7 Replies Latest reply on May 10, 2008 10:24 PM by cliffy2009

    Best Way for login???

    rotoole
      I was just wondering what everyone thought would be the best way for a secure login with 4 different access levels. It's going to do just how it sounds, different levels see/have different access to different functions and components in the program. Would an initial php login work? Would it be difficult to implement it inside Flex?? Any input would be greatly appreciated. TIA!!!
        • 1. Re: Best Way for login???
          187_2007 Level 1
          Well, you can build a simple login screen using flex, right? A few labels and textareas. make sure your password text area has the PASSWORD property. Then you can send the data to the PHP using RemoteObject Call. I know in ColdFusion there is a <cflogin> tag that takes care of security and Sessions etc... But I found that not to be so reliable. If you close the browser your session is still active. Bad news. Anywhoo.... Does the login HAVE to be secure? Rethink it. BUt to answer your question.... Send the login and password to your PHP. Query the DB to get the user's rights. Return the information back to the Flex app and from there determine which presentation to display.
          • 2. Re: Best Way for login???
            rotoole Level 1
            the whole login and password and actually logging in isnt going to be an issue...its just the whole making some things viewable and some buttons/functions available....its just gonna be a huge hassle and im not looking forward to it...i was pretty much just wondering if there is an "easy" way to show/hide things besides throwing in 100 if statements checking the users access level. i really just dont want to fill my code full of things that arent needed if theres a better way
            • 3. Re: Best Way for login???
              dishmael Level 1
              How about something like this...

              /**
              * Singleton class for handling roles
              */
              public class RoleHander {

              private static var instance:RoleHandler = null;
              private static var create:Boolean = false;

              public function RoleHandler() {
              if ( !create ) throw new Error( "RoleHandler can only be created through getInstance()" );
              }

              public static function getInstance():RoleHandler {
              if ( instance == null ) {
              create = true;
              instance = new RoleHandler();
              create = false;
              }

              return instance;
              }

              public function isAllowed( role:String ):Boolean {
              ... code to handle roles ...
              }

              } // end of RoleHandler

              Then, for each component you want to control access, enter the following in either the enabled or visible property:

              enabled="{RoleHandler.getInstance().isAllowed('admin')}"

              visible="{RoleHandler.getInstance().isAllowed('admin')}"

              Just taking a stab at it, not sure it does what you want.
              • 4. Best Way for login???
                JohnLeger Level 1
                It is absolutely possible using states. What you do is assign certain access level to the different states for example...

                <mx:states>

                <mx:State name="Visitor">
                <mx:RemoveChild target="{myLoginHBox}"/>
                <mx:AddChild relativeTo="{mainMenuHBox}" position="lastChild">
                <view:LogoutHBox/>
                </mx:AddChild>
                <mx:AddChild relativeTo="{mainMenuViewstack}" position="lastChild">
                <mx:Canvas label="Visitor Area" width="100%" height="100%" id="canvas1">
                </mx:Canvas>
                </mx:AddChild>
                </mx:State>

                <mx:State name="Youth" basedOn="Visitor">
                <mx:RemoveChild target="{canvas1}"/>
                <mx:AddChild relativeTo="{mainMenuViewstack}" position="lastChild">
                <mx:Canvas label="Youth Area" width="100%" height="100%" id="canvas2">
                </mx:Canvas>
                </mx:AddChild>
                </mx:State>

                <mx:State name="Member" basedOn="Youth">
                <mx:RemoveChild target="{canvas2}"/>
                <mx:AddChild relativeTo="{mainMenuViewstack}" position="lastChild">
                <mx:Canvas label="Member Area" width="100%" height="100%" id="canvas3">
                </mx:Canvas>
                </mx:AddChild>
                </mx:State>

                <mx:State name="PowerMember" basedOn="Member">
                <mx:RemoveChild target="{canvas3}"/>
                <mx:AddChild relativeTo="{mainMenuViewstack}" position="lastChild">
                <mx:Canvas label="Power Member Area" width="100%" height="100%" id="canvas4">
                </mx:Canvas>
                </mx:AddChild>
                </mx:State>

                <mx:State name="AssistantAdministrator" basedOn="PowerMember">
                <mx:RemoveChild target="{canvas4}"/>
                <mx:AddChild relativeTo="{mainMenuViewstack}" position="lastChild">
                <mx:Canvas label="Assistant Administrator Area" width="100%" height="100%" id="canvas5">
                </mx:Canvas>
                </mx:AddChild>
                </mx:State>

                <mx:State name="SeniorAdministrator" basedOn="AssistantAdministrator">
                <mx:RemoveChild target="{canvas5}"/>
                <mx:AddChild relativeTo="{mainMenuViewstack}" position="lastChild">
                <mx:Canvas label="Senior Administrator Area" width="100%" height="100%" id="canvas6">
                </mx:Canvas>
                </mx:AddChild>
                </mx:State>
                </mx:states>


                Then you create a loginResultHandler that first checks to see if the user is logged in. If the user is logged you then check for their access level. Personally I used digits (in my example roles 1 through 6). The digit is what I store in my database. Once the logged in user's role is established the state is changed accordingly. Do some research on using states! It will absolutely help you to do what you are looking to do. An example of the code for the loginResultHandler is...

                // loginResultHandler function
                private function loginResultHandler(event:ResultEvent):void
                {
                currentUser = event.result as User;
                if (currentUser.loggedIn)
                {
                // If login successful
                if (currentUser.roles == "5")
                {
                this.currentState='Youth';
                }
                else if (currentUser.roles == "4")
                {
                this.currentState='Member';
                }
                else if (currentUser.roles == "3")
                {
                this.currentState='PowerMember';
                }
                else if (currentUser.roles == "2")
                {
                this.currentState='AssistantAdministrator';
                }
                else if (currentUser.roles == "1")
                {
                this.currentState='SeniorAdministrator';
                }
                else
                {
                currentUser.roles == "6";
                this.currentState='Visitor';
                }
                myLoginHBox.visible=false;
                }
                else
                {
                // If login unsuccessful
                Alert.show("Login unsuccessful", "Server Authentication");
                }
                }

                I just finished setting up role based authentication using a combination of Flex 2, ColdFusion MX 7.02 and MS SQL Server Express 2005. It took my two weeks to set up my CFC's (ColdFusion Components) and ActionScript files properly.

                My user login form is authenticated against my database. If the user is properly logged in he can only view what he is authorized to view. :)

                John
                • 5. Re: Best Way for login???
                  rotoole Level 1
                  thanks a bunch....the whole login module was put on the backburner for the last month....unfortunately it didnt build itself like i wished. thanks for your input. im pretty sure from the research ive done that states are gonna be the best way to go. its just the whole making 4 different versions thing thats gonna be a hassle. thanks again
                  • 6. Re: Best Way for login???
                    cliffy2009
                    Hi,
                    I just wanted to know if you could help me with your login code using RemoteObject and Coldfusion. Can you please email it to me or post it here.

                    Thank you.
                    • 7. Re: Best Way for login???
                      cliffy2009 Level 1
                      Hi,
                      Can you please help me with the code for your Login?
                      Thank you.
                      Cliff