I see many people in the newsgroups and on the forums asking about how to build a login in Flash. Actually, some kind of basic login could be made just by using actionscript in Flash, but anyone could crack your password within 3 minutes with one of the several SWF decompiling tools that are available. However, this is the easier way that not require any PHP knowledge and a host that allows PHP. It still can do the job if the information you want to secure is not really that secret, so we will take a look at it too.
But the primary goal of this tutorial is to help you build a _secure_ Flash & PHP login.
Ok, first let us take a look at the basic login that is done with actionscript alone.
I. The UNSECURE Flash log in.
As i said, this method should NOT be used if you really want to hide some part of your website - anyone could crack your password in no time with any decompiler program.
1. First, create a new movie and make two input textfields in the first frame - one for the username and another one for the password. Then click on the text field and give them instance names - "user" for the first one and "pass" for the second one:
2. Now, make a button with the following actionscript:
on (release, keyPress "") {
login(user, pass);
}
This will pass the variables "user" and "pass" from our text fields to the function login () that we will write in the next step.
3. Make a new layer for the actions and insert the login function in the first frame:
function login(user, pass) {
if (user == "flash" && pass == "vista") {
//login ok, update the status textfield and proceed to the secured area
status = "Welcome, "+user;
gotoAndStop(2);
} else {
// login failed, you might want to output some error messages here.
if (user != "flash") {
status = "Wrong username";
} else {
status = "Wrong password";
}
}
}
// Stop the movie here
stop();
4. Finally, add a second keyframe and put your top secret information there:
5. Now we are done with the basic Flash login, lets play around with it:
II. The real thing - a secure Flash MX login.
Now we are not going to check the username and password in the Flash movie - we will send these variables to a PHP script which will do that and return a response to Flash. We can use the movie we have just created, but with an another login function.
1. Lets rewrite our login function so it sends the variables to the script and then waits for an answer. If the PHP script returns "ok", the login was succesfull, otherwise there was an error. When Flash receives some data from the script, the function action () will be executed - this new function checks the response from the PHP script
function login(user, pass) {
//create a new LoadVars Object
myvars = new LoadVars();
//set variables in that objec
myvars.user = user;
myvars.pass = pass;
//When you receive data back, execute the function action ()
myvars.onLoad = action;
//Send the variables and wait for the response.
//The random fake variable is attached to prevent caching the response data
myvars.sendAndLoad("secure_login.php?random="+new Date().getTime(), myvars);
}
function action() {
//Check the response
if (myvars.response == "ok") {
//if the response was "ok", proceed to the secured area
status = "Welcome, "+user;
gotoAndStop(2);
} else {
// else show the error status
status = myvars.response;
}
}
// Stop the movie here
stop();
2. Ok, now we need a basic PHP script which will receive data from Flash, check if the username and password are correct and send a response back to Flash. The comments are explaining the script pretty well:
// SET THE CORRECT USERNAME AND PASSWORD
$correct_user = "flash";
$correct_pass = "vista";
// Checkif the username is correct
if ($user==$correct_user){
//IF the username is correct, check the password
if ($pass==$correct_pass){
//If the password is correct, return "ok"
$response="ok";
} else {
//Else the password is wrong
$response="Wrong password";
}
} else {
//If the username is wrong
$response="Wrong username";
}
//Return the response to Flash
print "&response=".$response."&";
With some basic PHP knowledge,you could extend the script and add more users with different usernames and passwords. Or you could store all users and passwords in a database and get them from there. But you´ve got the idea ...
3. The result seems to be the same as in the first example, but now we don't have any username or password information in our Flash Movie:
when i just push "enter" it takes me to the next screen. (Added: 11-15-2006 User:
Guest)
Yeah, exactly. I thought that at first too about the damn play issue. But as long as you are viewing it on HTML and not through the Flash player, and disable the menu as stated I think you are good. Now even if you disable the menu, if you send someone the SWF file all they have to do is set the focus to an unspecified area on the stage and press enter! But I'm pretty sure that as long as it's HTML that won't happen... right? Can anyone confirm that? (Added: 11-11-2006 User:
Guest)
There's one other piece of the puzzle that this article doesn't address. Unless the connection is via https://, rather than via http:// (notice the "s" at the end - that stands for "secure"), anyone can intercept your user's login and password and read it.
This requires a combination of hardware and software, but it's not that hard to do, and there are plenty of people who are scanning Internet traffic to pick up stuff like this. Using https means that they see an encrypted packet, which is going to put a major crimp in any plans of looking at it.
Unfortunately, to get this security, your web server needs to be set up as https, which can be a bit of a pain. (Added: 05-19-2006 User:
Guest)
How do you stop people from looking at the php code? (Added: 04-28-2006 User:
Guest)
You can make this more secure and also with multiple users by using a mysql database and php. Cross-reference the mysql database with mysql_connect("myserver", "mysqlUserName","mysqlPassWord") or die(mysql_error());
mysql_select_db("yourdatabase") or die(mysql_error());
For more on this email me at geo_knight@hotmail.com
i don't know alot about flash but i know some php and am teaching myself how to use them together :) (Added: 03-17-2006 User:
Guest)
Nice tutorial bro, however how can I separate multiple users and passwords? Thanks.. (Added: 02-26-2006 User:
Guest)
Well... If you do this in flash pro 8 and export this to flash8 document, you can't go forward...
Since I don't have that, but mx 2004, I just changed a few things wich won't allow you to go to the secured area... (Added: 12-31-2005 User:
Guest)
nothing is secure anymore! (Added: 10-09-2005 User:
Guest)
If they are persistent though, they can view the source of the webpage, copy the flash part while excluding the menu=false param and paste it into an html document, view it and then right-click + play. (Added: 05-02-2005 User:
Guest)
Home >
Flash Tutorials >
Backend > Secure Flash MX login with PHP
Download the source file for this tutorial
Printer version
Add to Favorites
Suggest to a Friend