But the primary goal of this tutorial is to help you build a _secure_ Flash & PHP login.
Ok, first let us take a look at the basic login that is done with actionscript alone.
I. The UNSECURE Flash log in.
As i said, this method should NOT be used if you really want to hide some part of your website - anyone could crack your password in no time with any decompiler program.
1. First, create a new movie and make two input textfields in the first frame - one for the username and another one for the password. Then click on the text field and give them instance names - "user" for the first one and "pass" for the second one:
2. Now, make a button with the following actionscript:
on (release, keyPress "
login(user, pass);
}
This will pass the variables "user" and "pass" from our text fields to the function login () that we will write in the next step.
3. Make a new layer for the actions and insert the login function in the first frame:
function login(user, pass) {
if (user == "flash" && pass == "vista") {
//login ok, update the status textfield and proceed to the secured area
status = "Welcome, "+user;
gotoAndStop(2);
} else {
// login failed, you might want to output some error messages here.
if (user != "flash") {
status = "Wrong username";
} else {
status = "Wrong password";
}
}
}
// Stop the movie here
stop();
4. Finally, add a second keyframe and put your top secret information there:
5. Now we are done with the basic Flash login, lets play around with it:
II. The real thing - a secure Flash MX login.
Now we are not going to check the username and password in the Flash movie - we will send these variables to a PHP script which will do that and return a response to Flash. We can use the movie we have just created, but with an another login function.
1. Lets rewrite our login function so it sends the variables to the script and then waits for an answer. If the PHP script returns "ok", the login was succesfull, otherwise there was an error. When Flash receives some data from the script, the function action () will be executed - this new function checks the response from the PHP script
function login(user, pass) {
//create a new LoadVars Object
myvars = new LoadVars();
//set variables in that objec
myvars.user = user;
myvars.pass = pass;
//When you receive data back, execute the function action ()
myvars.onLoad = action;
//Send the variables and wait for the response.
//The random fake variable is attached to prevent caching the response data
myvars.sendAndLoad("secure_login.php?random="+new Date().getTime(), myvars);
}
function action() {
//Check the response
if (myvars.response == "ok") {
//if the response was "ok", proceed to the secured area
status = "Welcome, "+user;
gotoAndStop(2);
} else {
// else show the error status
status = myvars.response;
}
}
// Stop the movie here
stop();
2. Ok, now we need a basic PHP script which will receive data from Flash, check if the username and password are correct and send a response back to Flash. The comments are explaining the script pretty well:
// SET THE CORRECT USERNAME AND PASSWORD
$correct_user = "flash";
$correct_pass = "vista";
// Checkif the username is correct
if ($user==$correct_user){
//IF the username is correct, check the password
if ($pass==$correct_pass){
//If the password is correct, return "ok"
$response="ok";
} else {
//Else the password is wrong
$response="Wrong password";
}
} else {
//If the username is wrong
$response="Wrong username";
}
//Return the response to Flash
print "&response=".$response."&";
With some basic PHP knowledge,you could extend the script and add more users with different usernames and passwords. Or you could store all users and passwords in a database and get them from there. But you´ve got the idea ...
3. The result seems to be the same as in the first example, but now we don't have any username or password information in our Flash Movie:
discuss this topic to forum
