phpdash Posted November 6, 2014 Share Posted November 6, 2014 Hello. The first page works, but when form actioning to the next i just get a white screen. This is the white screen page: <?phpsession_start();include 'details.php';$username = $_POST['username'];$password = $_POST['password'];$pwswdrd = md5($password);if(!empty($_POST['username'])){ $query = mysqli_query($con, "SELECT * FROM users where name = '$username' AND pass = '$pwswdrd'") or die(mysqli_connect_error()); $row = mysqli_fetch_array($query);if(!empty($row['name']) AND !empty($row['pass'])) {$_SESSION['username'] = $row['username'];$_SESSION['id'] = $row['id']; header('Location: index.php'); } } else { echo "You failed to log in."; }?> - details.php <?php$one=mysqli_connect('.......webhost.com','aee','aaa') or die("Failed to connect to MySQL: " . mysqli_error() );$db=mysqli_select_db($one,'aee') or die("Failed to connect to MySQL: " . mysqli_error() );?> -- What can possibly be wrong?! Link to comment https://forums.phpfreaks.com/topic/292326-white-screen/ Share on other sites More sharing options...
Barand Posted November 6, 2014 Share Posted November 6, 2014 Maybe $one=mysqli_connect('...... $query = mysqli_query($con, "SELECT * ..... Turn on error reporting. Link to comment https://forums.phpfreaks.com/topic/292326-white-screen/#findComment-1495953 Share on other sites More sharing options...
phpdash Posted November 6, 2014 Author Share Posted November 6, 2014 Maybe $one=mysqli_connect('...... $query = mysqli_query($con, "SELECT * ..... Turn on error reporting. Fixed but I still get a blank page Link to comment https://forums.phpfreaks.com/topic/292326-white-screen/#findComment-1495954 Share on other sites More sharing options...
Barand Posted November 6, 2014 Share Posted November 6, 2014 Turn on error reporting. Link to comment https://forums.phpfreaks.com/topic/292326-white-screen/#findComment-1495958 Share on other sites More sharing options...
phpdash Posted November 6, 2014 Author Share Posted November 6, 2014 I added error_reporting(E_ALL);ini_set("display_errors", 1); the page is still blank Link to comment https://forums.phpfreaks.com/topic/292326-white-screen/#findComment-1495961 Share on other sites More sharing options...
phpdash Posted November 6, 2014 Author Share Posted November 6, 2014 I found the problem - the table with users is gone. That explains the blank page. Is there any way I can check if someone has done an SQL injection? I can't remember dropping it. Link to comment https://forums.phpfreaks.com/topic/292326-white-screen/#findComment-1495962 Share on other sites More sharing options...
Jacques1 Posted November 6, 2014 Share Posted November 6, 2014 I wouldn't be surprised if you've been attacked in all kinds of ways. You have no security whatsoever. That small code snippet alone already contains two SQL injection vulnerabilities, a completely broken hash algorithm, a completely broken session logic and finally disclosure of database internals through error messages. No, it's not a good idea to just restore the tables whenever some script kiddie has dropped them. The next attacker may actually know what he's doing and take over your entire server. So you need to learn how to write proper PHP code and then fix the vulnerabilities. Link to comment https://forums.phpfreaks.com/topic/292326-white-screen/#findComment-1495965 Share on other sites More sharing options...
arbitrageur Posted November 8, 2014 Share Posted November 8, 2014 Look at this: http://stackoverflow.com/questions/1475297/phps-white-screen-of-death Link to comment https://forums.phpfreaks.com/topic/292326-white-screen/#findComment-1496073 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.