Jump to content

I need help setting up php website


Ahmedhm007

Recommended Posts

Hi good guy!

i'm facing some problems setting up pre-made website! i really need it for buisness use so far.

the problem is i don't have that much of knewledge of php and mysql ect ! i'm using 000webhost and when  i put the files together and link the website to mysql i always gets errors at login page when i'm sure there's just a very tiny problem can be fixed by you very quiq ! anyone can help me please ? just 10min of your time and i'll appericiate it! 

 

anyways here's the problem i gets on login..

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in /storage/ssd1/425/3721425/public_html/login.php on line 22

i just attached the login and config files ! if you can just fix it by taking a look at these files let me know! if no please tell me that we can message each others.

BIIIIIIIIIIIIG THANKS

login.php

config.php

Link to comment
Share on other sites

thanks! i tried to fix it , the problem was because the mysql table and structures names different  ! but i almost fixed everything and now having error password or username wrong when it's not ! here's my login.php code and mysql query datas

 

https://image.ibb.co/kbbZv6/2017_11_24_102202.png

<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
include_once('module/config.php');
if(isset($_SESSION['id'])){
    header("location: index.php");
}
if(isset($_POST['login'])){
    $identification = $_POST['username'];
    $identification = mysqli_real_escape_string($link, $identification);
    $password = $_POST['password'];
    $password = mysqli_real_escape_string($link, $password);

    if($identification == "" || $password == "")
        {
            echo "Error Username / Password Wrong !";
        }else {

            $sql ="SELECT * FROM usrr WHERE usrname='$identification' LIMIT 1";
            $query = mysqli_query($link, $sql);
if (!$query ) { die(mysqli_error($link)); }
            $row = mysqli_fetch_array($query);
            $id= $row['uid'];
            $db_pss =$row['usrpass'];
            if (password_verify($password, $db_pss)){
                $_SESSION['id'] = $id;
                $_SESSION['name'] = $row['name'];
                header("location: index.php");

            }else{
                echo "Error Username / Password Wrong !";
            }

        }
}


?>


<form method="post">
<label>username : </label>
<input type="text" name="username"><br/>
<label>password : </label>
<input type="password" name="password"><br/>
<input type="submit" name="login" value="login">

</form>
Link to comment
Share on other sites

1. mysqli_real_escape_string() is only for when you are going to put a value into a query. The password is not going into a query. Therefore do not use mysqli_real_escape_string() with the password.

2. What is the code you used to store the usrpass value? Did you use password_hash() properly with it?

3. Doing a redirect with header() will not stop your script. It will keep on running quite happily. If you don't want that (and you don't) then exit; right after.

Link to comment
Share on other sites

i'm sorry for beign such a dumb but  i said i'm using premade website and i don't quite have that much of knewledge on php ect.. and means i'm not the builder and i don't who did build it 
but you can tell me which file i can copy the code from and post it here so you can check what's wrong and i'll be very thankfull !!

 

Here's main directory files  : 

 

JcOnTRK.png

 

Here's Module folder files : 

 

91UXBv7.png

Link to comment
Share on other sites

Okay, well, that's not going to work. The code requires the passwords be stored in a safe and secure format, but you won't be able to do that yourself.

 

What changes did you make to this "pre-made website" stuff? Because if you received as-is then you bought only part of a website.

 

Unless there are important files in that "plnadmm" directory you've forgotten about. Like something that lets you add users.

Link to comment
Share on other sites

yes there's an admin cpanel i just find out ! but even when i use it to add users it won't login ..

i believe the website is complete cuz i've seen ppls using it using the same files..

is there a way i can change login and users codes or the website is useless if i don't find out what the hell is wrong with this user login problem ?

Link to comment
Share on other sites

i just checked out the website without user login, i removed this codes from the index to check if the website is broken or something

if (!isset($_SESSION['id'])){
    header("location: login.php");
}

but it's not all the pages works but still lack of user databse login then everything will be allright! anything you can help me with ?

i'm really thankfull that you stand up replying to my stupid posts when no one did on other website .. thanks you very much

Link to comment
Share on other sites

This is the codes releated to password from create_user.php file  : 

<div class="form-group">
<label for="password" class="cols-sm-2 control-label">Password</label>
<div class="cols-sm-10">
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-lock fa-lg" aria-hidden="true"></i></span>
<input type="text" class="form-control" name="password" id="password"  placeholder="Enter your Password"/>
</div>

and maybe this releated too : 

session_start();
include('../connection.php');
$connection = new createConnection(); 			//created a new object
$connection_ref = $connection->connectToDatabase();
// $connection->selectDatabase();				//selecting db

$fullname = $_POST['name'];
$username = $_POST['username'];
$password = $_POST['password'];
$solde = $_POST['Solde'];


$izzr = 0;
$tmp = mt_rand(1,9);
do {
    $tmp .= mt_rand(0, 9);
} while(++$izzr < 6);






$str="INSERT INTO usrr VALUES('$tmp','$username','$password','$fullname', '$solde')";




$re_result = mysqli_query ($connection_ref, $str); //run the query


//echo "inserted successfully";

echo "<script>
		var r = confirm('ADDED NEW ENTRY SUCCESSFULLY!Do You Want To Add One More?');
    		if (r == true) 
		{
			window.location.assign('adduser.php');    
		} 
		else 
		{
        		window.location.assign('../edit/users.php');
	    	}
	</script>";
?>

Link to comment
Share on other sites

Okay well that's completely and utterly wrong and explains why logins don't work. It also speaks volumes to the author of the code, and not in a good way.

 

Know that you've paid money for bad quality and insecure code. Personally I recommend you write it off as a lesson learned and find something else. I hope it wasn't too expensive.

 

If not then you can put a bandaid on this gaping wound of an application by changing

$password = password_hash($_POST['password'], PASSWORD_DEFAULT);

All the existing user passwords won't work so either you delete them all and start over or do write some code to fix what's been stored, which is (un)fortunately possible. There is a lot more work that probably needs to be done, though, however this is a paid application so we can't just go through and fix things for you. In fact I should take down those attachments...

Link to comment
Share on other sites

I wonder what the $tmp is for ?

I think it might be a user ID. : 

 

Wouldn't he need to make changes to the code that takes care of the login as well once he uses the password_hash() ?

That's the weird thing: the code for the login is apparently already using password_verify...
Link to comment
Share on other sites

That's a reasonable demonstration for how passwords should be generated, however it should not create its own salts. So

$options = [
    'cost' => 11
];

echo password_hash("pln123", PASSWORD_BCRYPT, $options);
Try incorporating that into the user registration bit.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.