Mailing List
Home
Flash Pro
Extending Flash
Flash Macromedia Developer
Subjects
Firework Effect
setInterval bug identified and fixed
setInterval bug identified and fixed
ScrollPane component doesn 't auto update
Help: MX 2004 How to script a print button to print the entire sli
Event Dispatcher between classes
memory management removeMovieClip /
MX2004 Dataset itemClassName
Order of events per frame
XML to Object help
Textfield prototype question
Flash and QuickTime VR
Reading and displaying RSS feeds in Flash MX
Flash MX 2004 Sucks
AW: [Flashcoders] Switch/Case vs If/else
AW: [Flashcoders] Switch/Case vs If/else
Flash Interface with 10mb xml file
Web Service Results
Listener Object 's best practice
 
Search:  
Power your search with and, or, +, -, or "some phrase" operators.
Flash authentication without database

Flash authentication without database

2004-02-22       - By Dominico Savio

 Back
Reply:     1     2     3     4     5     6     7     8     9     10     >>  

after Jim 's email, I did it this way.

1. place a text file, containing passwork, username, expiration date outsite
the root folder
2. using Flash interface sending username & password (which user enters) to
php script.
3. PHP read the text file, and check for username & password, then send back
the info to Flash

and this is my PHP script:

<?php
   // Read in the data that Flash sent over.
   $username = $_POST[ 'varU '];
   $password = $_POST[ 'varP '];
   $today =    strtotime(date( 'Y-m-d ' ));

   $filename = "../user.txt ";
   $fp = fopen($filename, "r ");
   $file_contents = fread($fp, filesize($filename));
   fclose($fp);

   $line = explode( "\n ", $file_contents);
   $i = 0;
   while($i <= sizeof($line)) {
      $data_pair = explode( ": ", $line[$i]);
      // try to find a match, assign value of 1 to $auth and break out of the
loop
      if (($data_pair[0] == "$username ") && ($data_pair[1] == "$password ") &&
($today < strtotime($data_pair[2]))) {
         $auth = 1;
         $url = $data_pair[3];
         break;
      } else {
         $auth = 0;
      }
      $i++;
   }
   if ($auth == "1 ") {
      echo "authorized=true&url= ".$url. "&check=done ";
      exit;
   } else {
      echo "authorized=false&check=done ";
      exit;
   }
? >

Is this way secure enough? Is there any security hole?

PS: thank you Jim for the code.

-- --Original Message-- --
From: martin weiser [mailto:weiser.m@(protected)]
Sent: Sunday, February 22, 2004 4:24 AM
To: flashcoders@(protected)
Subject: Re: [Flashcoders] Flash authentication without database


hmm, and how to compare crypted pass, with input pass ?

when .htaccess can handle crypted password by sevreal algorythms, even their
combinations (crypt() + md5 + base64encode())

martin


-- -- Original Message -- --
From: "Jim Cheng " <jim@(protected) >
To: <flashcoders@(protected) >
Sent: Sunday, February 22, 2004 3:42 AM
Subject: Re: [Flashcoders] Flash authentication without database


> Dominico Savio wrote:
>
> > Is there a way to build a Flash authentication without using a
database???
>
> Certainly! The entire reason for the existence of databases
> is for quick access to very large numbers of records. If
> you don 't need to authenticate too many users against their
> passwords (perhaps under a thousand unique users), you can
> just use a plain text file to store their names and passwords
>
> The Unix passwd system and many web servers do just this for
> their built-in access control. You 'd then only need some
> server-side script that 'll communicate with Flash, scan the
> file and authenticate their password against what 's listed
> for that user in the file (typically a hash for security
> reasons).
>
> If you 're using Apache, you even do this with just .htaccess
> and .htpasswd files in a local directory without having to
> go through scripting to limit user access to certain files.
>
> Jim
>
> =-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
> Supported by Fig Leaf Software
> =-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
> Be sure to check the archives and the wiki:
> http://chattyfig.figleaf.com/
> =-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
> http://chattyfig.figleaf.com/cgi-bin/ezmlm-cgi?1:mss:104910
> =-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
> To unsubscribe send a blank e-mail to:
> Normal Mode: flashcoders-unsubscribe@(protected)
> Digest Mode: flashcoders-digest-unsubscrive@(protected)
>
>
>
> __ ____ __ Informacia od NOD32 1.561 (20031121) __ ____ __
>
> Tato sprava bola preverena antivirusovym systemom NOD32.
> http://www.eset.sk
>
>


=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Supported by Fig Leaf Software
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Be sure to check the archives and the wiki:
http://chattyfig.figleaf.com/
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
http://chattyfig.figleaf.com/cgi-bin/ezmlm-cgi?1:mss:104919
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
To unsubscribe send a blank e-mail to:
Normal Mode: flashcoders-unsubscribe@(protected)
Digest Mode: flashcoders-digest-unsubscrive@(protected)


=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Supported by Fig Leaf Software
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Be sure to check the archives and the wiki:
http://chattyfig.figleaf.com/
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
http://chattyfig.figleaf.com/cgi-bin/ezmlm-cgi?1:mss:104924
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
To unsubscribe send a blank e-mail to:
Normal Mode: flashcoders-unsubscribe@(protected)
Digest Mode: flashcoders-digest-unsubscrive@(protected)