i need you to try and hack this!!!

[hollywood]

As long as someone did not come across your text file while directory surfing. But you could always encode the text file and use AS to decode it.

[big_k]

ok... about that php code...

if i use this

< ?php
pass="thepassword"
? >
< html>Blah Blah No password for you!</html >

then they can still look at the source to find the password, right?


also, how would i load that into flash? would it just be loadvars?

[Markp.com]

Originally posted by big_k
ok... about that php code...

if i use this

< ?php
pass="thepassword"
? >
< html>Blah Blah No password for you!</html >

then they can still look at the source to find the password, right?


also, how would i load that into flash? would it just be loadvars?

Once PHP is ran on the server, the end user only sees the out put, not whats in there, or so I've been told!

To load it in to the flash just have a loadvar statement that loads the php file into the root of the movie. Make sure the variable for password is the same as pass="thepassword" in the php file.

I might move this to the scripting and backend thread as its heading in that direction and they'll be able to help you more with the php

[big_k]

hmm.. heres what happens with that code...

http://www.seeminglyawake.net/profanehumor/info.php

[big_k]

think you could move this to the scripting and backend forum?


i need to learn php

[big_k]

thank you very much for the help...
i still dont understand what script i would use to tell it to go to a certain frame if the password is correct, i have tried
if (password == pass) {
gotoAndPlay(10);
} else {
gotoAndStop(1);
}

but that doesent work...

[jasonpratt]

yeah, then youd be right back to putting the word in yer swf...

[Markp.com]

Originally posted by big_k
thank you very much for the help...
i still dont understand what script i would use to tell it to go to a certain frame if the password is correct, i have tried
if (password == pass) {
gotoAndPlay(10);
} else {
gotoAndStop(1);
}

but that doesent work...

You may need to put the whole path in if(_root.password == _root.pass)
Make sure you are loading the php file into the root of movie and that they are in the same directory

Moving this to scripting and backend.

M

[Musicman]

Hi Markp,

why would you want to confuse people? If a browser receives only the "no password for you" message, a movie using loadvariables will not receive anything else

The proper way sends the password from flash to the server (there might be text boxes "user" and "pass" in your movie) with loadvariables or similar function in POST mode.
So a php script is called with these two values passed in. It sould be similar to

Code:

<?
// these two lines for php 4.1 or later
$user = $_POST["user"];
$pass = $_POST["pass"];
if($user == "john" && $pass == "secret")
 print "&status=ok";
else
 print "&status=fail";
?>

If there is more than one user / pass, you would probably read a text file or data base, rather than hardcoding them into the script
Now the task of the flsh movie is to operate only if status=ok is sent back
Please read the sticky about "vars in a textbox"

Depending on the actual application, someone could fool the movie by intercepting the data path and changing the fail to an ok.

Musicman

[Musicman]

Hi,

if a file is not accessible from the web, it is not accessible to loadvariables either

Musicman

[loydall]

Originally posted by Musicman
Hi,

if a file is not accessible from the web, it is not accessible to loadvariables either

Musicman

Not true (I think) you can definitely load variables using the exact path to the text file, as I said earlier. As long as you know the path - something like: c://data/password.txt you will be able to load variables from it. If you have a paid for account, you may have a control panel that allows you access to a number of folders outside your web root. If you're using an access database, it's always a good idea to store it outside the web root for security - the same goes for any files containing sensitive information. If you do have a paid for account and you don't have access to a folder outside your web root - get in contact with the hosting company and they should set one up for you if they're nice.

You can find the path to your file using Server.MapPath in asp - there must be a similar method in php?

I'm sure this method would work - I might even give it a try.

[Musicman]

Hi,

you are wrong on that: if a file is outside the webroot, it is inaccessible to browsers, flash players, and the like. It is accessible to asp or php scripts running on the server - so if you have sensitive information in a text file outside the webdocs, your server scripts can use it, but someone using a browser could not view it
If a server (by itself) allows to access a random file outside the webroot just by knowing its path, it is simply a bad server. There are enough asp, php, cgi scripts around that allow to abuse an otherwise secure server ...

Musicman

[MopFlash]

if the file is on ur comp, then only ur comp can access it, it actuallly needs to be on the net for ppl using the net for it to work.

And back to the cracking thing, if its in flash then u shouldnt bother with passwords its ALWAYS gonna get cracked, its just too easy