Skip to main content
C
CB3 TV
Participating Frequently
September 23, 2013
Question

AS3 PHP mysql login and session

  • September 23, 2013
  • 1 reply
  • 4572 views

Hi,

Im trying to create a simple login for my website www.canyon.tv . Im able to get the code to login to the mysql database in the php script, but when I try to redirect to another page on a successful load, the function does nothing.

My flash code looks like this:

import flash.events.*;

import flash.net.URLLoader;

import flash.net.URLRequest;

import flash.net.URLVariables;

import flash.net.URLRequestMethod;


logbtn.addEventListener(MouseEvent.CLICK, login)


function login($e:MouseEvent){


  var myVariables:URLVariables = new URLVariables();

  var myRequest:URLRequest = new URLRequest("login.php");

  myRequest.method = URLRequestMethod.POST;

  myRequest.data = myVariables;

  var myLoader:URLLoader = new URLLoader;

  myLoader.dataFormat = URLLoaderDataFormat.VARIABLES;

  myLoader.addEventListener(Event.COMPLETE, completeHandler);



  myVariables.user = loguser.text;

  myVariables.pass = logpass.text;

  myLoader.load(myRequest);

  getURL("http://www.canyon.tv/index.html");

  function completeHandler(event:Event):void{


    trace(event.target.data.user);

    trace(event.target.data.pass);

    trace(event.target.data.err);

    getURL(http://www.canyon.tv/error.html);

  }     


}

my php looks like this:

<?php

//Connect To Database

$hostname="hostname"

$username="username";
$password="password";
$dbname="dbname";
$tableName="users";
$yourfield = "your_field";

mysql_connect($hostname,$username, $password) or die ("<html><script language='JavaScript'>alert('Unable to connect to database! Please try again later.'),history.go(-1)</script></html>");
mysql_select_db($dbname);

foreach ($_POST as $key => $value) {

$$key = $value;

$$key = mysql_real_escape_string($$key);

}

$result = mysql_query("SELECT * FROM " .$tableName. " WHERE username = '" .$username. "' AND password = '" .$password. "'") or die(mysql_error()); 

$echoS = "false";

while($row = mysql_fetch_array($result)){

$echoS ="true";

}

echo "login=".$echoS;

mysql_close();

?>

Im still working on maintaining the session variables. Please can you help me see where I am going wrong?

Thanks in advance

Warren

This topic has been closed for replies.

1 reply

sinious
sinious
Legend
September 23, 2013

First, you really need to protect from injection so doing something like this is a really BAD idea:

$$somepostvar = value

I can then change the majority of the SQL just by supplying a post var named 'tablename' and read other tables at will. It's not enough to use the depreciated mysql_real_escape_string() function.

Aside that, all I see you printing is login=$echoS (true/false), but your AS3 seems to expect event.target.data to contain user/pass/err. If you want those you'll need to URLEncode that into what you print.

What are you seeing in your traces?

Lastly this is the ActionScript 3 forum so getURL doesn't exist, it's navigateToURL:

http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/package.html#navigateToURL()

e.g.

navigateToURL(new URLRequest('http://www.canyon.tv/index.html'));

C
CB3 TVAuthor
Participating Frequently
September 23, 2013

So I will remove this PHP code.

foreach ($_POST as $key => $value) {

$$key = $value;

$$key = mysql_real_escape_string($$key);

I understand the second $$key was posting the SQL string.

I found that my actionscript was not looking for a pass credentials and will work on anything that is entered. Will the removal of the $$key values impact my AS3 code?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices