Password Form Tutorial

Hi,

I wanna secured some menu's items on my website,

I would like to open a password form in order to filter users that have access to my data.

Do you know tutorial to do that ?

Thanks

[vamapaull]

Ok... I spent some time to make you an example

Here you can see the ActionScript 3 code:

Code: Select all

stage.align = StageAlign.TOP_LEFT;
stage.scaleMode = StageScaleMode.NO_SCALE;
stage.showDefaultContextMenu = false;

//path to the php file on your server
var phpPath:String = "login.php";

//make password text field (when you type the characters will be like "******")
pass.displayAsPassword = true;

login.addEventListener(MouseEvent.MOUSE_DOWN, loginDown);

function loginDown(e:MouseEvent):void{
   //check to see if something in both the user and pass text fields
   if (user.text != "" && pass.text != "") {
      sendLoadData();
   }else{
      trace("Please fill in both username and password");
   }
}
stop();


function sendLoadData():void
{
   var dataRequest:URLRequest = new URLRequest(phpPath);
   dataRequest.method = URLRequestMethod.POST;            
   
   // define the custom parameters that will be sent to the .php file
   var params:URLVariables = new URLVariables();
   params.user = user.text;
   params.pass = pass.text;
   
   dataRequest.data = params;
   
   var urlLoader:URLLoader = new URLLoader();
   urlLoader.dataFormat = URLLoaderDataFormat.VARIABLES;
   urlLoader.addEventListener(Event.COMPLETE, urlLoaderComplete);
   
   try
   {
      urlLoader.load(dataRequest);
   }
   catch (event:Error)
   {
      trace("Incorrect PHP file path.");
   }
}

function urlLoaderComplete(event:Event):void
{
   // once all the data has been sent and we'll check for a message sent
   // from the php file to tell us if the operation has ended with success or not
   errorHandler(event.target.data.secure_response);
}

function errorHandler(message:Number):void
{
   // check the message that was sent back from the php file
   //trace(message)
   if (message == 1)
   {
      gotoAndStop(2);
   }
   else
   {
      trace("Wrong Username or Password");
   }
}

And here you can see the php code:

Code: Select all

<?
//Your set username and password
$username = "vamapaull";
$password = "mypassword";


//Variables received from ActionScript
$user=$_POST['user'];
$pass=$_POST['pass'];


//Chack them against each other
if ($user == $username && $pass == $password){
   print "secure_response=1";
}else{
   print "secure_response=2";
}

?>

In a few minutes I will post the source files on my blog

I really thank you.

[vamapaull]

In my blog post you can find the source files too
http://blog.vamapaull.com/?p=426

If you really want to be secure then you will want to use the md5 hash.
Basically you create a md5 hash of your password and store that in the php or database. Then you can hash the input password and check the two hashes against each other. That way if someone gets your php file(witch is possible) they would only see the hash of your password not the actual password.

Thank you Ben, I know MD5, SHA1 is not better ?

Well i'm not an expert but MD5 gives you a 128bit encryption and SHA1 gives you a 160bit encryption. So with SHA1 you have less chance for collision but MD5 is supposed to be a better encryption. It really depends on how secure you need your stuff. But If you salt you MD5 encryption then the chance of a collision is minimized and is considered safe. You should really do some more research on your own if you need a very secure site, I am not an expert on security.

[vamapaull]

You can modify the code and use MD5 or SHA1
I don't really see the difference in this example because the pass is saved in a php file and you can't see it when the php file is on the server (unless you have access to the server).

Anyway... From what I heard, MD5 has already been hacked.

How do you add a list of usernames and passwords into the php script? Do you declare them as an Array if that is possible in php?