247270 Flash 8 Form Sign In PHP MySQL

FLASH 8 PROJECT WITH FORMS and MYSQL and PHP and ACTIONSCRIPT. VERY IMPORTANT - Project to be completed entirely in Flash 8 (NOT Flash 9 or CS3 - VERY IMPORTANT THAT WE'RE USING SAME VERSION AS YOU ARE) We have a flash file (Flash 8). We have some forms that need to communicate securely to a MySQL database via Flash/PHP. The first form is a REGISTRATION page where a user fills out information on themselves and the flash file puts it in a MySQL database via PHP. The next form is a SIGN IN page where they fill in email and password and they're signed into the flash file. On that sign in form there is also an option for LOST PASSWORD where they can enter an email address and the system mails them their password if their email address is in the database. Also, they have a PROFILE page where, when they go to it, they're information is filled in from the MySQL file and they're able to change their information (they can change address, phone, etc but CANNOT change their e-mail address). PREFERENCE WILL BE GIVEN TO THE FOLLOWING: People with extensive experience using Flash 8 with PHP and MySQL. People who have a very good understanding of Actionscript in Flash 8. People who have used XML for external content in Flash 8 and are good with loading external content (text information, images, etc.) into Flash files (this last point isn't needed on this project but will be needed for Phase TWO of this project). If we're happy with the work you do on this first part, we'll use you for the next 3 projects. REGISTRATION FORM Unless otherwise specified, the following are set from input text objects that the user fills in. userFirstName userLastName userEmail userPassword userPhone userFax userAddress userCity userState userCountry userZip userSendNotices (true or false from Flash Checkbox) userFuturePromos (true or false from Flash Checkbox) userUserName userConfirmed (set to false - set to true if we confirm e-mail address in future) userState (set to 1 for now) * Note: Our flash form may not display certain information but we'd like the flash file to fill it in for us. For example, let's say we know everyone is from United states. We may erase "country" on the form itself but, using actionscript, set userCountry = "united States". This information is automatically set by the PHP file (not within the flash file) * We want to track information when they create their new profile userCreationDate userCreationTime userCreationIP * We want to track information when they login to our system userLastLoginDate userLastLoginTime userLastLoginIP userLoginCount (we increment this every time they login) * We want to track some info when they modify their profile. userLastModifyDate (the last modify date of last modification) userLastModifyTime (time of their last modi userLastModifyIP (the IP address of their last modification) userModifyCount (we increment this every time they update their profile) * Other information to track userLostPasswordCount (how many times they lost their password) SECURITY ISSUES Security is a concern on this project. We don't want people logging into other people's accounts and accessing things they shouldn't. Some concerns are as follows: SQL INJECTIONS - We need the input cleaned so people can't do SQL injections. This should be an area in which you are well versed. Here's an article on what I mean: [login to view URL] SESSION MANAGEMENT - Session should be managed on the PHP side. We want as little information as possible in the Flash file itself. The actual database name, username for database and password will NOT be stored in the flash file. It will be managed by the PHP file / INI securely. Flash files are too easy to decompile and we can't have any sensitive information on the flash side. The flash file looks to the PHP file to see whether the session is valid, expired,etc and the flash file will automatically go to the logout screen if someone is in the secure area in the flash file but the PHP doesn't see the session is valid. See next point... JUMPING AHEAD IN FLASH FILE - in some forms on a flash movie, they use the Stop() function while waiting for input. People are able to right click on the movie in their browser and hit the PLAY button. Then they're bounced forward into a secure area. We need to make sure people CANNOT do this.