phpdash Posted November 6, 2014 Share Posted November 6, 2014 Hello. The first page works, but when form actioning to the next i just get a white screen. This is the white screen page: <?phpsession_start();include 'details.php';$username = $_POST['username'];$password = $_POST['password'];$pwswdrd = md5($password);if(!empty($_POST['username'])){ $query = mysqli_query($con, "SELECT * FROM users where name = '$username' AND pass = '$pwswdrd'") or die(mysqli_connect_error()); $row = mysqli_fetch_array($query);if(!empty($row['name']) AND !empty($row['pass'])) {$_SESSION['username'] = $row['username'];$_SESSION['id'] = $row['id']; header('Location: index.php'); } } else { echo "You failed to log in."; }?> - details.php <?php$one=mysqli_connect('.......webhost.com','aee','aaa') or die("Failed to connect to MySQL: " . mysqli_error() );$db=mysqli_select_db($one,'aee') or die("Failed to connect to MySQL: " . mysqli_error() );?> -- What can possibly be wrong?! Quote Link to comment Share on other sites More sharing options...
Barand Posted November 6, 2014 Share Posted November 6, 2014 Maybe $one=mysqli_connect('...... $query = mysqli_query($con, "SELECT * ..... Turn on error reporting. Quote Link to comment Share on other sites More sharing options...
phpdash Posted November 6, 2014 Author Share Posted November 6, 2014 Maybe $one=mysqli_connect('...... $query = mysqli_query($con, "SELECT * ..... Turn on error reporting. Fixed but I still get a blank page Quote Link to comment Share on other sites More sharing options...
Barand Posted November 6, 2014 Share Posted November 6, 2014 Turn on error reporting. Quote Link to comment Share on other sites More sharing options...
phpdash Posted November 6, 2014 Author Share Posted November 6, 2014 I added error_reporting(E_ALL);ini_set("display_errors", 1); the page is still blank Quote Link to comment Share on other sites More sharing options...
phpdash Posted November 6, 2014 Author Share Posted November 6, 2014 I found the problem - the table with users is gone. That explains the blank page. Is there any way I can check if someone has done an SQL injection? I can't remember dropping it. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted November 6, 2014 Share Posted November 6, 2014 I wouldn't be surprised if you've been attacked in all kinds of ways. You have no security whatsoever. That small code snippet alone already contains two SQL injection vulnerabilities, a completely broken hash algorithm, a completely broken session logic and finally disclosure of database internals through error messages. No, it's not a good idea to just restore the tables whenever some script kiddie has dropped them. The next attacker may actually know what he's doing and take over your entire server. So you need to learn how to write proper PHP code and then fix the vulnerabilities. Quote Link to comment Share on other sites More sharing options...
arbitrageur Posted November 8, 2014 Share Posted November 8, 2014 Look at this: http://stackoverflow.com/questions/1475297/phps-white-screen-of-death Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.