Tks for your reply -- you're partially correct in how it works, and thus far I've not used session id's. Cool.
Login is built into the Flash movie and calls a PHP script to authenticate, which returns appropriate success/fail data to the movie. Everything is buried in the Flash movie to solve a serious pass-around problem we had when using PDF's. If the Flash .swf file gets passed, then the login is the first thing encountered. Passwords shared you say? we limit logins to a fixed number per week.
I thought of sessions, but when I tried to set them in the authentication script called from the .swf, the .swf gobbled them, they did not go to the browser.
What I've done is call a script which opens a window, passing it the ckval and issue date to display. It's only function is to start a session and call a second window, which actually displays the story. That window closes its parent. (Too much JavaScript for my liking.)
This scheme is only working on a test site now. If you want to, check out
http://www.allnovascotia.com/test_flash/feed_print_story.php , which a person might do if they figured they will get the news for free, a rude message appears. (Which will be changed for production, as we would rather encourage, not discourage, potential subscribers.)
To see how this scheme works legally, have a look at http://www.allnovascotia.com/test_flash/index.php?pgget=1 and login using "flasher" in all the boxes.
So it's not a PHP solution, I'm popping up an intermediate window and closing it, which is ugly - flicker. And I've not been able to figure out a way to have that intermediate window open at a small size -- everything in JS seems to operate on children.
Regards - Miles Thompson
At 01:30 PM 6/23/2003 +1000, you wrote:
Ok, I'm trying to get a grip on what happens here:
1. i visit your site, see a flash movie, which enables me to log-in
2. after i log in, I see a link called "news"
3. I click on it, which pops open a HTML window through javascript, with a URL like example.com/print_news.php
[At this point, the news page should only be available to authenticated users, but it isn't -- right?]
The answer appears to be sessions. When you log in, you should be able to pass a session ID back to the flash movie, along with the user's ckval (whatever that is), and add a session variable like 'logged_in' to the session.
When the flash movie uses javascript to pop open the news window, you should be able to pass the session id as a GET variable in the URL, eg:
example.com/print_news.php?PHPSESSID=xxxxxxxxxxxxxxxxx
print_news.php needs to have this at the top:
<? session_start(); if($_SESSION['logged_in']) { ?> <html> ... Your news ... </html> <? } else { ?> <html> ... Sorry, you must be logged in baby! ... </html> <? } ?>
You don't NEED cookies to have session work... it can be done with URLs.
Justin
on 23/06/03 5:18 AM, Miles Thompson ([EMAIL PROTECTED]) wrote:
> This does have to do with PHP, but bear with me. > > We're using a Flash movie, which calls various PHP scripts to authenticate > users & retrieve news articles, to display a daily business digest. As > Flash's printing capabilities are pathetic, we use JavaScript to popup a > chromeless window in which runs print_news.php. (This is a small window, > with selection, resizing, etc. all disabled, and which calls the print > dialog on load; all that is really visible is its "Close" button.) > > It won't be too long before some bright spark realizes that our site could > be visited and the URL for print_news.php fed in; that person would then > have free access - not good. > > What I planned to do is add authentication to print_news.php, by passing > the user's ckval (obtained when first authenticated by user_logon.php) > back to the browser in a session var. That does not work, as Flash > apparently gobbles the cookie. > > The apparent alternative is to call an intermediate script from Flash, > passing the ckval, and having that script set the session and then redirect > to print_news.php, using the header( Location: ... ). The problem is that > opens in the same window, and I need a new one. > > I obviously can't pass ckval in the URL, and I don't have any way, that I > know of, to fake a <form> POST. > > Suggestions or nudges in the right direction will be appreciated. > > Regards - Miles Thompson >
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
