it worked fine. When I load it into my main movie, it doesn't work fine.

Got an idea, Ahmed?

hmm.. i'll be back with results shortly, im sure it can be done somehow :)

hmmm.. it works just fine for me, although i used my own methods.. check it out here

http://24.141.60.208//eg/

http://24.141.60.208/eg.zip << source files

hope this kinda helps :)

hmm. does it work just like that with MySQL? I'm sort of a noob, so...

Well I think it should work, it's propably just in teh way we pass the variables on.

I'll try it again and get back 2 u.

Thank for your help Friend:)

pulling the username/psw from a database or a textfile shouldn't make any difference :)

Whoa!! I'm sorry, I didn't know about this thread!!

First, tripwire (and Ahmed) Make sure your case-sensitivity is correct between the php and Flash movie - that caused me hours of frustration - I just use all lowercase now.

Ahmed - I asked you in another thread what the difference is between using LoadVars and loadVariablesNum and you said 'preference', I don't want to be telling people the wrong thing!!!

And Villek - I actually wrote that entire thing for a movie in a holder clip called 'container'..I actually put it in use tonight. My lines of code in the PHP script are:


if ($num == 1){
print "_root.container.status=You're in&checklog=1";
} else {
print "_root.container.status=Sorry, but your user name and password did not match a user name/password combination in our database. Usernames and passwords are entered in from a different file. Thank you for visiting test login script!!&checklog=2";
}
}
?>

...and it works like a charm.

I hope that helps..Let us know if it doesn't!!

Also - tripwire - I also put that if statement in a repeating function because it may take up to a couple seconds to get your responce from the server. Like:


this.onEnterFrame = function() {
if (CheckLog == "1") {
gotoAndPlay (7);
} else {
gotoAndPlay (5);
}
};

Ahmed's does the same thing, just in a different way. I will have to say, he is better than me with serverside stuff I've noticed!!

Originally posted by Freddythunder
Ahmed - I asked you in another thread what the difference is between using LoadVars and loadVariablesNum and you said 'preference', I don't want to be telling people the wrong thing!!!lol sorry, my bad :)

Although it still is a preference, LoadVars is more functional since it has the onLoad event. If you're loading large chunks of text into flash using loadVariablesNum and try to execute a function on it, big chance it won't work.. look at this:
echo 'myVar=some big value'and then
loadVariablesNum("myscript.php", this)
trace(myVar)Big change the script about would trace undefined, because the myVar might have not been fully loaded. with the LoadVars object, you would use the onLoad event, which ensures that trace is executed only once the text is fully loaded from the php script:
lv = new LoadVars()
lv.onLoad = function(success) {
if(success) {
trace(this.myVar)
}
}
lv.load("myscript.php")LoadVars also loads the variable onto an object and not the timeline, that may or may not be an advantage. Another little thing is, you can use getBytesLoad() and getBytesTotal() with LoadVars, which you also could need when loading large chunks of data. You can also load data with no variables, try this:
echo 'this data is not contained within a variable';and in flash:
lv = new LoadVars()
lv.onLoad = function() {
trace(unescape(this))
}
lv.load("myscript.php");this would trace 'this data is not contained within a variable' (duh!)

If you want to learn more about LoadVars.send() and sendAndLoad(), check out jubba's thread on sending variable to php, there's an explaination on that =)

To sum it up, the LoadVars object is very similar to the XML object, only thing is it loads text as opposted to xml documents :)

hope that helps! :)

wow ya learn something every day. I didn't know you could load in data with no assigned variable... ;)

Me nither!! That's good to know about that difference because if I were to make a guestbook in Flash, I shouldn't (maybe cant) use loadVariablesNum, but I should use LoadVars, then I could put a load bar on it as well - that's pretty cool.

I actually, in my hell of trying to get that login thing to work before, tried LoadVars, but needed the variable on the timeline like it is now. I think it'll be okay because the amount of information is small in that tut.

I've got a question for you guys. I had a problem with that tutorial that you could right click the movie, get the menu then just forward your way through the login system. So in the tutorial, I told whoever to disable the menu. However, this little game on my footer uses PHP to save the high score and name to a text file (thank you Jubba, you tought me how to do that - even though you don't know you did!!:P). Anyhow, it had the same problem - so I put in a blank frame with a movieClip on it that says:


on(load){
gotoAndStop(1);
}

That way if someone does forward, it'll just shoot them back to the first frame. Whew...Now, my question. How do I add what I just said to my tutorial like in one of those yellow 'notes' boxes? Should I just put one together and mail it to Kirupa? Or should I just email Kirupa about it?

Lemme know - thanks again guys!!

if you have this line on your first frame:
Stage.showMenu = 0 the menu won't actually show up :)

Man, thank you Ahmed and everyone else too!!!

It seems that this thread got to be a nice source for some new info for many of us. Nice!!

I finally got that login thing working:)

I used Ahmed's code in the Flash part and a MySQL db to store the usernames and passwords and it works fine via external mc's.

The redirection parts work fine also and it works if the browser window is updated and what not etc.

Right now I'm pondering on the log out -issue. Can it work just so that I've got a log out button which tells my movie to go to it's state before anyone logged in and tells the variable checklog that it's value is now 0?

How would I do that?

I know it's supposed to be required in FreddyThunders tutorials "back" -button, but I'm not quite sure my login -movie even requires that. It seems to work fine even if I don't tell "checklog=0" in the back button.

Thank again guys, it sure is nice to get stuff working once in a while:)

I didn't read freddythunder's tutorial (only skimmed through it), and i dont have enough time to read it all, but do you set any cookies or sharedobjects? :)

Me!? Setting cookies!? Setting shared objects!?

Man, I'm a noobie! :)

Seriously though, no. I'm not settin' nuthin'. I've not yet come to grasp the whole idea with using Flash with server side -coding. I just don't understand it good enough when it comes to setting something from for example php and then fiddling at´around with that in flash.


In FreddyThunders tut there was an option if someone missspelled their pass or username.

Flash went to a spot with an errortext and a "back" -button.

Freddy's tut adviced to make the checklog variable null when hitting the "back" -button ->

on(release) {

checklog=0;
this.gotoAndStop(1);

}

---

I thought that I'd use sessions to build the light CMS that I'm trying to build in Flash, but I'm up tp my ears in other work also so...

Btw, could you direct in the right place of knowledge when it comes to CMS and Flash. I mean administrating text, news (posting news, modifying old news, deleting news etc.) adding images etc. etc.

I've got some experiments of my own going, but they seem rather foolishly done so...

My tutrial was just a base auth system just for the use of learning to get PHP and Flash to talk and save data in MySQL. There's no cookies or anything saved - however, if you stay in that same movie, checklog will always be '1' after authentication so you could use that in other parts of your movie...that is until you don't want them to. You could have a button that says logout that works just like the back button in the tutorial.

The best way to do sessions, I think, is with cookies because if you refresh the page or leave and comeback right away, you'll still be logged in....However, thinking about it, I don't really know of another way to do it.

I'm glad you got your login thing to work, Villek!!

Yeah, thanks to you, for making the tutorial, FT!!!

Umm, I don't know if I'm on the right track here, but I think I'm not talking about cookies, but session variable which are stored in the code and checked on every pageload, if you work with non-Flash stuff.

Cookies are stored in the browsers cache, right?

Pls pls, sorrect me if I understood it alla wrong :-\

Now that we got started on this, could someone give a nutshell pack of info on sessions and cookies and the differences between them and using either in Flash?

Or maybe give out a link guiding to that info? I know these questions propably shouldn't be here, but it's reeeeeaally frustrating to search half the web, when people know where GOOD stuff lies.

Thanks and cheers!

Like I said, I've never worked with it before, but I know the terms, you are absolutely correct about session vars vs cookies. You can, in my understanding, do sessions with both. I have a link at home that uses PHP and cookies for a login script in HTML. That's where I got the idea - I think. I know that with PHP you can set a cookie, check to see if it's there, and have it destroy itself later. If the cookie's gone, you're logged out - I think...I'm gonna have to post that link for you because I haven't gone that far with login systems - this simple one fit my purpose well.

And I'm glad my tutorial helped someone!! :P

And I'm also glad your tutorial was a great help:)

I'm iving under the impression that session variables are more hardcore than cookies and that's why I've formed a better opinion of them.

Besides, the whole session variable using thing doesn't seem too complicated, at least when working with other than Flash -projects, since you can just simply check the session in the beginning of each pages code and destroy when it's necessary. And it should be rather safe, securitywise.

I've been pondering on that today, but I haven't quite figured out how to use sessions with Flash, I don't think that it should be too hard and I'll make experiments as soon as I have a little spare time.

It's always a pleasure talking to kollagues and friends who are as excited about this world as you are yourself, so thank for this too.

Sunny times:cowboy:

--- EDIT MONSTER ---

I JUST POSTED THIS AND YOU POSTED THAT ONE BELOW AT THE SAME TIME:)

are you planning to use php sessions in flash?

hm.. i don't see why and how would php's sessions be used within Flash, am i missing something??


From what I understand, sessions are like a way to 'memorize' variables and share the variables between a bunch of pages.

In flash, though, you're always within a single movie, and therefore you can access variables from anywhere/any frame in the movie, so i don't really see why would you use a session... once again, am i missing the point here? :)

No I believe that I might be missing the point. You see, I'm not that familiar with programming. As I explained earlier I haven't wuite grasped the essence of server-side Flash yet and earlier I was thinking about the very thing you said about sessions right now.

But if variables are stored, they can be stolen and someone complained to me about Flashes security risks and I thought that well, if you store the variable with sessions and fetch them to Flash, then it might be more secure?

That's just my own thinking and trying to get a grasp on things. But it's a good point and I think that some hardass codemonkey is laughing his head off somewhere, but who goves a fuffaraa:)

sometimes, if you're sending the session is through the url (as in http://thing.com/index.php?mysessionid=007 ), the session ID can be stolen, and you want to avoid that.. but then again, if you're using Flash, you really will not need to use sessions.. i suggest you do some more reading on sessions over at php.net :)

It's kind of like the checklog variable in that tutorial. It will stay '1' after someone logs in until you tell it not to (with the back button). Therefore, you can have buttons to navagate throughout a Flash movie without the user having to log in again.

I'm still working on that link!!

Yaa, I got the point and I know it's rather hard to steal the variables from Flash.

Still someone told me and I read somewhere that you could use a link (the method is called pasting or something in hacker jargon) like:

http://www.myflashpage.htm?dada.swf=blabla

or something like that.

Dunno for sure if somthing like that could be done and at least for my brain it is impossible to grasp how I could steal someones stuff like that, but I thought that I'd get a conversation going here.

For me Flash is secure enuogh and with AS obscuring with an external app gives even more security since the possible hacker can't translate my AS hence never finding out which php codes are doing the work for me.

It's an interesting subject though.

--- EDIT MONSTER ---

And FreddyThunder, correct me if I'm wrong...

I can use the checklog variable in my external swfs that contain possibilities to edit the content on my Flash page, right.

If I for instance place an "Add news item" -button in an external swf, which is loaded into the same mainframe that my external login.swf was loaded in, I can make for example an if - else stament in the button, right?

Like this:




button.onRelease = function() {

if (checklog=1) {

Add news item codes

} else {

Tell the son of a gun to get outta my nose

};

Yeah, you could do that. - but if it's an external swf loaded in, you may need to put _root.checklog to check for the variable on the main timeline.

As for the hacking thing: As far as I know (not too much of a hacker), you can get swf decompilers that will rip open a swf file and expose the actionScript inside. Filenames are real easy to find if you don't have an index.html file on the root of a folder or your server directories are turned on. For instance, if you had a bunch of pics in this folder:
www.villek.com/project/pics/
you could put that in a browser and get a directory of all the files in that folder. You can shut that off with your .htacess file.

Like I said to someone before when they said that my tutorial wasn't a sucure login system, I quoted the first paragraph where it said it wasn't secure and noted this:

Just because you have a car alarm doesn't mean your car can't be stolen..
When it comes to security; if you need something secure, spend the time and money to make it SSL. Otherwise, know that it will be vulnerable. My client that uses this login system, I know, won't have any visitors willing to take the time to break in to see their price lists.

I promise, I'm still working on that link for you. I've been working like mad over the past two days...matter of fact, I'm still at work!! This sucks!! It'll be soon, I promise!!

Yeah, I know all that about .htaccess and swf decompilers.

Did you know that you can mess up a decompiler by using a freeware which messes up the AS and breaks down the decompiler? That's what I was talking about earlier.

I'll look the link up for you, I think I saw it somewhere in Kirupa. Not sure, but I think so.

Get back to you soon.

--- EDIT MONSTER ---

ok, finally found the link:

http://www.genable.com/aso/

It's an AS obfuscator program. Freeware and it promises to make life a bit more hard for the hacker.

One method to make your online content to only work on your own server would be to make an if - else statement which uses url checking and only allows stuff to happen if the base url (www.myserver.com) is true.

ASO does almost nothing, I've written a review on ASV (http://24.141.60.208/asv.htm) (an swf decompiler) and part of it was a test against ASO (see Case Study 1).. The obfuscated code was very readable/usable :)

As far as hacking the swfs and all that, you might find this article interesting:

http://eyeonsecurity.org/papers/flash-xss.htm

The security hole that article is about should be fixed if you have the latest flash player =)

The way I see it, if someone wants your code badly enough to download your SWF and buy a SWF decompiler, then they are a sad, lonely, empty shell of a human being and you should let them have that code just to brighten their day. You know its yours and you shouldn't be putting sensitive data in a SWF anyway. ;)

its not worth the hassle because no matter what you do they can get your stuff.

Yeah, that's true:)

And besides, shouldn't it be pretty safe to have for instance a login system that uses for example MySQL and PHP?

Agan, if someone goes through all the trouble, then the next step in protection should be ssl or something, right?

if all the authentication is done on the server-side, even if all the actionscript is revealed to the hacker, it still wouldn't really help him hack the movie.. also, use encrypted password, it's much more secure :)

That about covers everything I was going to say...(-: