>> How to create an user account with login etc.

[Soniccc]

Now I want to create an login kind of section on the corner of my website where people will type in there user name and password and then it comes up saying that they are logged in and there name stays at the top all at all times whilst surfing the website untill obvisouly they log out.

No I know that you need some sort of a database whcih holds all the user names and passwords (accouts) I hold all this information a php forum. So in therory i need flash to collect that database and find the user names and password so when someone types in i.e. USER NAME: freddy PASSWORD: bloggy | flash will find that account of the php forum board and then hopefully log in saying on the flash movie that they have just loged in etc.

If this is easier to do in a HTML based website (like dreamweaver) then please say so, but you can explain how to do it or direct me to a clear tutorial whcih shows me how.

Please also state if the above can be done?

Thanks
from Soniccc

[Maestro_cK]

Use ordinary php. But on client will be Flash instead of HTML.
So You have to create form in flash. Like this:
create 2 input text fields NAME (input text, var name "name" ) and PASSWORD (input text, type set to password, var name "pass").
And create one button , for submit form "submit". ()

Now add actions for this button

Code:

 
on (release) {
	name = _root.name;
	pass = _root.pass;
	loadVariables("http://www.MyDomain.com/login.php", "", "POST"); // send data
	loadVariables("http://www.MyDomain.com/login.php", _root.stat); // if attepmt is successful then set field to "logged" else to "notlogged"
}

PHP code:

Code:

<?
 $name = $_POST["name"];
 $pass = $_POST["pass"];
 if ( $name == "maestro" && $pass =="123" ) {
  echo "stat=logged";
 } else{
  echo "stat=notlogged";
 }

?>

See attached file.

[Maestro_cK]

PHP code:

Code:

 $name = $_POST["name"];
 $pass = $_POST["pass"];
 if ( $name == "maestro" && $pass =="123" ) {
  echo "stat=logged";
 } else{
  echo "stat=notlogged";
 }

[Wee-man]

How php code should look like for more than one user.

[Maestro_cK]

It depends where do You want to store You user's profiles: login and password. For example in PHP code, in formatted text file, or use Data base (MySQl, etc.)

[Wee-man]

I want to store them in a PHP code.

[Maestro_cK]

Something like this:

Code:

 $name = $_POST["name"];
 $pass = $_POST["pass"];
 if ( $name == "maestro" && $pass =="123" ) {
  echo "stat=maestrologged";
 }else{
   if ( $name == "Wee-man" && $pass =="321" )
   {echo "stat=Weemanlogged";} 
 }else{
  echo "stat=notlogged";
}

By the way, It's not a good idea to store them in PHP.

[TRJNET]

Originally posted by Maestro_cK
It depends where do You want to store You user's profiles: login and password. For example in PHP code, in form wayatted text file, or use Data base (MySQl, etc.)

What about for text files, and would it be in general, be as secure as for say the php way ? Or is there no difference, i guess so long as a hacker found the txt file, that would be the only way, as with the php, correct ?

[Maestro_cK]

Rather security.
You should configure .htaccess (Apache) file to set permissions allow PHP to read file and not allowed for external access.

[gyrocf17]

maestro
1- how in the login site would you check if the username and password exists on a mySQL database
2- do you have to encrypt the password somehow?

[Maestro_cK]

1/

How? Using php script, checking if appropriate record exits.

2/
As I know You can encrypt password using standard features of MySQL.
But I don't see reason to use it, cause no one can view password until get access to database. If You would like You can encrypt.

[k/smaert]

you can encrypt your password in flash in several ways. one way is the md5-algorithm for encryption in flash..see attached file
also you can check http://pajhome.org.uk/crypt/md5/md5src.html for more information..

also please don't store unencrypted passwords in file on the server.
you never know what might show up in google:
http://johnny.ihackstuff.com/index.php

[gyrocf17]

Maestro
-what is the code i would need in php that checks if the record exists?

k/smaert
-that md5 file is rather confusing... if you store the pass in flash as a variable "pass" how do you encrypt in MD5 when it sends to the database... and how do you decrypt in php or flash when you are checking if password is correct?

sorry guys i'm a designer-turning designer-coder
please understand =P

[gyrocf17]

k/smaert
couldn't i just type

PHP Code:

$mdpass= md5($pass); 


to encrypt the password in php and send it to the database like that?

[k/smaert]

sure you can do it with php too. i was just pointing out a way to do it within flash.

use this code to get encrypted password:

newpass = calcMD5(oldpass);

you would also have to do a:

#include "md5.as"

in the movie where you want to encryption

how do you decrypt in php or flash when you are checking if password is correct?

you dont' decrypt md5, the function is used to encrypt and can be used to check if two strings or documents are the same.

[gyrocf17]

alrite thanks- that solved the password sending and recieving problem... i still can't verify if something exists on the database with PHP... i've been trying the SELECT * FROM $table WHERE $name = name AND $pass = pass
but I have no idea exactly how this works
i've read a whole bunch of tutorials but still can't find out how to check to see if a variable exists on a database table
help?

[Maestro_cK]

Something like this:

Code:

<?
$host = "localhost";    // MySQL server 
$user_db = "root";        // MySQL user
$pass_db = "";            // MySQL password 
$dbase = "base1";        // MySQL base 
$dtable = "userstb";        // MySQL table

$userlogin =$_POST["login"];
$userpass =$_POST["password"];


mysql_connect ($host, $user_db, $pass_db); 
mysql_select_db($dbase); 

$sql="SELECT pass_id FROM $dtable WHERE user_id=$userlogin";

$result = mysql_query($sql); 

$rows = mysql_num_rows($result); 

if ((!$rows) || ($rows < 1)) {echo "There is no such user please register";
} 
else { 
 list($pass_id) = mysql_fetch_row($result);

 if ( $pass_id eq $userpass ){
   echo "Welcome! "
 } else{
  echo "Wrong Password or User Name"
 }
}



?>

[Maestro_cK]

Code:

$host = "localhost";    // MySQL server 
$user_db = "root";        // MySQL user
$pass_db = "";            // MySQL password 
$dbase = "base1";        // MySQL base 
$dtable = "userstb";        // MySQL table

$userlogin =$_POST["login"];
$userpass =$_POST["password"];


mysql_connect ($host, $user_db, $pass_db); 
mysql_select_db($dbase); 

$sql="SELECT pass_id FROM $dtable WHERE user_id=$userlogin";

$result = mysql_query($sql); 

$rows = mysql_num_rows($result); 

if ((!$rows) || ($rows < 1)) {echo "There is no such user please register";
} 
else { 
 list($pass_id) = mysql_fetch_row($result);

 if ( $pass_id eq $userpass ){
   echo "Welcome! "
 } else{
  echo "Wrong Password or User Name"
 }
}

[gyrocf17]

I tried to run that and it didn't work
it gave me a

Parse error: parse error in c:\phpdev\www\testing\test.php on line 27

[Maestro_cK]

Code:

host = "localhost";    // MySQL server 
$user_db = "root";        // MySQL user
$pass_db = "";            // MySQL password 
$dbase = "base1";        // MySQL base 
$dtable = "userstb";        // MySQL table

$userlogin =$_POST["login"];
$userpass =$_POST["password"];


mysql_connect ($host, $user_db, $pass_db); 
mysql_select_db($dbase); 

$sql="SELECT pass_id FROM $dtable WHERE user_id=$userlogin";

$result = mysql_query($sql); 

$rows = mysql_num_rows($result); 

if ((!$rows) || ($rows < 1)) {echo "There is no such user please register";
} 
else { 
 list($pass_id) = mysql_fetch_row($result);

 if ( $pass_id eq $userpass ){
   echo "Welcome! ";
 } else{
  echo "Wrong Password or User Name";
 }
}