Digital Workshop

The following PHP script should give you some idea as to how to create a log-in interface in Opus:



If the username and password are correct, a name-value pair of "success" and "1" is transmitted via the echo function.

If the username and password do not match, the name "success" and value "0" are transmitted.

You would therefore need to use the ''Destination' tab of the existing Post Web Data action to retrieve this name-value pair and store it to a variable. You can then use an If statement to trigger different actions depending on the value of the target variable, such as showing an 'Invalid Login' message or displaying the next page if the login was successful.

can you post any example for this script?
i've some problem to generate the login func

Thnaks

I don't understand the logic in this.

This example seems to connect to the database using:
$connect = mysql_connect($DBhost,$DBuser,$DBpass)

with the $DBuser and $DBpass already defined as before.

It then goes on to check that the 'user' and 'pass' parameters input into the opus login page are the same as some written within the database?

Surely there is no need to write a username and password into the database? and hardly secure because you've already connected to the database?

Why not just input the 'user' and 'pass' parameters into the opus login page, but then use them to try and connect to the database, i.e. set $DBuser and $DBpass to 'user' and 'pass' somehow?

I'm very new at this, so maybe I'm missing something here.

Any help appreciated.

/Mark

YES THERE REALLY IS!!

Imagine a bank vault full of safety despotit boxes - you need a key (user name & password) for the vault and INDIVIDUAL keys (user names & passwords) for the boxes.

If the keys for both systems were the same it would be a bad day at the 'help yourself bank'

Mack

Thanks for the reply.

OK, I think I am getting a little closer to understanding this. There is a password for:
- the data base (the 'bank')
- each table in the database (each 'deposit box' in the bank)

Correct?

With regards to the database username and password:
I have found conflicting advice on whether the database username and password should be written directly into the php file in the website root directory.

One recommendation was to use the INCLUDE function to copy them in from another php file in another directory.

Another recommendation was not to worry about the database username and password in the php file, as they cannot be easily accessed.

I would have thought that a better option would have been to have the database username and password stored in the Opus publication, then pass this information through to the php file which it then uses to connect to the database....but maybe this is not possible?
If possible, this would mean that the database username and password would not be stored in any php file. It would be stored in the Opus publication (swf) file insead which I assume is more secure?

/Mark

I've never tested the security of it in that much detail but here are a few thoughts.

1. If the username / password are in the SWF file, then they must be passed to the database over the internet connection. I assume that if this is unencrypted (not https) then you could read them.

2. I don't think SWF files are encrypted and thus it might be possible to extract such information.

3. No you shouldn't be able to see the contents of a PHP after all its a server side language not client BUT I recommend to our clients that they use include for a file outside of root. It's simple and adds an extra layer IMHO.

Mack