Help me changing a value in the database by a PHP file!!! (Urgent)

[raladin]

Inva

[raladin]

Inva

[kows]

umm, i don't really get what you're asking, but if you're doing this with flash it will depend on how you're submitting the script..

i have no idea of the capabilities of flash, so try explaining a bit more about how you want this to be done..

[raladin]

Inva

[CornedBee]

Maybe for checking username and password? That's a bad idea, you should never send such values to the client. They might get intercepted and exploited.

You should instead send the values from the flash to the server and compare them there, then just send back a success or error notification.

How would you do a HTTP request to the server from flash?

[raladin]

Inva

[CornedBee]

What do you mean by link?

I assume in the PHP file is
<object clsid="..." data="movie.swf">
</object>

but that won't work. You need the object in another (perhaps plain HTML) file and send a request to the PHP.

So, could you answer this one please?

How would you do a HTTP request to the server from flash?

[raladin]

Inva

[CornedBee]

You still haven't explained what you mean by "linked with a PHP page".

You know, this would be a lot easier if the form was plain HTML, not flash.

[raladin]

Inva

[CornedBee]

I think you need to learn more about the purpose of PHP and the relationship between clients, servers and content.

[raladin]

Inva

[kows]

I'm pretty sure this can be done in Flash, as I know people who have made Flash interact perfectly with Perl, and I'm guessing as long as they just sent a form to a PHP that it would work...

However, I have no experience with Flash, and since you said you could do it with PHP, but not with HTML (by the way, PHP uses HTML, so what are you talking about HTML not being secure?), so, I'll try to help you by using PHP.

This is ALL untested code, and since I'm doing it all off of the top of my head, you might have to play with it and fix some errors..

mysql.php - this file is needed for connection to the database
THIS FILE IS REQUIRED FOR BOTH SCRIPTS TO WORK!
it also MUST be in the same directory as the other scripts

Code:

<?
  /**********************************
   * MySQL Register/Activate Script *
   **********************************
   * Author: David Miles            *
   *         [email protected]  *
   * Date: Jan 11, 2004             *
   **********************************/

  //set mysql database settings
    $mysql['host']  = "localhost";     //mysql host address
    $mysql['user']  = "user";          //mysql user name
    $mysql['pass']  = "pass";          //mysql password
    $mysql['db']    = "database_name"; //mysql database name (stores table $mysql['table'])
    $mysql['table'] = "table_name";    //mysql table name (stores account info)
  //find out if a connection is needed, so not to connect when it is not needed
    if(isset($_POST['connx']) && $_POST['connx'] == 1){
      //establish connection to host
        @mysql_connect($mysql['host'], $mysql['user'], $mysql['pass']) or die("MySQL Error: Could not connect to <i>$mysql[user]</i>:<i>$mysql[pass]</i><b>@mysql[host]</b>!");
      //select the needed database
        @mysql_select_db($mysql['db']) or die("MySQL Error: Could not select database <b>mysql[db]</b>!");
    }
?>

register.php - this file is needed for registering

Code:

<?
  /**********************************
   * MySQL Register/Activate Script *
   **********************************
   * Author: David Miles            *
   *         [email protected]  *
   * Date: Jan 11, 2004             *
   **********************************/

  require_once("mysql.php");
  if(!isset($_POST['user'], $_POST['pass'])){
    //show registration form
?>
<h3>Register</h3>
<form method="post">
  Username: <input type="text" name="user"><br>
  Password: <input type="password" name="pass"><br>
  <input type="submit" value="Register"><br>
</form>
<?
  }else{
    //register the account
      if(!empty($_POST['user'] || !empty($_POST['pass'])){
        $user = $_POST['user']; 
        $pass = $_POST['pass'];
        //query the database to check if account already exists
          $chk = mysql_query("SELECT user FROM $mysql[table] WHERE user='$user' LIMIT 1");
          $chk = mysql_fetch_array($chk);
          if(empty($chk[0])){
            //account does not exist, create a new one
              //create two random activation codes using the base for act1 as 1-500 and act2 as 501-1000
              $activ[0] = activationCode(rand(1, 500));
              $activ[1] = activationCode(rand(501, 1000))
              $query = mysql_query("INSERT INTO $mysql[table] VALUES('$user','$pass','$activ[0]','$activ[1]')");
              echo "Your account has been created!";
          }else{
            //account does exist, show an error
            echo "That account already exists!";
          }
        
      }else{
        //form input was empty, show an error
        echo "You must not leave anything on the form blank!";
      }
  }
  //function to create random character activation codes (includes letters)
  function activationCode($base){
    //letters to add into string
      $letters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
    //default the activation code for now
      $activ = 0;
    //make a bunch of random integers and do some math to make a big jumble of crap
      $int[0] = rand(1, $base);
      $int[1] = rand(($base + 1), ($base * 2));
      $int[2] = rand((($base + 1) * 2), ($base * 3));
      $run = 0;
      for($i = 0; $i < count($int); $i++){
        $run++;
        $activ += (($int[$i] * ((5 * rand(1234, 5678912)) / 2)));
        if($run < 2){
          $i = 0;
        }elseif($run < 4){
          $i = 1;
        }elseif($run < 6){
          $i = 2;
        }
      }
    //do some more math to make the activation code more unpredictable
      //remember to finally round it off to get rid of decimals!
      $activ = round($activ * 20000);
    //find out how many letters to add in
      $rlets = rand(3, (strlen($activ) - 1));
    //start adding letters
      for($i = 0; $i < $rlets; $i++){
        //find a random position and add a letter to it (NOTE: first and last char will be numbers)
          $pos = rand(1, strlen($activ) - 1);
        //make sure the current position doesn't have a letter
          if(!authPos($activ, $pos)){
            //generate a letter
              $l = rand(0, (count($letters) - 1));
            //add in the letter
              $activ = substr_replace($activ, $letters[$l], $pos, 1);
          }
      }
    return str_replace(".", "", str_replace("+", "", $activ));
  }
  //function to authenticate a position to place a letter
  function authPos($str, $pos){
    global $letters;
    $c = 0;
    $char = substr($str, $pos, 1);
    for($i = 0; $i < count($letters); $i++){
      if($char == $letters[$i]){
        $c++;
      }
    }
    return $c;
  }
?>

activation code: I just made up a bunch of crap to create a string.. it creates strings from 12 characters to 17 characters. you can see a full test of it here:
http://www.complex-sys.com/source/activ.php

activate.php - this file is needed for activation of accounts

Code:

<?
  /**********************************
   * MySQL Register/Activate Script *
   **********************************
   * Author: David Miles            *
   *         [email protected]  *
   * Date: Jan 11, 2004             *
   **********************************/

  require_once("mysql.php");
  if(!isset($_POST['user'], $_POST['activ'])){
    //show activation form
?>
<h3>Activate Account</h3>
<form method="post">
  Username: <input type="text" name="user"><br>
  Activation Code: <input type="text" name="activ"><br>
  <input type="submit" value="Activate"><br>
</form>
<?
  }else{
    //activate the account
      if(!empty($_POST['user'] || !empty($_POST['activ'])){
        $user = $_POST['user']; 
        $activ = $_POST['activ'];
        //query the database to check if account already exists
          $chk = mysql_query("SELECT user FROM $mysql[table] WHERE user='$user' LIMIT 1");
          $chk = mysql_fetch_array($chk);
          if(!empty($chk[0])){
            //account does exist, check if activate code is correct
              $chk2 = mysql_query("SELECT code1 FROM $mysql[table] WHERE user='$user' AND code1='$activ' LIMIT 1");
              $chk2 = mysql_fetch_array($chk2);
              if(!empty($chk2[0])){
                //activation code is correct, activate the account
                $query = mysql_query("UPDATE $mysql[table] SET code1=code2");
                echo "Your account has been activated!";
              }else{
                //activation code is incorrect, show an error
                echo "That activation code does not match the one in the database!";
              }
          }else{
            //account does not exist, show an error
            echo "That account doesn't exist!";
          }
        
      }else{
        //form input was empty, show an error
        echo "You must not leave anything on the form blank!";
      }
  }
?>

I'm sure there are errors in my code, so feel free to fix them yourself.

By the way, since you're using account activation, I'm guessing you're going to want to send the user an email or something with their activation code? You're going to need to add that in yourself.

PS: I'd appreciate it if you left my author tags on those scripts.. or at least give some credit.

[The Hobo]

Flash is about as insecure as HTML. Unless I'm horribly mistaken.

[raladin]

Inva

[kows]

It's not going to tell the user anything unless you echo something to the browser..