Hi all,

I recently created a Flash/ASP login with an Access database with 4 fields (userName, firstName, lastName, password).

At the flash screen, users type username and password, which are sent to the ASP page and verified against the userName and password fields, and the ASP sends a 'userInfo=true' or userInfo=false' back to flash.

THIS WORKS FINE!!!

BUT What i also want to do now, is after the ASP has verified the username and password of a user, i want the ASP to send that users firstName and lastName (from the firstName and lastName fields) back to the flash file also. so aswell as getting the 'userInfo=true' or 'userInfo=false' information, i want to get the 'firstName' and lastName' information of the logged user. then i can display the users full name when they have logged in and been taken to the members only section (frame 5 of the flash file).

I have tried a couple of things to do this but i cant seem to get it to work?

the url for the Flash File, ASP file and Access database is www.danielholmes.com.au/login.zip

Any assistance would be much appreciated from anyone.

Thanks and kind regards,

Mitcho

Ok, I made a few minor changes, but for the most part you were right on track. I didnt test it.
I tested it and it works fine. Get the first and last name in the trace.
Also, changed the FLA for you, it also carries the name over to the next frame

hey thanks heaps...

what you did works great... only one little problem.

when i type in a valid user name, but incorrect password in the flash - for example user=mitchell, pass= jimbeam then i get this error in output window

Error opening URL "http://localhost/loginupdate/login.asp"
load failed

EDIT__
i tried changing back where you wrote : Response.Write "&userInfo=true" change back to mainMessage="userInfo=true" and this fixed that problem, but now when i login with correct user and correct pass it keeps returning "Invalid user or password"

thanks for help so far... almost there i guess...

actually, now i just replaced all occurances of mainMessage with what you had... all talk back to flash now just from Response.Write commands. works now.

thanks!

So you're good to go now?

Mate thanks to you its working thus far, you have been a great help. While your on a roll Im wondering if i could ask you something else with regards to this.

after the asp has verified user name and password, RATHER than have it post this information back to the flash file, i would like it to load up into a members only ASP page (that is, a page that only people who have entered correct username and pass can view). at the top of this members only page it would just say 'welcome' and display the username, first name and last name (similar to what the flash did - but i want to break out of the flash file completely after login because swf is not secure)

i know this is a big ask, but what would i have to change / add to get this too work. and what would the 'members_only.asp' page look like... as you gathered im really new to this, but im learning by help and example which is really good.

THANKS so much if you can help me, it would be greatly appreciated.

You would just redirect them to another ASP page..
Response.Redirect()

thats ASP code not flash

thanks Cato,

but:

-how do i pass the user details to this pages
-how do i make sure this page cant just be accessed if url is typed in browser
-just say the flash is within index.html, how do i get this page to change to the 'members_only.asp' page.

do u have any working examples of this type of thing, or can edit the example i posted?

i have not a clue how to begin this mebers_only asp page so im seeking help.

Thankyou kindly for your responses.

regards,

Mitcho!

First, its Cota...but mistakes happen..ok now for your questions

1 - Pass them the say way you got them, with Request..the second ASP page will just Request("varName") and poof, there they are.

2 - Through the clever use of the login variables and session variables. Pass a session variable from page to page and compare the sessionID in each page, if they dont match, Response.End

3 - That part may be alittle more of a pain in the ass, but can be done.

ok, sorry Cota, my bad. kinda stressin over this.

ok so im going to be a real pain in the ass and ask...

could u give me an example of this?

I dont have any examples to share, none that I can share legally...
So you just want the flash part so that they can login..? Where are they going if the login is incorrect?

well as you know the example you posted up here works.

what id like to do is same, but instead of flash moving to frame 5 when login is successful, id like when they click login, the login.asp page verifies their username,password and pulls their firstname and last name (which already works),
BUT then id like this asp page (login.asp) to then popup/open a asp page called 'members_only.asp' which basically says 'login successful' and displays their details (username, firstname, lastname).

if they are unsuccessful the flash/login.asp already handles this by displaying an error message. theres no need to even open up 'members_only.asp' if the username and password arent verified.

I suppose if members only opens up in a new page, it doesnt really matter if index.html remains open in the background (i know alot of sites do popup a new members only window) but it would be good if the members_only.asp opened up in the index.html browser window.

PLEASE see attached image (where the blue lines represent that information from the user just logged in, login.asp is hidden from user as it is currently, and that within the green box represents what i need you to help me with)

and lastly - THANKYOU so much. its a rarity that someone is willing to help so much. your a rare bread, so thanks so much. im learning alot! you should be charging me!

I tossed this together real quick..not sure it works 100%

Mate, THankyou a bunch...

I made a few changes and its pretty much working as expected... i have attached the files here for anyone that wants them...

i have a question though. right now if someone tries to just access members.asp it redirects them to login screen, but if they type ...url/login/members.asp?userInfo=true then they get access to the page info... do you think this is a security problem? what ways are there around this?

thanks again... ive actually learnt quite a bit about asp and server scripts - u have been very helpful... how can i mark your message as the answer?

It could be a security issue..originally I was going to use a sessionID to validate everything, but the issue was that the sessionID would change from loadvars to getURL...the only way I can see getting around that is to have the Flash file inside an ASP page, and get a sessionID, that way the ID will match when you go to members.asp..

hmm interesting. im learning alot (do you teach this kinda thing).

lets just say i change index.html to index.asp [which i have now done]

what do i need to change in the 'flash/login.asp', and add to the 'members.asp' in order to generate this sessionID security?


PS-Thankyou so much (is there some points system like experts exchange or similar in which i can nominate how much help you have offered?

in index.asp add a variable to hold the sessionID, you can get it with this code

userSession = Session.SessionID


then in members only you can check the sessionID with

if (Request("userSession") = Session.SessionID) Then
'Run some code here, or place the content of members.asp here
else
Response.End
End If

I just pulled that off the top of my head, so its probably flawed..

Thanks again!

Ok i will this and let you know how it goes.

If there are any problems i will probably post back.

I don't need to add/change anything to the flash do I? Is this because the flash is within index.asp and it is this page which members.asp is then loaded into?

You know what, now that I think about it, not too sure that will keep the same session ID ....I'll have to think about it alittle more.

alright, thanks...

I look foward to your reply.

ill keep doing some reseearch too.

Didnt work....

attached the files...

i basically used that code, and members.asp must not get the sessionID correctly because the 'if' statement doesnt execute, and so the page redirects...

So for some reason the sessionID isnt being confirmed or just isnt passing?


-----
just so you know, the page alert.html will redirect you back to index.html, this should be index.asp - forgot to change

OK, made some changes. got the session thing working i believe.... Latest files attached in zip.

-session initialized in index.asp,
-session authorize value set in login.asp upon user/pass confirmation
-session checked in members.asp to see if it matches that set in login.asp

just a couple of issues: -firstly, is this setup fairly secure?
-secondly, i tried to implement a timeout in login.asp. is this right? i dont think its working? could you check?
-thirdly, i tried to do a logout button in members.asp with a session.abandon script attached. i do not think it is working but! could you check?

Many thanks!

PS-perhaps if this is getting outside the realm of flash too much, i could private message you? is that better?

This setup is secure...the sessionID is damn near impossible to duplicate or guess. I will check the files and get back to you.

Thankyou,

It is much appreciated - but i once again made a few slight changes... i placed the session.abandon method in a file called goodbye.asp which is called once the user clicks the 'sign out' link within members.asp.

so if you do have the time, could you check THESE files (disregard the previous posts files as they have been updated) within the attachment and just let me know if the 'timeout' (in login.asp) and 'abandon' (in goodbye.asp called by members.asp) methods are working right.

Thanks

Again, I wont be able to check those until later tonight....

thats fine, i just really really appreciate that your helping me.

Thanks again.!:)

This is going to take some rethinking on my part...my original idea wont work, the sessionID part anyway...I do have another idea, its slightly clever, I wont be able to put anything together until monday...holiday stuff....

Thankyou! Perfectly understand you are busy.

I look foward to seeing what you come up with on Monday...

Kind regards, enjoy your christmas holiday!

--
Mitcho!

ok, have some brainstorming I have come up with this idea, so follow me on this. First, in the ASP login page, you check the database for the user name password, if the login is succesful, get the SessionID and then save it to the database..pass the sessionID back to flash with the other stuff, then in flash, redirect it to memebers ASP page passing the username, password, and sessionID to members.asp, then check the database again to make sure the sessionID passed, matches the one we saved from login.asp...that should sure the security side of it.

that sounds like it would work excellent...

just one thing...(or 3 things rather)...

-how do i get the sessionID and save to database. i have not done anything with writing to the actual database before?
-how do i then pass it back to flash?
-send it and check it in ASP (or is this the same as with the username,password check/verify in login.asp?

ok, I tossed this together for you, I havent tested so there may be a few errors, but it demonstrates the point.

Hey that is excellent. i like your way of thinking..

i also changed it abit too so that flash POSTED the variables to the members.asp page rather than using the getURL and having the vars appear in the browser window.

i havent had a chance to fully look at it all yet but i will soon.

thanks so much for you dedicated help in this matter.

may the forums be with you

ok i have finally had a chance to look at this, and for some reason its not working.

i put the files into my wwwroot folder, within a folder called test, opened up index.asp in the browser and ran it. typed in a correct username and password and when i hit login it just says.. waiting for 'localhost' and doesnt move....

any ideas. sorry to bring you back to this post. and sorry for the delay between posts. i have been without a net connection for the last week.

Check to make sure your IIS server is running...

ok ive checked and my IIS server is definatley running, because past versions of this project are working fine...

ive zipped everything up and attached to this message - can you confirm its an IIS error, or whether there is something wrong with the scripts... my guess is its to do with login.asp because as soon as i hit the flash login button the status bar just keeps saying "waiting for localhost..."

could u take a look and see if theres a prob with the code u supplied in ur last post attachment.

thanks again for your help on this matter.... and for you time, patience etc...

I dont get any waiting for server messages...I have seen this problem before, I just dont remember where and the solution..

so does it work on your computer i guess is the main question?

oddly enough it will sort of work if I run login.asp directly, but wont run if I use the flash part...

yes, this is the same for me. if i run the login.asp it returns 'userInfo=false'
but when i run index.asp i get nothing, it doesnt even tell me the user and pass are incorrect when i type incorrect user and pass???

do you think its something to do with the Flash, the index.asp, or the login.asp? ive been looking through last night and this morning but havent turned up anything yet???

any ideas?

Putting that aside for a monent...did you understand what I did with the session ID?

Yes, basically you are updating and inserting the current valid users sessionID into the session field of the loginTable of the database. then you are sending this sessionID back to be captured by flash.

is that correct? you arent setting a timeout for the session either right?

so i guess the problem either lies in index, login or the flash itself...

Exactly...sorry, but at the moment time is becoming alittle tight...so I wont be able to mess with the files for a bit..

totally understandable. you sound like a busy guy, and seems like you spend alot of time helping people so thanks heaps for helping me.

im subscribed to this post anyway, so whenever you have time to mess around with the files and figure out the problem i will be notified.

Thanks heaps again mate! look foward to hearing from you!

--
Rgds
Mitcho