Archive for the ‘Actionscript 3’ Category

11
Mar

AS3 – AMFPHP – Secure Flash/MySQL Database Calls

   Posted by: Haelix Tags: , , , , ,

I decided to split the original blog post into two separate posts as “Secure” Flash/MySQL DB calls is fairly short, and it was scattered about in a post more on how to set up a High Score DB with AMFPHP.

So this will be a couple of very specific tips and things to set up when adding any sort of user-entered data from flash ( or PHP! ) to touch your database. You know the rule… never trust any data. Always make sure you strictly data type variables and typecast user-entered variables.

First up, as the user enters data into Flash, via an input TextField, use the .restrict setter to restrict characters entered to only characters that you need.  This is the first layer of protection against SQL injection attacks , and just follows the same sort of common sense “best practices” type of coding as datatyping variables.


nameInputTxt.restrict = "A-Z a-z 0-9";

This will restrict the characters allowed in this textField to only alpha-numeric, capitals and lower case. This excludes potential Injection-prone characters like the single apostrophe ” ‘ ” and semi-colon ” ; ” keys.

After that data gets entered, we’re going to send those variables thru AMFPHP into our PHP Class.  In the case of our High Scores Database example, we’re sending both the nameInputTxt data, as well as an integer based score value which gets handled by the following PHP code:


function addScore( $pName , $pScore )
{

$created = date( "Y-m-d H:i:s");
$cleanName = mysql_real_escape_string( $pName );
$cleanScore = intval( $pScore );

return mysql_query( "INSERT INTO $this->table SET `name` = '{$cleanName}' , `score` = $cleanScore , `created` = '{$created}' ");

}

You’ll see the $cleanName and $cleanScore variables a couple of lines into the function. For String type user-entered data, always run it through PHP’s mysql_real_escape_string() function. If somehow a single apostrophe made it this far, PHP will automatically “escape” the apostrophe adding a back-slash before: \’ instead of a dangerous ‘

As far as $pScore goes, we’ll send it thru PHP’s intval() function which will truncate any decimal portions as well as attempt to return an integer value for any data it comes across. This means if something crazy happened and malicious String code made it this far, if intval() could not find the proper integer to represent the data, it will return 0. And submitting a zero, even though it might be wrong, is infinitely better than having DROP TABLE code injected into the call.

That’s it

For More info on securing the actual AMFPHP install and files, check out Lee Brimlow’s Flash Blog post, AMFPHP Security Basics

No Comments
9
Mar

FishEyeMenu Class Update… v1.1

   Posted by: Haelix Tags: , ,

Thanks to a comment posted by doggy, I’ve updated the FishEyeMenu class to listen for MouseDown events and keep track of selected items.  

New Functions:

  • public function get selected():*
  • public function get lastSelected():* 
  • public function set selected( clickedItemEvent:MouseEvent ):void  
New Event Type
  • FishEyeMenu.SELECTED_CHANGED – Triggered upon a change in selected menu item
Once you’ve pushed an item into the FishEyeMenu object, it keeps track of it’s own MouseDown events on the items in it’s array.  When a user clicks on a menu item, it sets the _lastSelected property to whatever Was selected, and sets the _currentSelected property to whatever menu item was clicked.  

You can now add an event listener for SELECTED_CHANGED which will dispatch upon MouseDown on a menu item.

Please note, the getters for selected and lastSelected are going to return the actual Object that you pushed to the menu.  So it will return a reference to the actual TextField or MovieClip or Sprite or whatever you’re using in the menu.  If you check the Example FLA, you’ll see this code as an example

// in the main function
fishEyeMenu.addEventListener( FishEyeMenu.SELECTED_CHANGED , changedHandler );
 
//later in the code:
/**
* Simple test of usage, fishEyeMenu.selected returns the object selected
* so it's just like calling the actual object that was clicked last and
* you can set whatever properties that object has.
* If this were a MovieClip, you could use fishEyeMenu.selected.gotoAndStop()
***/
private function changedHandler( e:* )
{
trace( "Selected Item Changed to : " + fishEyeMenu.selected.name );
trace( "Selected Item Changed to : " + fishEyeMenu.lastSelected.name );

fishEyeMenu.selected.x +=20;

}

In the simple example, calling fishEyeMenu.selected.x += 20; just moves the object you clicked over 20 pixels to the right (+20). But you could also use fishEyeMenu.selected.gotoAndStop( “Selected” ); if you had pushed several Movie Clips into FishEyeMenu… and they had a frame with framelabel “Selected”.  Post comments if you’d like… it only helps make things better.

 

Download FishEyeMenu v1.1 from GoogleCode

View Updated Documentation

4 Comments
2
Mar

Preloader to Game Transition with Stop Propagation

   Posted by: Haelix Tags: , , ,

This will be a quick post on some gotcha’s to keep an eye out for when loading your ActionScript 3 game swf from a preloader swf. Nothing revolutionary here, back in mid-December, I had posted a blog on ActionScript 3′s Event Handling and the stopPropagation method and just the other day working on the code for a new game project, I ran into a situation where I should’ve used the method, didn’t, and ran into some issues.

Note: If you’re here looking for code on how to write a flash preloader, Lee Brimlow’s video tutorial on Preloading in AS3 gives a beautiful example. When I was originally learning how to code a preloader, that tutorial, and a couple of other tutorials around the net that escape my memory at the moment, were absolutely perfect.

Read the rest of this entry »

No Comments
6
Feb

AS3 FishEye Menu Downloadable Class + TweenLite Example

   Posted by: Haelix Tags: , ,

I made the mistake of looking over some of my past blogs.  My god the code I unleashed from this FishEye Menu Example post, how sloppy was that??!  Ah.. late nite coding.. gotta love it.  

At the end of Jan, code hero Jack @ GreenSock released a hot new version of his TweenMax/Lite Tweening masterpiece.  Employing a new ‘plugin’ system for some of the options, it has made things smaller, faster, and more efficient than before.  It’s pretty slick and you should check it out.

So, in honor of his update (more to keep up with said update) I created a FishEye Menu Reusable Class that can be downloaded here @ Google Code.  Keep in mind this is rather in its rough draft “beta” stage… as in, if it breaks your code and formats your harddrive and causes a separation with your significant other… well… thats “beta testing” for you!  It’s pretty solid from the testing I’ve done, but I’m interested in getting feedback and definitely in hearing of any errors you might receive.  

Thats the most exciting thing about releasing code for me; finding out all the ways someone is trying to use my code that I didn’t pre-plan for.  So with that in mind, download the new FishEye Menu class, play around with it, and let me know how it works for you.  There is a second file there with the FLA and a Main class file that calls the FishEyeMenu class.  

I’ve also got another AS3 pair of Classes that I’ll be posting soon… a Waypoint & WaypointList Class for use in AS3 game development.  Should be interesting.  

Check out the Wiki for info on How to use the FishEyeMenu Class.

3 Comments
28
Jan

AS3 Dictionary Class vs. Array vs. Object!

   Posted by: Haelix Tags: , ,

It’s some sort of crazy nerdtastic Data Structure Deathmatch!

The Adobe Actionscript 3 Dictionary Class Vs Object Vs Array!  Man it’s awesome to have a language to work in, just like a great RPG where everyone’s got their strengths and weaknesses and it all works together to make awesome flashlove all over the web.

“What is a Dictionary Class and Why Should I read this post?”

Here’s the results from my testing right up front and I feel like it’s a good rough estimate of where each excells.

Read the rest of this entry »

2 Comments
Back to top
Previous EntriesNext Entries