[FONT=‘Times New Roman’]I have scanned the net for the best way to provide a login protection for the site I am working on. One that enables those with the relevant username and password to access a page that holds protected content.
The method I have put in place is inherently coded in flash and utilises a separate text file to hold the username and password information. I realise this isn’t the most secure and using mySQL with PHP would provide a less vulnerable option, but my client is only using the private area to share relatively harmless information as a bonus to regular clients, so there is no great need for it to be overly protected. And I also need my client to be able to update their username and password information whenever they see fit, so a txt file is ideal.
The method below all works swimmingly telling the user if they have the wrong info, and logs them in nicely when the correct details have been typed in. But I discovered a major flaw in it recently that has me baffled.
If you type in any random text into both the username and password input boxes, then delete it all, you can then click the login button and heh presto you’re in. Not very good at all.
You can see this in action as the site is up and running at www.safetybusiness.co.uk
Go to the VIP page.
There are two input text boxes with the variables ‘loginname’ and ‘loginpass’ and a dynamic text box called ‘status’
Here is the code i have given the login button:
on (release, keyPress “<Enter>”) {
if (loginname != undefined and loginpass != undefined) {
if (eval(loginname) eq loginpass) {
loginname = “”;
loginpass = “”;
gotoAndStop(132);
} else {
status = “login details incorrect”;
}
}
}[/FONT]
[FONT=‘Times New Roman’][/FONT]
[FONT=‘Times New Roman’]Any ideas would be greatly appreciated…or a suggestion for an alternative successful method would also be most welcome.[/FONT]
