Hi,
I am developing a flash presentation which has different areas. I will be uploading that on Web and want to know that how many users are on any area. Or say i want to create a monthly report and would like to know which area is liked most.

I think this can be done by sessions. I did these types of reports in PHP, ASP earlier but don't know how to do that in Flash MX2004.

Any ideas would be helpful.. I think there is something called session array in Flash MX but no use of that as i can't get any info abt that anywhere on web.

Thanks in advance for all your help.

Regards

Hi,
I am developing a flash presentation which has different areas. I will be uploading that on Web and want to know that how many users are on any area. Or say i want to create a monthly report and would like to know which area is liked most.

I think this can be done by sessions. I did these types of reports in PHP, ASP earlier but don't know how to do that in Flash MX2004.

Any ideas would be helpful.. I think there is something called session array in Flash MX but no use of that as i can't get any info abt that anywhere on web.

Thanks in advance for all your help.

Regards

..
[crosspost]

Cross post or not, I'd like to know.

thanks

Never used sessionarray.

Why not just use loadvars to interact with PHP/mySQL?

Hum... interesting.... try this (i never tested it though so minor syntax errors are possible)

MySQL table creating query

CREATE TABLE traffic_logs (
id bigint(19) unsigned not null auto_increment,
ip varchar(25),
location varchar(25),
visits int(9) unsigned,
primary key(id)
);


Flash end's function

_global.logvisit = function (location) {
_root.PHPcom = new LoadVars();
_root.PHPcom.location = location;
_root.PHPcom.onLoad = function(success) {
if (success && this.error == undefined) {
//throw in your success handeling here
} else {
//throw in your error handeling here
}
delete _root.PHPcom;
};
_root.PHPcom.sendAndLoad("recorder.php", "POST");
}


recorder.php contents

<?php
if (empty($_POST['location'])) exit('Stop Hacking');
$connect = @mysql_connect('host', 'user', 'pass') or die('error=connect');
mysql_select_db('database', $connect) or die('error=selectdb');
$q = mysql_query('SELECT id FROM traffic_logs WHERE ip = "'.$_SERVER['REMOTE_ADDR'].'" AND location = "'.$_POST['location'].'" LIMIT 1');
if ((
mysql_num_rows($q) < 1
&&
!mysql_query('INSERT INTO traffic_logs VALUES("", "'.$_SERVER['REMOTE_ADDR'].'", "'.$_POST['location'].'", "1")')
)
||
(
mysql_num_rows($q) > 0
&&
!mysql_query('UPDATE traffic_logs SET visits = visits + 1 WHERE ip = "'.$_SERVER['REMOTE_ADDR'].'" AND location = "'.$_POST['location'].'" LIMIT 1')
))
{
echo('error=query');
}
?>

Thanx J.W_(Dark_Element)

errh just call me Dark_Element. anyways, welcome ;)

Hum... interesting.... try this (i never tested it though so minor syntax errors are possible)

MySQL table creating query

CREATE TABLE traffic_logs (
id bigint(19) unsigned not null auto_increment,
ip varchar(25),
location varchar(25),
visits int(9) unsigned,
primary key(id)
);


Flash end's function

_global.logvisit = function (location) {
_root.PHPcom = new LoadVars();
_root.PHPcom.location = location;
_root.PHPcom.onLoad = function(success) {
if (success && this.error == undefined) {
//throw in your success handeling here
} else {
//throw in your error handeling here
}
delete _root.PHPcom;
};
_root.PHPcom.sendAndLoad("recorder.php", "POST");
}


recorder.php contents

<?php
if (empty($_POST['location'])) exit('Stop Hacking');
$connect = @mysql_connect('host', 'user', 'pass') or die('error=connect');
mysql_select_db('database', $connect) or die('error=selectdb');
$q = mysql_query('SELECT id FROM traffic_logs WHERE ip = "'.$_SERVER['REMOTE_ADDR'].'" AND location = "'.$_POST['location'].'" LIMIT 1');
if ((
mysql_num_rows($q) < 1
&&
!mysql_query('INSERT INTO traffic_logs VALUES("", "'.$_SERVER['REMOTE_ADDR'].'", "'.$_POST['location'].'", "1")')
)
||
(
mysql_num_rows($q) > 0
&&
!mysql_query('UPDATE traffic_logs SET visits = visits + 1 WHERE ip = "'.$_SERVER['REMOTE_ADDR'].'" AND location = "'.$_POST['location'].'" LIMIT 1')
))
{
echo('error=query');
}
?>



YOu are pretty much asking for SQL injection attacks by putting your query string vars directly into your sql like that. More should be done with $_POST['location'] to ensure noone is passing malicious code into your script. Like casting to its appropriate data type and ensuring it validates.

errh i know that freddy (i'm perfectly aware of what people can do) but what i have shown is just a example. i never said ill make it secure. sure i can do so by putting in a rule about the $_POST['location'] with replace(' ', '', $_POST['location']) but i was never asked for security so i assumed only a example is required

Hey no problems here, I was merely pointing out some things to be aware of if anyone tried using the code as it was presented above.

I have no idea how that SQL injection works, but can somebody show us better optimized code for the security??? :)

Thanks...

Some reading for you.
http://php.planetmirror.com/manual/en/security.database.sql-injection.php

CB if you want to add security to that code. then simply use one of these insted of $_POST['location']
basic security (rule = all blank spaces removed):
str_replace(' ', '', $_POST['location']);

better security (rule = any non alphabetical character are removed):
preg_replace('/[^a-z A-Z]/i', '', $_POST['location']);

best security (require code extension):
1. make a php document and have something like this then view it in the browser and write down whatever it returned:
<? echo(md5('whatever the password is')); ?>
2. add this php code to that code i wrote before and make sure its before the decleration of $connect

$loclist = array('foo', 'bar', 'goo', 'whatever other valid location it is');
if (!in_array($_POST['location'], $loclist) || md5(@$_POST['key']) != 'whatever key you generated from the other php code (looks like giberish)') exit('stop hacking');

3. modify the flash function by adding this before _root.PHPcom.location:

_root.PHPcom.key = "whatever the raw password is (the non giberish one)";


Im kinda in a bit of rush right now cos im doing something

BTW if someone does download and decompile your SWF they may be able to do mass flooding. but then again they can just do that with your swf movie.... but at least you dont have to worry about them erasing you entire database lol

WoW... I was not understanding it well when I first read Dark_Element's code, but reading it three times more and going over the freddycodes' link gave me abit better understanding... Thansk, guys... :)

Yeah I was thinking more along the lines, of if you are expecting an integer, cast the var to an integer, if you are expecting a string, cast it to a string then run it through mysql_escape_string()


basic security (rule = all blank spaces removed):
str_replace(' ', '', $_POST['location']);

There is reason to remove spaces, especially if the field allows for text with spaces.

You pass a i modifier for your pattern, which means treat as case-insensitive, so you only need /^[^a-z]+$/i

But again this only fits some scenarios, as datatypes in a database range from varchar to integer to text fields, so you really have to cast the variable to its appropriate type, not just strip out non alpha characters.

The answer is you will never be able to keep people from passing malicious code to your script, the thing to do is anticipate worse case scenario and plan for it.