Flash Vista - Home
Newest Cool Site
The Two Tales
Site info | Archive
Main Navigation
Home
New Links
Top Rated
Most Popular
Cool Sites
Search

Flash Tutorials
Flash Resources
Flash News
Flash Templates
Flash Intro Templates
Website Templates
Flash Games
Flash Books
FlashVista Polls
Sitemap


Random Link
Japanese
Toyota Wish
Site info | Get another
FlashVista
Login
Register
Subscribe

Add Link
Modify Link
Favorites
Suggest Category

Advertise with us
Support us
Credits / Thanks
Contact

Flash Templates:

More Templates ...

Mailing List
User

Password



Register
Forgot password?
Partner websites
iPhone cases and accessories
Free Seo Tools
Free Tutorials
Free Video Tutorials
Best Free Scripts
Wii Fit
Wii Fit News
Other Resources
Suggest
Suggest this site to a friend


Mailing List
Status: Not logged in

English English German French Spanish Italian Portuguese Russian Polish Finnish Dutch Swedish Thai Romanian Traditional Chinese Simplified Chinese
SearchNot logged in
Keyword: Search for: Advanced Search


Secure Flash MX login with PHP


NEW Flash Tutorials in Video Format - Powered by LearnFlash.com: 45 minutes of flash tutorials now available in streaming format or download. Topics Include flash for beginners, text effects, actionscripting, audio/video, flash 8 and more.


Download the source file for this tutorial Printer version



By Philipp Kostin
http://www.philarmon.com

I see many people in the newsgroups and on the forums asking about how to build a login in Flash. Actually, some kind of basic login could be made just by using actionscript in Flash, but anyone could crack your password within 3 minutes with one of the several SWF decompiling tools that are available. However, this is the easier way that not require any PHP knowledge and a host that allows PHP. It still can do the job if the information you want to secure is not really that secret, so we will take a look at it too.

But the primary goal of this tutorial is to help you build a _secure_ Flash & PHP login.

Ok, first let us take a look at the basic login that is done with actionscript alone.

I. The UNSECURE Flash log in.

As i said, this method should NOT be used if you really want to hide some part of your website - anyone could crack your password in no time with any decompiler program.

1. First, create a new movie and make two input textfields in the first frame - one for the username and another one for the password. Then click on the text field and give them instance names - "user" for the first one and "pass" for the second one:



2. Now, make a button with the following actionscript:

on (release, keyPress "") {
login(user, pass);
}


This will pass the variables "user" and "pass" from our text fields to the function login () that we will write in the next step.

3. Make a new layer for the actions and insert the login function in the first frame:

function login(user, pass) {
if (user == "flash" && pass == "vista") {
//login ok, update the status textfield and proceed to the secured area
status = "Welcome, "+user;
gotoAndStop(2);
} else {
// login failed, you might want to output some error messages here.
if (user != "flash") {
status = "Wrong username";
} else {
status = "Wrong password";
}
}
}
// Stop the movie here
stop();


4. Finally, add a second keyframe and put your top secret information there:



5. Now we are done with the basic Flash login, lets play around with it:




II. The real thing - a secure Flash MX login.

Now we are not going to check the username and password in the Flash movie - we will send these variables to a PHP script which will do that and return a response to Flash. We can use the movie we have just created, but with an another login function.

1. Lets rewrite our login function so it sends the variables to the script and then waits for an answer. If the PHP script returns "ok", the login was succesfull, otherwise there was an error. When Flash receives some data from the script, the function action () will be executed - this new function checks the response from the PHP script

function login(user, pass) {
//create a new LoadVars Object
myvars = new LoadVars();
//set variables in that objec
myvars.user = user;
myvars.pass = pass;
//When you receive data back, execute the function action ()
myvars.onLoad = action;
//Send the variables and wait for the response.
//The random fake variable is attached to prevent caching the response data
myvars.sendAndLoad("secure_login.php?random="+new Date().getTime(), myvars);
}
function action() {
//Check the response
if (myvars.response == "ok") {
//if the response was "ok", proceed to the secured area
status = "Welcome, "+user;
gotoAndStop(2);
} else {
// else show the error status
status = myvars.response;
}
}
// Stop the movie here
stop();



2. Ok, now we need a basic PHP script which will receive data from Flash, check if the username and password are correct and send a response back to Flash. The comments are explaining the script pretty well:

// SET THE CORRECT USERNAME AND PASSWORD
$correct_user = "flash";
$correct_pass = "vista";

// Checkif the username is correct
if ($user==$correct_user){
//IF the username is correct, check the password
if ($pass==$correct_pass){
//If the password is correct, return "ok"
$response="ok";
} else {
//Else the password is wrong
$response="Wrong password";
}
} else {
//If the username is wrong
$response="Wrong username";
}

//Return the response to Flash
print "&response=".$response."&";


With some basic PHP knowledge,you could extend the script and add more users with different usernames and passwords. Or you could store all users and passwords in a database and get them from there. But you´ve got the idea ...

3. The result seems to be the same as in the first example, but now we don't have any username or password information in our Flash Movie:




(Added: 02-12-2005, Hits: 0, Rating: 3.47, Votes: 80, Reviews: 12)
Add to Favorites Suggest to a Friend

Reviews: (10)

my button wont work! it says:
**Error** Scene=Scene 1, layer=Layer 1, frame=1:Line 1: Invalid key code
on (release, keyPress "") {

Total ActionScript Errors: 1 Reported Errors: 1

(Added: 01-28-2007 User: Guest)

when i just push "enter" it takes me to the next screen.
(Added: 11-15-2006 User: Guest)

Yeah, exactly. I thought that at first too about the damn play issue. But as long as you are viewing it on HTML and not through the Flash player, and disable the menu as stated I think you are good. Now even if you disable the menu, if you send someone the SWF file all they have to do is set the focus to an unspecified area on the stage and press enter! But I'm pretty sure that as long as it's HTML that won't happen... right? Can anyone confirm that?
(Added: 11-11-2006 User: Guest)

There's one other piece of the puzzle that this article doesn't address. Unless the connection is via https://, rather than via http:// (notice the "s" at the end - that stands for "secure"), anyone can intercept your user's login and password and read it.

This requires a combination of hardware and software, but it's not that hard to do, and there are plenty of people who are scanning Internet traffic to pick up stuff like this. Using https means that they see an encrypted packet, which is going to put a major crimp in any plans of looking at it.

Unfortunately, to get this security, your web server needs to be set up as https, which can be a bit of a pain.

(Added: 05-19-2006 User: Guest)

How do you stop people from looking at the php code?
(Added: 04-28-2006 User: Guest)

You can make this more secure and also with multiple users by using a mysql database and php. Cross-reference the mysql database with mysql_connect("myserver", "mysqlUserName","mysqlPassWord") or die(mysql_error());
mysql_select_db("yourdatabase") or die(mysql_error());

For more on this email me at geo_knight@hotmail.com

i don't know alot about flash but i know some php and am teaching myself how to use them together :)

(Added: 03-17-2006 User: Guest)

Nice tutorial bro, however how can I separate multiple users and passwords? Thanks..
(Added: 02-26-2006 User: Guest)

Well... If you do this in flash pro 8 and export this to flash8 document, you can't go forward...

Since I don't have that, but mx 2004, I just changed a few things wich won't allow you to go to the secured area...

(Added: 12-31-2005 User: Guest)

nothing is secure anymore!
(Added: 10-09-2005 User: Guest)

If they are persistent though, they can view the source of the webpage, copy the flash part while excluding the menu=false param and paste it into an html document, view it and then right-click + play.
(Added: 05-02-2005 User: Guest)


Add Review
Please note:
We review EVERY comment before it appears on the site, so please dont waste your time by posting spam links :)
No URLs allowed, no HTML please.

If you register or login first, your review will contain your nickname


Rate It



Excellent!
Very Good
Good
Fair
Poor