3 Replies Latest reply on May 29, 2009 8:38 AM by DHTVP

    Loging a user into mysql database example

    Jim Daniel

      I'm looking for a clear example or tutorial on loging a user into a mtSQL database.  I don't want an automatic login like you get with the Flex Builder's db wizard.  What I have is a screen where the user enters a user name and password and then clicks a button to login.  I need to be able to handle the user not entering the correct user name or password, that is handling the mySQL rejecting the login.  I have done several serches both here and google and don't seem to find anything like I need.  Can anybody out there point me in the right direction?

        • 1. Re: Loging a user into mysql database example
          DHTVP

          This is actually a faily simple thing to do...at least I think this is what you are trying to do based on what you said:


          Here is the code for the MXML to put together the login UI:


          <mx:Panel width="446" height="199" layout="absolute" title="Login" id="loginpanel">
                  <mx:Label x="26" y="58" text="Username:"/>
                  <mx:Label x="53" y="86" text="Password:"/>
                  <mx:TextInput x="121" y="56" id="username"/>
                  <mx:TextInput x="121" y="84" id="password" displayAsPassword="true"/>
                  <mx:Button x="219" y="114" label="Log In" id="Submit" click="login_user.send()"/>
          </mx:Panel>


          you need an HTTPService call (which the Submit button above sends) to the PHP file that will check the user's credentials against what is in the DB:

           

          (mind you, I would encrypt the password on the client side too before sending it over to the PHP file)


          <mx:HTTPService id="login_user" result="checkLogin(event)" method="POST" url="login.php" useProxy="false">
                  <mx:request xmlns="">
                      <username>{username.text}</username>
                      <password>{password.text}</password>
                  </mx:request>
          </mx:HTTPService>


          now, the result of the HTTPService goes to a function called checkLogin(event) which is:


          import mx.rpc.events.ResultEvent;

          private function checkLogin(evt:ResultEvent):void
              {
                  if(evt.result.loginsuccess == "yes"){
                      //user is GOOD, do something now
                  }
                  if(evt.result.loginsuccess == "no"){
                      mx.controls.Alert.show("Invalid username/password");
                  }      
              }


          and for the PHP file, it checks against the DB and generates an XML which is kicks back to Flex:


          <?php

           

          //connect to DB however you do it, I have a function db_connect() that I call

          $conn = db_connect();


          $username = mysql_real_escape_string($_POST['username']);
          $password = mysql_real_escape_string($_POST['password']);


          //if you have encryption, then make sure you do that here (md5 or whatever)

          //also, make sure you do validation of the input for SQL Injections and XSS attacks, but I'm not covering that here


          $query = "SELECT * FROM usertable WHERE username = '$username' AND password = '$password'";
          $result = mysql_fetch_array(mysql_query($query));


          $output = "<loginsuccess>";


          if(!$result) {

              $output .= "no";

              $output .= "</loginsuccess>";  
          } else {

              $output .= "yes";

              $output .= "</loginsuccess>";

           

          }


          print ($output);


          ?>

          • 2. Re: Loging a user into mysql database example
            Jim Daniel Level 1

            Thanks, this is kind of what I was looking for and has put me on the right track.  Just one question, shouldn't the db_conect() use the 'username'/password pair inputed to insure sercurity?  All the examples I've seen use the default root/root and this seems very very bad practice.

            • 3. Re: Loging a user into mysql database example
              DHTVP Level 1

              yes, you should definitely send the user/pass pair to db_connect function, i just didnt include my db_connect function...assumed you already had that for connecting to your DB & tables.

              1 person found this helpful