First of all - my English is bad so I hope you'll understand my problem :)
I'm new to the concept of developing web application with flex and I need your advice on how to keep it secure and what will be the best way to do it.
I'm using red5 recorder (http://www.red5-recorder.com/) To enable users to record a short video about themselves. My application will save a single video, and only for registered users - The user can overwrite previews recorded video (If that exists).
My issue - I will pass a variable to the swf object in the html (generated with php), with encrypt value of the current logged-in user ID (stored in the session). The application use the ID to create the video file and associate it with the current user (video_10.flv, video_193.flv, ...).
It is a simple and basic validation but I don't know what are the possible risks. Are there any other ways to implement and verify the current logged-in user with flex like Ajax request to the server?
EDIT - problem solved. Thank you
I have found an answer to my problem with this code:
private function completeHandler(evt:Event):void {
var username:String = evt.target.data.username;
var email:String = evt.target.data.email;
trace ('username is ' + username);
trace ('email is ' + email);
}
var request:URLRequest = new URLRequest();
var data:URLVariables = new URLVariables();
var loader:URLLoader = new URLLoader();
request.url = "http://example.com/page.php";
request.method = URLRequestMethod.POST;
data.ACTION = "VIDEO"
request.data = data;
loader.dataFormat = URLLoaderDataFormat.VARIABLES;
loader.addEventListener(Event.COMPLETE, completeHandler);
loader.load(request);
Related
I'm trying to get the reply from the address specified in var url:String, which is either 0 or 1. If the reply is 1 then it must set currentState = CallFailed (as seen below). The client compiles without error (using Adobe Flash Builder 4.6) and seems to successfully reach var url:String, but doesn't seem to be getting the response\and or my if statement is incorrect.
Actionscript:
// check to see if block.php replies 0 or 1
var url:String = "https://domain.com/block.php?postid=" + calleeInput.text + "";
var request:URLRequest = new URLRequest(url);
var variables:URLVariables = new URLVariables();
request.data = variables;
request.method = URLRequestMethod.POST;
navigateToURL(request);
if (request.data == 1)
{
// if reply is 1 then cancel the call
currentState = CallFailed;
return;
}
PHP:
PHP will echo 0 or 1 when block.php is loaded. It's not encoded in any format such as JSON\AJAX.
It seems you want data from the server. Perhaps the URLLoader class would be better?
var url:String = "https://domain.com/block.php?postid=" + calleeInput.text + "";
var request:URLRequest = new URLRequest(url);
var variables:URLVariables = new URLVariables();
request.data = variables;
request.method = URLRequestMethod.POST;
var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.TEXT;
loader.addEventListener( Event.COMPLETE,
function( e:Event ) : void
{
// your response data will be here
// you'll have to verify the format
trace( e.target.data );
}
)
loader.load( request );
Put a breakpoint at the trace statement and check out the contents of e.target.data, and go from there
The purpose of navigateToURL() is to open the webbrowser, as stated in its documentation:
Opens or replaces a window in the application that contains the Flash Player container (usually a browser). In Adobe AIR, the function opens a URL in the default system web browser
In order to perform an request (without opening a browser, just the HTTP communication) you should use URLLoader.
The URLLoader class downloads data from a URL as text, binary data, or URL-encoded variables.
On a related note: your logic is not valid. The call to a server is asynchronous. You have to wait for the response to be returned before reasoning about the result.
The URLLoader class dispatches a number of Events that help you decide when the result of a request is returned or if there's a problem with it.
I'm creating a app in flash AS3, that make a snapshop from a movieClip (e.g. image) and send data to server (data is received with PHP). So, when app is executed on flash, the RAW data is sent to server and my file image is created. But, when i put flash Movie on HTML Source, and try execute on browser, the movie is loaded, but the action that is sending image to the server is not running.
Below is my code:
var jpgSource:BitmapData = new BitmapData( 600, 600 );
jpgSource.draw(image); // <--- PROBLEM!!!
// encode it to jpeg and convert it to byte array
var jpgEncoder:JPGEncoder = new JPGEncoder(85);
var jpgStream:ByteArray = jpgEncoder.encode(jpgSource);
var request:URLRequest = new URLRequest("./post-image?facebookID="+user.facebook.id);
request.requestHeaders.push(new URLRequestHeader("Content-type", "application/octet-stream"));
request.method = URLRequestMethod.POST;
request.data = jpgStream;
var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.TEXT;
loader.addEventListener(IOErrorEvent.IO_ERROR, function(e:IOErrorEvent){
trace(e.status);
ExternalInterface.call("console.log","Request Response Status: " + e.text);
//ExternalInterface.call("console.log",e);
}, false, 0, true);
loader.addEventListener(Event.COMPLETE, function(e:Event){
trace( new String(loader.data));
ExternalInterface.call("console.log",new String(loader.data));
}, false, 0, true);
loader.load(request);
Does anyone know what might be happening?
Thanks!
My guess is that flash (in the browser) is blocking the request due to security issues, especially if you are running that file locally. Try running it from the same server that is running the PHP and see if that helps. You could also go into the flash settings on your computer and add the swf folder as a trusted location. The flash IDE has different sandbox restrictions than flash in the browser. You also might try flashbug in firefox to see if you could display the error you are getting. Hope this helps.
How to get location from the URLLoader in AS3 or haxe?
What I have:
private function Auth():Void {
_url = "https://my_url.com";
request = new URLRequest(_url);
request.method = URLRequestMethod.POST;
var loader:URLLoader = new URLLoader();
loader.load(request);
loader.addEventListener(Event.COMPLETE, fAuthAnswer);
}
private function fAuthAnswer(e:Event):Void {
trace(e.target.data);
}
And when the event is complete, i see the HTML code of the loaded page.
But I need to get a loaded URL, because site is redirected me and add auth information in URL. And i need to get it.
Help, please :)
PS I use haxe, so in my way I can't use stagewebview.
PPS Sorry for my English.
Listen for flash.events.HTTPStatusEvent http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLLoader.html#event:httpResponseStatus.
It has a property responseURL.
The following code only reads files rather than writing to them. I'm using Flash Player not Air and the code must save the data to an external website so FileReference and FileStream won't work.
var Update:URLRequest = new URLRequest("http://freememegames.com/wp-content/uploads/highscore.txt");
var Score:URLVariables = new URLVariables();
var Load:URLLoader = new URLLoader();
Update.method = URLRequestMethod.POST;
Score.Name = "Jack";
Score.Value = "100";
Update.data = Score;
Load.load(Update);
Load.addEventListener(Event.COMPLETE, Complete);
function Complete(e:Event):void {
scores.text = String(e.target.data);
}
You're going to have to send this data to PHP, and then have PHP write it into your text file. Just so you know though, what you're trying to do is prone to hacking, and you'll want to introduce server-side security to thwart people manipulating scores.
while working with a server side script (php or aspx) which returns some data(from the database) can we call it in a sub-class or do we have to make the calls in the document class itself?
You can make it in either place, but I prefer it being in a sub class that specifically handles interation with web services, to better organize my code. URLRequest + URLLoader are the classes I use for such tasks.
Use this method below to load a php file in the same directory as the SWF files on your server:
var loader:URLLoader = new URLLoader();
var request:URLRequest = new URLRequest("test.php");
request.method = URLRequestMethod.GET;
loader.dataFormat = URLLoaderDataFormat.VARIABLES;
loader.addEventListener(Event.COMPLETE, completeHandler);
loader.load(request);
function completeHandler(evt:Event) {
instancename1.text = evt.target.data.symbol_1;// or trace()
instancename2.text = evt.target.data.symbol_2;
Below is a simple php Test script:
<?php
$returnVars['symbol_1'] = "item1";
$returnVars['symbol_2'] = "item2";
$returnString = http_build_query($returnVars);
echo $returnString;
?>