[SOLVED] Php authentification, and flash remoting.

[Ninjakreborn]

I have performed a flash integration.  Everything works perfectly, except for one issue I can't seem to get fixed.

<?php
if($action == "login" && isset($username))
{
$q = mysql_query("SELECT id, emailaddress, is_admin FROM userinformation WHERE emailaddress = '".$username."' && password = '".md5($pw)."' && validated = 'Y'");
if(mysql_num_rows($q) < 1) echo "&loginStatus=FAILED";
else
{
	// Set login variables
	list($uid, $nickname, $is_admin) = mysql_fetch_row($q);
	$_SESSION['TCHAT_IS_IN'] = true;
	$_SESSION['TCHAT_UID'] = $uid;
	$_SESSION['TCHAT_NICKNAME'] = $nickname;
	if($is_admin == "Y") $_SESSION['TCHAT_IS_ADMIN'] = true;
	else $_SESSION['TCHAT_IS_ADMIN'] = false;

	// Feed login info to flash
	echo "&loginStatus=SUCCESS";
	echo "&nickname=".$nickname;
	echo "&isAdmin=".$is_admin;
}
}
?>

The table has been appropriately created, nickname is also in the table at the bottom, here is the table layout if it helps.

 

Field Type Collation Attributes Null Default Extra Action

  id bigint(20)  No  auto_increment             

  emailaddress varchar(200) latin1_swedish_ci  No               

  password varchar(200) latin1_swedish_ci  No               

  firstname varchar(200) latin1_swedish_ci  No               

  lastname varchar(200) latin1_swedish_ci  No               

  country varchar(70) latin1_swedish_ci  No               

  stateorprovince varchar(200) latin1_swedish_ci  No               

  county varchar(200) latin1_swedish_ci  No               

  zipcode varchar(200) latin1_swedish_ci  No               

  gender varchar(20) latin1_swedish_ci  No               

  birthdate varchar(50) latin1_swedish_ci  No               

  validated varchar(1) latin1_swedish_ci  Yes Y               

  is_admin varchar(1) latin1_swedish_ci  Yes N               

  nickname varchar(100) latin1_swedish_ci  No

 

[pocobueno1388]

You never stated the problem...

[Ninjakreborn]

Oh sorry about that.

The current problem is, all the variables are getting passed.  The nickname however is coming up blank, it;s not registering the nickname, so it's automatically assuming it's a guest.  How can I fix this so the nickname actually does pass to the flash, it was suppose to but when I converted over to another table it doesn't.  THe other stuff pass thorugh, is admin, and everything else make it through but it doesn't read the nickname?

[pocobueno1388]

You didn't select 'nickname' in your query...that might be the problem.

 

$q = mysql_query("SELECT id, emailaddress, is_admin, nickname FROM userinformation WHERE emailaddress = '".$username."' && password = '".md5($pw)."' && validated = 'Y'");

 

[Ninjakreborn]

<?php
if($action == "login" && isset($username))
{
$q = mysql_query("SELECT id, emailaddress, nickname, is_admin FROM userinformation WHERE emailaddress = '".$username."' && password = '".md5($pw)."' && validated = 'Y'");
if(mysql_num_rows($q) < 1) echo "&loginStatus=FAILED";
else
{
	// Set login variables
	list($uid, $nickname, $is_admin) = mysql_fetch_row($q);
	$_SESSION['TCHAT_IS_IN'] = true;
	$_SESSION['TCHAT_UID'] = $uid;
	$_SESSION['TCHAT_NICKNAME'] = $nickname;
	if($is_admin == "Y") $_SESSION['TCHAT_IS_ADMIN'] = true;
	else $_SESSION['TCHAT_IS_ADMIN'] = false;

	// Feed login info to flash
	echo "&loginStatus=SUCCESS";
	echo "&nickname=".$nickname;
	echo "&isAdmin=".$is_admin;
}
}
?>

Sorry I failed to mention, I had tried that.  I tried it again just now, but for some reason it's still not working. Any advice?

[pocobueno1388]

Now I am thinking it has something to do with this line:

 

list($uid, $nickname, $is_admin) = mysql_fetch_row($q);

 

From the manual it seems that they need to be in order from the query...but you have that extra email field in there, so I'm not sure how you would skip over that, so you might have to add that to your list(). I have never used the list function myself...so I'm not very familiar with it, so I may be totally off. I would guess that it is setting the nickname as the email address?

[pocobueno1388]

Try this:

 

<?php

$q = mysql_query("SELECT id, emailaddress, nickname, is_admin FROM userinformation WHERE emailaddress = '".$username."' && password = '".md5($pw)."' && validated = 'Y'");
if(mysql_num_rows($q) < 1) echo "&loginStatus=FAILED";
else
{
	// Set login variables
	list($uid, $email, $nickname, $is_admin) = mysql_fetch_row($q);

?>

[.josh]

First off, you select id, emailaddress, is_admin but you list $uid, $nickname, $is_admin. is the user's nickname supposed to be their email address? I don't think that's necessarily related to your problem though.

 

As far as your problem: You say all your other things are being registered except for your nickname: 

 

a) I don't see anywhere in the code you posted where you insert anything into your db.

 

b) are you sure it's not being inserted? Did you actually check the db to see if it is physically there?  This might narrow down your problem.  Maybe it is being registered, but it's just not displaying correctly (from your code above, I guess...)

 

c) if it is not being inserted into the database, check to make sure your variable is spelled correctly in your actionscript.  Make sure that your dynamic text field is properly labeled, with the variable name there and everything.  Make sure you are using the right path to the object when you reference it (like _root.blah.varname or whatever). 

 

d) if all of that is right, make sure you spelled your var name right in the php script that is getting the info from flash, etc... I can't really check to see if it looks solid, seeing as how you didn't post any of that code.

 

e) if you still haven't found the bug after all that, post the code where you get the info from flash and insert it in the db.

[Ninjakreborn]

This is very, very strange.  I was performing an integration, and everything was going well, until I found out this was messed up.  I went through everything you said, as a checklist, it's all working.

The first page of the chatroom come's up.  Like when they login it says welcome businessman.  Then when I go into the chatroom itself, it doesn't list it on the right hand side.  THen when you go BACK to the other page, it says "welcome (blank spot here)".  I am not totally sure what is happening.

 

I am 100% that it's going into the database, I have 2 accounts on there, one admin, and one nonadmin to test both parts.  I have it setup so when they login to the website, it creates the extra information, then when I worked up the chatroom I made it point to that table.  This is the advice I was given from the person who built the chatroom.

Here is my registration script for the website

<?php require_once("#####"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php require_once($docroot . "#####"); ?>
<meta name="description" content="######" />
<meta name="keywords" content="" />
<title>#####</title>
</head>
<body>
<div id="bodyWrap">
<div class="pageWrapper">
<div id="header">
	<div id="logo">
	<h1>Logo ™</h1>
	</div>
	<div id="heading">
		<div class="head"></div>
		<?php
		require_once($docroot . "######");
		?>
	</div>
</div>
</div>
<div class="pageWrapper" id="main">
<div class="subTitleOuter">
	<div class="subTitleInner">
		<div class="right">
			<h2>Be In The Know</h2>
		</div>
		<div class="content">
			<h2>Featured</h2>
		</div>
		<div class="clear mozclear"></div>
	</div>
</div>
<div class="gap">		</div>
<div class="subBarOuter">
	<div class="subBarInner">
		<div class="right">
		<?php
		require_once($docroot . "####");
		?>
				</div>
			<div class="content">
			<?php
			require_once($docroot . "#####");
			?>
			<div class="clear mozclear"></div>
		</div>
	</div>
	<div class="gap">		</div>

	<div id="mainOuter">
		<div id="mainInner">
		<?php
		require_once($docroot . ######");
		?>
			<div class="right">				</div>
			<div class="content">
				<div class="titleMain">
					<a href="/index.php">Home</a>
				</div>
<?php
if (isset($_POST['submit'])) {
$errorhandler = ""; // register handler variable
validateemail($_POST['email']); // email validates
if ($_POST['email'] != $_POST['verifyemail']) { // compare email addresses
	$errorhandler .= "The emails Do Not match.<br />";
}
// create array of all variables that have to be filled in
$empty = array('First Name' => $_POST['firstname'], 
                      'Last Name' => $_POST['lastname'], 
                      'Password' => $_POST['password'], 
                      'Verify Password' => $_POST['verifypassword'],
                      'Zip Code' => $_POST['zipcode'], 
                      'Birth Date' => $_POST['birthdate'],
				  'nickname' => $_POST['nickname']);
foreach ($empty as $k=>$v) { // run them through to see if there empty
	if ($v == "") { // if they are register error messages
		$errorhandler .= $k . " was left blank, please correct this.<br />";
	}
}
validatedate($_POST['birthdate']); // run my validatedate() function to validate date
$emailtest = mysql_real_escape_string($_POST['email']);
$selecttest = "SELECT emailaddress FROM userinformation WHERE emailaddress = '$emailtest';";
$querytest = mysql_query($selecttest);
if ($rowtest = mysql_fetch_array($querytest)) {
	$errorhandler .= "The email already exists.  Please use a different email address.<br />";
}
errorhandler($errorhandler, 1);



if ($errorhandler == "") {
	$emailaddress = deepclean($_POST['email']);
	$password = deepclean($_POST['password']);
	$password = md5($password);
	$firstname = deepclean($_POST['firstname']);
	$lastname = deepclean($_POST['lastname']);
	$country = deepclean($_POST['country']);
	$stateorprovince = deepclean($_POST['stateorprovince']);
	$county = deepclean($_POST['county']);
	$zipcode = deepclean($_POST['zipcode']);
	$gender = deepclean($_POST['gender']);
	$birthdate = deepclean($_POST['birthdate']);
	$nickname = deepclean($_POST['nickname']);
	$validated = "Y";
	$insert = "INSERT INTO userinformation (emailaddress, password, firstname, lastname, country, stateorprovince, county, zipcode, gender, birthdate, nickname) VALUES ('$emailaddress', '$password', '$firstname', '$lastname', '$country', '$stateorprovince', '$county', '$zipcode', '$gender', '$birthdate', '$nickname');";
	if (mysql_query($insert)) {
		echo "Account created successfully.<br />";
		echo "You can create your profile now by using the following link, or later by<br />";
		echo "visiting it in the left navigation area when logged into your account.<br />";
		// adding to process chatroom registration
		$selecte = "SELECT id FROM userinformation WHERE emailaddress = '$emailaddress';";
		$querye = mysql_query($selecte);
		if ($row = mysql_fetch_array($querye)) {
		echo "<a href=\"#####?id={$row[id]}\" title=\"Create Profile\">
		Create Public Profile</a>";
		}
	}else {
		echo "Problem creating account, please try again later.<br />";
	}
	$show = "no";
}

}				
?>
<?php
// form starts here
if ($show != "no") {
?>
<span id="form">
<p>* = required field</p>
<form name="registration" id="registration" action="<?php $self; ?>" method="post">
<label for="email">Email Address:*</label>
<input name="email" id="email" type="text" maxlength="200" 
value="<?php echo $_POST['email']; ?>" /><br />
<label for="verifyemail">Verify Email:*</label>
<input name="verifyemail" id="verifyemail" type="text" maxlength="200" 
value="<?php echo $_POST['verifyemail']; ?>" /><br />
<label for="firstname">First Name:*</label>
<input name="firstname" id="firstname" type="text" maxlength="200" 
value="<?php echo $_POST['firstname']; ?>" /><br />
<label for="lastname">Last Name:*</label>
<input name="lastname" id="lastname" type="text" maxlength="200" 
value="<?php echo $_POST['lastname']; ?>" /><br />
<label for="password">Password:*</label>
<input name="password" id="password" type="password" maxlength="200" 
value="<?php echo $_POST['password']; ?>" /><br />
<label for="verifypassword">Verify Password:*</label>
<input name="verifypassword" id="verifypassword" type="password" maxlength="200" 
value="<?php echo $_POST['verifypassword']; ?>" /><br />
<label for="country">Country:</label>
<input name="country" id="country" type="text" maxlength="200" 
value="<?php echo $_POST['country']; ?>" /><br />
<label for="stateorprovince">State/Province:</label>
<input name="stateorprovince" id="stateorprovince" type="text" maxlength="200" 
value="<?php echo $_POST['stateorprovince']; ?>" /><br />
<label for="county">County:</label>
<input name="county" id="county" type="text" maxlength="200" 
value="<?php echo $_POST['country']; ?>" /><br />
<label for="zipcode">Zip Code:*</label>
<input name="zipcode" id="zipcode" type="text" maxlength="200" /><br />
<label for="gender">Gender:*</label>
<select name="gender" id="gender">
<option value="M">Male</option>
<option value="F">Female</option>
</select><br />
<label for="birthdate">Birth Date (mm/dd/yyyy):*</label>
<input name="birthdate" id="birthdate" type="text" maxlength="15" 
value="<?php echo $_POST['birthdate']; ?>" /><br />
<label for="nickname">Nick Name:*</label>
<input name="nickname" id="nickname" type="text" maxlength="200" /><br />
<label for="submit"></label>
<input name="submit" id="submit" type="submit" value="submit" />
</form>
</span>
<?php
}
// form ends here
?>
			</div>
			<div class="clear mozclear"></div>
		</div>
	</div>
	<div class="hide" id="nsFooterClear"><!-- for NS4's sake --></div>
	<?php 
	require_once($docroot . "/master/includes/footer.inc.php");
	?>
</div>
</div>
</body>
</html>

Ok, and here is the login area for the website.  This is what logs them into the website.

<?php require_once(".#####"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php require_once($docroot . "######"); ?>
<meta name="description" content="#####" />
<meta name="keywords" content="" />
<title>#####</title>
</head>
<body>
<div id="bodyWrap">
<div class="pageWrapper">
<div id="header">
	<div id="logo">
	<h1>Logo ™</h1>
	</div>
	<div id="heading">
		<div class="head"></div>
		<?php
		require_once($docroot . "#####");
		?>
	</div>
</div>
</div>
<div class="pageWrapper" id="main">
<div class="subTitleOuter">
	<div class="subTitleInner">
		<div class="right">
			<h2>Be In The Know</h2>
		</div>
		<div class="content">
			<h2>Featured</h2>
		</div>
		<div class="clear mozclear"></div>
	</div>
</div>
<div class="gap">		</div>
<div class="subBarOuter">
	<div class="subBarInner">
		<div class="right">
		<?php
		require_once($docroot . "#####");
		?>
				</div>
			<div class="content">
			<?php
			require_once($docroot . "/master/includes/featured.inc.php");
			?>
			<div class="clear mozclear"></div>
		</div>
	</div>
	<div class="gap">		</div>

	<div id="mainOuter">
		<div id="mainInner">
		<?php
		require_once($docroot . "/master/includes/leftstructurenav.inc.php");
		?>
			<div class="right">				</div>
			<div class="content">
				<div class="titleMain">
					<a href="/index.php">Home</a>
				</div>
<?php
if (isset($_POST['submit'])) {
$errorhandler = ""; // register handler variable
// create array of all variables that have to be filled in
$empty = array('Email Address' => $_POST['email'], 'Password' => $_POST['password']);
foreach ($empty as $k=>$v) { // run them through to see if there empty
	if ($v == "") { // if they are register error messages
		$errorhandler .= $k . " was left blank, please correct this.<br />";
	}
}
errorhandler($errorhandler, 1);
if ($errorhandler == "") {
$email = deepclean($_POST['email']);
$password = deepclean($_POST['password']);
$password = md5($_POST['password']);
$select = "SELECT * FROM userinformation WHERE emailaddress = '$email' AND password = '$password';";
$query = mysql_query($select);
if ($row = mysql_fetch_array($query)) {
	$_SESSION['userinfo']['emailaddress'] = $row['emailaddress'];
	$_SESSION['userinfo']['id'] = $row['id'];
	$_SESSION['userinfo']['gender'] = $row['gender'];
	$_SESSION['userinfo']['logged'] = "yes"		
	echo "You have been successfully logged in";
	$show = "no";
}else {
	echo "Incorrect Login";
}
}// end errorhandler eheck

}	// end submit check			
?>
<?php
// form starts here
if ($show != "no") {
?>
<span id="form">
<form name="login" id="login" action="<?php $self; ?>" method="post">
<label for="email">Email Address:</label>
<input name="email" id="email" type="text" maxlength="200" /><br />
<label for="password">Password:</label>
<input name="password" id="password" type="password" maxlength="200" /><br />
<input name="submit" id="submit" type="submit" value="submit" />
</form>
</span>
<?php
}
// form ends here
?>
			</div>
			<div class="clear mozclear"></div>
		</div>
	</div>
	<div class="hide" id="nsFooterClear"><!-- for NS4's sake --></div>
	<?php 
	require_once($docroot . "#####");
	?>
</div>
</div>
</body>
</html>

Ok that is my registration area, and login area.  However I don't think that's what it is.  I am not 100% what could be causing this.  My entire auth script for the chatroom.  They go to the chatroom to login, then when they login, it runs I guess the auth function which is

<?php
if($action == "login" && isset($username))
{
$q = mysql_query("SELECT id, emailaddress, is_admin, nickname FROM userinformation WHERE emailaddress = '".$username."' && password = '".md5($pw)."' && validated = 'Y'");
if(mysql_num_rows($q) < 1) echo "&loginStatus=FAILED";
else
{
	// Set login variables
	list($uid, $email, $is_admin, $nickname) = mysql_fetch_row($q);
	$_SESSION['TCHAT_IS_IN'] = true;
	$_SESSION['TCHAT_UID'] = $uid;
	$_SESSION['TCHAT_NICKNAME'] = $nickname;
	if($is_admin == "Y") $_SESSION['TCHAT_IS_ADMIN'] = true;
	else $_SESSION['TCHAT_IS_ADMIN'] = false;

	// Feed login info to flash
	echo "&loginStatus=SUCCESS";
	echo "&nickname=".$nickname;
	echo "&isAdmin=".$is_admin;
}
}
?>

I have all the chatroom file's backed up in case if I need to troubleshoot if it's something else.  I am not totally sure what's going on.  I disabled some of the functions.  For instance where they edit, update, add profile.  The admins abilities to delete, edit user information.  And some other stuff I disabled those functions and fed an error message to flash saying they are disabled.  I am doing all that from his actual website administration area.  Since he just wanted the chatroom there, he didn't want to have to work through it too.  I just don't understand where the information is getting broken.

 

Any advice at this point would be appreciated, because I am totally confused.?

 

Note: The username is the email address.  I was integrating it, and my client wanted there email address to be there login name for both the website, and the chatroom.  That part works properly it's just the nickname that is messing up it seems.

[pocobueno1388]

I have absolutely no experience with Flash, but since the information seems to be getting lost after the first page...maybe you are missing some sort of function like session_start() that will carry the sessions from page to page?

 

If everything in the database is correct I would highly doubt it is a problem with your register/login script.

 

Hopefully I am making a small amount of sense instead of making myself look like a totally clueless fool xP

[.josh]

so your name initially appears in the flash interface?

[Ninjakreborn]

Poco, don't worry about it you trying to help is enough.

 

Crayon - I don't understand it but yes.  it makes it to the first page.  They go to the chatroom and login and it come's up with the "welcome (nickname here)".  Then it seems to lose the data after that.  When they click on a chatroom, the chatroom loads but on the right hand side the username doesn't appear beside the icon.  Sometimes it doesn't appear, sometimes it registers it as a guest automatically.  Then whey they type something it doesn't show up on the screen it just shows

> message here

in the chatarea instead of

nickname> message here

I don't understand that part, then if they back out of the chat"room" specifically back to the main page that lists all teh chatroom's.  Then at that point it says "welcome (blank space)";

 

I checked all the file's I altered, I made sure config is at the top of each page.  In this system he uses the db to handle sessions, so I am sure that session start isn't needed.  He uses another table for sessions.

 

I just understand what is happening to the data, and why it's disappearing like that.

 

 

 

[Ninjakreborn]

Uh, it's not in my database under session.

 

I don't get it

<?php
function sessionWrite($key, $val)
{
$value = addslashes($val);
$chatInTime = $_SESSION['TCHAT_INTIME'];
if(empty($chatInTime)) $chatInTime = time();
$sql = "REPLACE INTO totalchat_users_sessions (sessionID, sessionData, sessionStart, sessionExpire, chatStart, chatExpire, username, userID, roomID) VALUES ('".$key."', '".$value."', '".$_SESSION['SESSION_START_TIME']."', UNIX_TIMESTAMP() + ".SITE_ONLINE_EXPIRE.", FROM_UNIXTIME('".$chatInTime."'), UNIX_TIMESTAMP() + ".CHAT_ONLINE_EXPIRE.", '".$_SESSION['TCHAT_NICKNAME']."', '".intval($_SESSION['TCHAT_UID'])."', '".intval($_SESSION['TCHAT_RID'])."')";
return mysql_query($sql) or die("ERROR: ".mysql_error()." -> ".__LINE__."<br />".$sql);
}
?>

I didn't touch that file.  It's suppose to write the username, as the nickname for the session, and the username is what is suppose to come up later. However it's not even writing the session properly for some reason.

[.josh]

so just out of curiosity, does your actionscript call the php script to get the username/message every cycle? By cycle, I mean every time the frames loop; I assume that this being a chatroom, in order for it to be "live" you have the actionscript looped, constantly getting the most current info from the db through php.

 

I'm just trying to narrow this down here and find out if php is at fault or actionscript is at fault.  Maybe you aren't properly handling the variables inside flash. 

[Ninjakreborn]

URL - www.######.com/chat/

Username - cv@phpfreaks.com

password - phpfreaks

That is the login for it.

 

I don't really know what happens.  What I can tell, is everytime the page loads it checks the session database, I would guess and does information based on that.  There is something now stopping the username/nickname from being passed into the session's table in the database.  So when that doesn't do it, then it ends up having it not show up later when the session is called, that is what I don't understand.  Everything else make's it into the session except that.

[.josh]

it says login failed

 

[Ninjakreborn]

Sorry, I fixed that try again.  I created it, but didn't click go in phpmyadmin.

[.josh]

okay it worked now.  I'm not seeing any problems with entering text in. The only thing I am seeing issues with is the name.  But I can't know if that's flash or php, without looking at the whole setup (like the .fla file for flash, etc..).

 

If you have gone down and made sure everything is being referenced right in flash, etc.. and also on the php side, then I'm afraid I'm out of suggestions.  All I can really do from here is if you give me access to the scripts and source files and maybe I can find something you missed or something... but I'm not going to do that, because then that would turn this into something you should be paying for...

 

I would suggest contacting the person who made the flash chatroom.  Technically speaking, you didn't mention this was a 3rd party script...

 

 

[Ninjakreborn]

Yes, it's a third party chatroom.  I was integrating it into the site.  I did contact the creator, he actually got it working for me, because itw as originally geared for Mysql 4, he wired it up for 5 instead so I could have it working.  He also gave me some feedback on integration.  Which was exactly what I did.  Ok, if you get any more feedback it's appreciated.  For the time being I will try cutting back throught he file's see if I Can find what's missing.

I tried digging up the fla file, I don't know much about flash, so I am not sure.  Each button in the flash file, just calls a function from the proper php pages.  I will check the fla file one more time.  Then I Can check the php pages one more time.  thanks for all the feedback so far, it helped me isolate the problem to realize it's something to do with the session's table not taking the data.  I can look into it better.

 

If anyone has anymore feedback as well it's appreciated.

Thanks so far for all the advice, and effort.

[Ninjakreborn]

Uh, I found it.

Inside functions.php about 950 lines into the programming I ran across this function.

 

<?php
function getNickName()
{
if($_SESSION['TCHAT_UID'] == 0) return "Guest_".getGuestID();
$q = mysql_query("SELECT nickname FROM userinformation WHERE id='".$_SESSION['TCHAT_UID']."'");
list($nick) = mysql_fetch_row($q);
return $nick;
}

?>

At this point I changed it, and it is retrieving the right one.  That was why it wasn't working.  Thank you so much for the people who were trying to help me, and helped me out by helping me narrow down the problem.  Thanks again for the advice.