Ok, I'm trying to get a grip on what happens here:
1. i visit your site, see a flash movie, which enables me to log-in
2. after i log in, I see a link called "news"
3. I click on it, which pops open a HTML window through javascript, with a
URL like example.com/print_news.php
[At this point, the news page should only be available to authenticated
users, but it isn't -- right?]
The answer appears to be sessions. When you log in, you should be able to
pass a session ID back to the flash movie, along with the user's ckval
(whatever that is), and add a session variable like 'logged_in' to the
session.
When the flash movie uses javascript to pop open the news window, you should
be able to pass the session id as a GET variable in the URL, eg:
example.com/print_news.php?PHPSESSID=xxxxxxxxxxxxxxxxx
print_news.php needs to have this at the top:
<?
session_start();
if($_SESSION['logged_in'])
{
?>
<html>
...
Your news
...
</html>
<?
}
else
{
?>
<html>
...
Sorry, you must be logged in baby!
...
</html>
<?
}
?>
You don't NEED cookies to have session work... it can be done with URLs.
Justin
on 23/06/03 5:18 AM, Miles Thompson ([EMAIL PROTECTED]) wrote:
> This does have to do with PHP, but bear with me.
>
> We're using a Flash movie, which calls various PHP scripts to authenticate
> users & retrieve news articles, to display a daily business digest. As
> Flash's printing capabilities are pathetic, we use JavaScript to popup a
> chromeless window in which runs print_news.php. (This is a small window,
> with selection, resizing, etc. all disabled, and which calls the print
> dialog on load; all that is really visible is its "Close" button.)
>
> It won't be too long before some bright spark realizes that our site could
> be visited and the URL for print_news.php fed in; that person would then
> have free access - not good.
>
> What I planned to do is add authentication to print_news.php, by passing
> the user's ckval (obtained when first authenticated by user_logon.php)
> back to the browser in a session var. That does not work, as Flash
> apparently gobbles the cookie.
>
> The apparent alternative is to call an intermediate script from Flash,
> passing the ckval, and having that script set the session and then redirect
> to print_news.php, using the header( Location: ... ). The problem is that
> opens in the same window, and I need a new one.
>
> I obviously can't pass ckval in the URL, and I don't have any way, that I
> know of, to fake a <form> POST.
>
> Suggestions or nudges in the right direction will be appreciated.
>
> Regards - Miles Thompson
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
