Ik (wij) zitten met een probleem. Wij hebben met spoed een Reparatie systeem nodig om Reparaties te noteren voor onze klanten.
Ik heb een php repair systeem gedownload online (GitHub).
Alles is compleet. De MySQL databases zijn opgemaakt en alles is naar mijn webhosting geupload.
Echter, wanneer alles recht staat probeer ik in te loggen. [ admin/admin ] staat in de database. Maar wanneer ik inlog heeft hij een fout:
login.php?err_failedauth
Inlog Pagina
Wat heb ik zelf al geprobeerd?
- Andere webhosting [ ik meen xamp, doen kon ik wel inloggen en voerde hij de querys niet uit ] Wat moet er goed staan wil dit goed werken.
- Aanpassingen gemaakt op de login.php
- Radeloos.
<?php
if($_SERVER["HTTPS"] != "on") {
$pageURL = "www.seth0.net/alkmaar";
if ($_SERVER["SERVER_PORT"] != "80") {
$pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
}
header($pageURL);
}
// Load includes
require ('dbconnect.php');
require ('globals.php');
require ('querys.php');
$sql = new mysql();
$querys = new querys($sql);
$global = new globals($sql, $querys);
// Store HTML Login form as a variable
$loginform='
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title> '.$PRODUCT_HEADER.' : Login</title>
<link href="files/css/bootstrap.min.css" rel="stylesheet">
<link href="files/css/login.css" rel="stylesheet">
<link href="files/css/font-awesome.min.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="files/js/html5shiv.js"></script>
<script src="files/js/respond.min.js"></script>
<![endif]-->
</head>
<body>';
// Here we will handle some different login errors
if(isset($_GET['err_disabled'])) {
$loginform .=' <div class="alert alert-danger text-center"><strong>Account Disabled.</strong> You may have used the wrong password too many times.</div>';
} elseif(isset($_GET['err_failedauth'])) {
$loginform .=' <div class="alert alert-danger text-center"><strong>Oops!</strong> Login failed, please try again.</div>';
} elseif(isset($_GET['err_session'])) {
$loginform .=' <div class="alert alert-danger text-center"><strong>Invalid or non-existent session.</strong> Please login.</div>';
} elseif(isset($_GET['logout'])) {
$loginform .=' <div class="alert alert-success text-center"><strong>Success!</strong> You have logged out. Please login to continue working.</div>';
} else {
$loginform .=' <div class="well text-center">This is a secure area, your IP Address <strong>' . $global->getIP() . '</strong> has been logged. No unauthorized access permitted.</div>';
}
// Continue with the login form
$loginform .=' <div class="container">
<form class="form-signin" role="form" method="post" action="login.php">
<h1 class="form-signin-heading"><img src="files/logo.png" alt="Instrument Repair Portal"></h1>
<div class="form-group input-group">
<span class="input-group-addon"><i class="fa fa-user"></i></span>
<input type="text" id="username" name="username" class="form-control" placeholder="Username" required autofocus>
</div>
<div class="form-group input-group">
<span class="input-group-addon"><i class="fa fa-lock"></i></span>
<input type="password" id="password" name="password" class="form-control" placeholder="Password" required>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
</form>
<div class="footer text-center">'.$PRODUCT_FOOTER.'</div>
</div>
</body>
</html>
';
// Get the time in a nice format for later
$now = date("d-m-Y H:i:s");
// Proceed with authentication if we recieved form data
if ((isset($_POST['username']) && isset($_POST['password']))) {
// Get password from database and encrypt the password we recieved from POST
$getpass = $sql->runQuery($querys->getPassword($username));
$dbpass = $getpass['password'];
$encpass = $global->rebuildEncryption($password, $dbpass);
// Authenticate
$numrows = $sql->runNumRowsQuery($querys->getUserDetails($username, $encpass));
$dbUserDetails = $sql->runQuery($querys->getUserDetails($username, $encpass));
// Check to see if login was successful
if ($numrows != 0) {
// Proceed if the account is not disabled
if ($dbUserDetails['userlevel'] != 0) {
// Initialize session
session_start();
$_SESSION['id'] = session_id();
$_SESSION['userAgent'] = $global->SessEncrypt($_SERVER['HTTP_USER_AGENT']);
$_SESSION['userlevel'] = $dbUserDetails['userlevel'];
$_SESSION['userid'] = $dbUserDetails['uid'];
// Write session information to database
$updateUserSession = $sql->updateQuery($querys->updateUserSession($_SESSION['userid'], $_SESSION['id']));
$updateUserAgent = $sql->updateQuery($querys->updateUserAgent($_SESSION['userid'], $_SESSION['userAgent']));
// Log the successful login to auth table
$sql->insertQuery($querys->insertAuthlog($dbUserDetails['uid'], 1, $global->getIP(), $now));
// Update IP and timestamp against user account
$sql->updateQuery($querys->updateUserLastlog($dbUserDetails['uid'], $global->getIP(), $now));
// Send to joblist.php
header("Location: joblist.php");
} else {
// If the account is disabled
// Send them back to login page with disabled message
header("Location: login.php?err_disabled");
}
} else {
// If authentication failed
// Make sure any existing session is destroyed
session_start();
session_unset();
session_destroy();
// Log the failure
$sql->insertQuery($querys->insertAuthlog($dbUserDetails['uid'], 0, $global->getIP(), $now));
// Send them back to login page with failed message
header("Location: login.php?err_failedauth");
}
} else {
// Make sure any existing session is destroyed
session_start();
session_unset();
session_destroy();
// Send them to login as we didn't recieve POST data
echo $loginform;
}
?>Nu ben ik helaas geen PHP Expert en kan ik alleen php voor alsnog een beetje lezen.
Bijbehoorde bestanden in de login.php die geinclude worden:
Globals.php
<?php
/*
*
* Instrument Repair Portal - A simple repair management system
* Developed by Chris Elliott --
* Filename: globals.php
*
*/
// Product Details
$PRODUCT_HEADER = "Repair Portal - ";
$PRODUCT_FOOTER = "Repair Portal - ";
$PRODUCT_VERSION = "Version 1.0";
// JQuery toastmessage OK alert
function alertOK($message) {
echo "
<script type=\"text/javascript\">
$().toastmessage('showSuccessToast', \"$message\");
</script>
";
}
// JQuery toastmessage Error alert
function alertERR($message) {
echo "
<script type=\"text/javascript\">
$().toastmessage('showErrorToast', \"$message\");
</script>
";
}
// JQuery toastmessage Warning alert
function alertWARN($message) {
echo "
<script type=\"text/javascript\">
$().toastmessage('showWarningToast', \"$message\");
</script>
";
}
// Start the global class
class globals {
private $sql;
private $querys;
// Start the SQL query construct
function __construct($sql, $q) {
$this->sql = $sql;
$this->querys = $q;
}
// Populates dropdown menus based on database values
function dropDownValues($ddvalues, $selected, $selectname) {
$countArray = array_map("count", $ddvalues);
$totalCount = array_sum($countArray);
$num = $totalCount / 2;
echo '<select name="'.$selectname.'" id="'.$selectname.'" autocomplete="off">';
$i = "0";
while( $i < $num) {
echo '<option value="'.$ddvalues['values'][$i]. '"';
if ($selected == $ddvalues['values'][$i]) {
echo ' selected';
}
echo '>'.$ddvalues['label'][$i].'</option>';
$i++;
}
echo '</select>';
return TRUE;
}
// Basic string cleaning function
function cleanInject( $string ) {
$string = mysqli_real_escape_string($sql->connect, $string);
}
// A clean function for form textarea input sanitization
function textareaClean($string) {
if(get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
elseif(!get_magic_quotes_gpc()) {
$string = addslashes(trim($string));
}
$string = filter_var($string, FILTER_SANITIZE_STRING);
return $string;
}
// A clean function for form input sanitization
function Clean($string) {
if(get_magic_quotes_gpc()) {
$string = stripslashes($string);
} elseif(!get_magic_quotes_gpc()) {
$string = addslashes(trim($string));
}
$string = escapeshellcmd($string);
$string = mysqli_real_escape_string($this->sql->passConn(), $string);
$string = filter_var($string, FILTER_SANITIZE_STRING);
$string = stripslashes(strip_tags(htmlspecialchars($string, ENT_QUOTES)));
return $string;
}
// Encrypt the password via Bcrypt 12-interation hash and random salt
function Encrypt($toEncrypt) {
$salt = '$2a$12$' . substr(md5(uniqid(rand(), true)), 0, 22);
$enc = crypt($toEncrypt, $salt);
return $enc;
}
// Rebuild existing password with input and salt stored in database
function rebuildEncryption($toEncrypt, $dbSalt) {
$salt = substr($dbSalt,0,29);
$enc = crypt($toEncrypt, $salt);
return $enc;
}
// Light hashing function for session data
function SessEncrypt($SessString) {
$enc = md5($SessString);
return $enc;
}
// A reliable way to get the clients external IP
function getIP() {
$ip = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $ip;
}
// End the global class
}
?>
Querys.php
<?php
/*
*
* Instrument Repair Portal - A simple repair management system
* Developed by Chris Elliott
* Filename: querys.php
*
*/
// Start the SQL queries class
class querys {
// Create a function to connect our queries to the SQL class
function querys($sql) {
$this->connect = $sql;
}
// SQL queries begin below, no comments should be needed here
function getPassword($username) {
$query = "
SELECT password FROM `users`
WHERE
`username` = '". $username ."'
LIMIT 1;
";
return $query;
}
function getUserFirstname($username) {
$query = "
SELECT firstname FROM `users`
WHERE
`username` = '". $username ."'
LIMIT 1;
";
return $query;
}
function getUserDetails($username, $password) {
$query = "
SELECT * FROM `users`
WHERE
`username` = '". $username ."'
AND
`password` = '". $password ."'
LIMIT 1;
";
return $query;
}
function getUserDetailsWoPass($uid) {
$query = "
SELECT * FROM `users`
WHERE
`uid` = '". $uid ."';
";
return $query;
}
function updateUserSession($userid, $sessionid) {
$query = "
UPDATE `users`
SET
`sessionid` = '". $sessionid ."'
WHERE
`uid` = '". $userid ."';";
return $query;
}
function updateUserAgent($userid, $useragent) {
$query = "
UPDATE `users`
SET
`useragent` = '". $useragent ."'
WHERE
`uid` = '". $userid ."';";
return $query;
}
function insertAuthlog($userid, $type, $ip, $date) {
$query = "
INSERT INTO `auth`
(`uid`, `type`, `ip`, `date`)
VALUES
('". $userid ."', '". $type ."', '" . $ip . "', '" . $date . "');";
return $query;
}
function getFailedAuthlog($uid) {
$query = "
SELECT * from `auth`
WHERE
`uid` = '". $uid ."'
AND
`type` = '0'";
return $query;
}
function getCustomerList() {
$query = "
SELECT * FROM `customers`
ORDER BY customername ASC";
return $query;
}
function getActivityList() {
$query = "
SELECT * FROM `activitylog`
ORDER BY aid ASC";
return $query;
}
function getJobList() {
$query = "
SELECT * FROM `jobs`
WHERE
`closed` = '0'
AND `repairtype` != '6'
AND `repairtype` != '7'";
return $query;
}
function getTradeinJobList() {
$query = "
SELECT * FROM `jobs`
WHERE
`closed` = '0'
AND `repairtype` = '6' OR `repairtype` = '7'";
return $query;
}
function getArchiveJobList() {
$query = "
SELECT * FROM `jobs`
WHERE
`closed` = '1'";
return $query;
}
function getCustomer($customerid) {
$query = "
SELECT * FROM `customers`
WHERE `id` = '". $customerid ."' ";
return $query;
}
function getJob($jobid) {
$query = "
SELECT * FROM `jobs`
WHERE `id` = '". $jobid ."' ";
return $query;
}
function getCustomerName($customerid) {
$query = "
SELECT `customername` FROM `customers`
WHERE `id` = '". $customerid ."' ";
return $query;
}
function getEquipmentName($equipmentid) {
$query = "
SELECT `equipment` FROM `equipment`
WHERE `id` = '". $equipmentid ."' ";
return $query;
}
function getUserName($userid) {
$query = "
SELECT `firstname`, `lastname` FROM `users`
WHERE `uid` = '". $userid ."' ";
return $query;
}
function getEquipment($equipmentid) {
$query = "
SELECT * FROM `equipment`
WHERE `id` = '". $equipmentid ."' ";
return $query;
}
function getUser($puserid) {
$query = "
SELECT * FROM `users`
WHERE `uid` = '". $puserid ."' ";
return $query;
}
function updateCustomer($customerid, $customername, $customerno, $customercontact, $customerphone, $customeremail, $notes) {
$query = "
UPDATE `customers`
SET
`customername` = '". $customername ."',
`customerno` = '". $customerno ."',
`customercontact` = '". $customercontact ."',
`customerphone` = '". $customerphone ."',
`customeremail` = '". $customeremail ."',
`notes` = '". $notes ."'
WHERE
`id` = '". $customerid ."';";
return $query;
}
function updateJob($jobid, $repairloan, $repairtype, $repairstatus, $engineer, $notes, $jobclosed, $updateflag) {
$query = "
UPDATE `jobs`
SET
`repairloan` = '". $repairloan ."',
`repairtype` = '". $repairtype ."',
`repairstatus` = '". $repairstatus ."',
`uid` = '". $engineer ."',
`notes` = '". $notes ."',
`closed` = '". $jobclosed ."',
`updateflag` = '". $updateflag ."'
WHERE
`id` = '". $jobid ."';";
return $query;
}
function updateJobUpdated($jobid, $today) {
$query = "
UPDATE `jobs`
SET
`custupdated` = '". $today ."'
WHERE
`id` = '". $jobid ."';";
return $query;
}
function updateJobClosuredate($jobid, $today) {
$query = "
UPDATE `jobs`
SET
`closeddate` = '". $today ."'
WHERE
`id` = '". $jobid ."';";
return $query;
}
function updateUserWOPass($userid, $firstname, $lastname, $email) {
$query = "
UPDATE `users`
SET
`firstname` = '". $firstname ."',
`lastname` = '". $lastname ."',
`email` = '". $email ."'
WHERE
`uid` = '". $userid ."';";
return $query;
}
function updateUser($userid, $firstname, $lastname, $email, $password) {
$query = "
UPDATE `users`
SET
`firstname` = '". $firstname ."',
`lastname` = '". $lastname ."',
`email` = '". $email ."',
`password` = '". $password ."'
WHERE
`uid` = '". $userid ."';";
return $query;
}
function updateEquipment($equipmentid, $equipmentname) {
$query = "
UPDATE `equipment`
SET
`equipment` = '". $equipmentname ."'
WHERE
`id` = '". $equipmentid ."';";
return $query;
}
function updateUserLastlog($userid, $lastloginip, $lastlogin) {
$query = "
UPDATE `users`
SET
`lastloginip` = '". $lastloginip ."',
`lastlogin` = '". $lastlogin ."'
WHERE
`uid` = '". $userid ."';";
return $query;
}
function getEquipmentList() {
$query = "
SELECT * FROM `equipment`
ORDER BY equipment ASC";
return $query;
}
function getPaginationTable($dbtable, $orderby, $ascdesc, $limit) {
$query = "
SELECT * FROM `".$dbtable."`
ORDER BY `".$orderby."` ".$ascdesc." ".$limit.";";
return $query;
}
function getPaginationTableArc($dbtable, $orderby, $ascdesc, $limit) {
$query = "
SELECT * FROM `".$dbtable."`
WHERE `closed` = '1'
ORDER BY `".$orderby."` ".$ascdesc." ".$limit.";";
return $query;
}
function getPaginationTableOpen($dbtable, $orderby, $ascdesc, $limit) {
$query = "
SELECT * FROM `".$dbtable."`
WHERE `closed` = '0'
AND `repairtype` != '6'
AND `repairtype` != '7'
ORDER BY `".$orderby."` ".$ascdesc." ".$limit.";";
return $query;
}
function getPaginationTableOpenTradeIN($dbtable, $orderby, $ascdesc, $limit) {
$query = "
SELECT * FROM `".$dbtable."`
WHERE `closed` = '0'
AND `repairtype` = '6' OR `repairtype` = '7'
ORDER BY `".$orderby."` ".$ascdesc." ".$limit.";";
return $query;
}
function removeCustomer($customerid) {
$query = "
DELETE FROM `customers`
WHERE
`id` = '".$customerid."';";
return $query;
}
function removeJob($jobid) {
$query = "
DELETE FROM `jobs`
WHERE
`id` = '".$jobid."';";
return $query;
}
function insertCustomer($customername, $customerno, $customercontact, $customerphone, $customeremail, $notes) {
$query = "
INSERT INTO `customers`
(`customername`, `customerno`, `customercontact`, `customerphone`, `customeremail`, `notes`)
VALUES
('". $customername ."', '". $customerno ."', '" . $customercontact . "', '" . $customerphone . "', '" . $customeremail. "', '" . $notes. "');";
return $query;
}
function insertJob($customer, $equipment, $serialno, $serviceorder, $daterecv, $repairtype, $repairstatus, $engineer, $notes, $closed, $externalno, $repairloan) {
$query = "
INSERT INTO `jobs`
(`cid`, `iid`, `serialno`, `serviceord`, `daterecv`, `repairtype`, `repairstatus`, `uid`, `notes`, `closed`, `externalno`, `repairloan`)
VALUES
('". $customer ."', '". $equipment ."', '" . $serialno . "', '" . $serviceorder . "', '" . $daterecv. "', '" . $repairtype ."', '" . $repairstatus ."', '" . $engineer ."', '" . $notes ."', '" . $closed ."', '" . $externalno ."', '" . $repairloan ."');";
return $query;
}
function removeEquipment($equipmentid) {
$query = "
DELETE FROM `equipment`
WHERE
`id` = '".$equipmentid."';";
return $query;
}
function insertEquipment($equipment) {
$query = "
INSERT INTO `equipment`
(`equipment`)
VALUES
('". $equipment ."');";
return $query;
}
function insertActivity($action, $date, $uid) {
$query = "
INSERT INTO `activitylog`
(`action`, `date`, `uid`)
VALUES
('". $action ."', '". $date ."', '". $uid ."');";
return $query;
}
function getUserList() {
$query = "
SELECT * FROM `users`
";
return $query;
}
function removeUser($puserid) {
$query = "
DELETE FROM `users`
WHERE
`uid` = '".$puserid."';";
return $query;
}
function insertUser($username, $password, $firstname, $lastname, $email, $userlevel) {
$query = "
INSERT INTO `users`
(`username`, `password`, `firstname`, `lastname`, `email`, `userlevel`)
VALUES
('". $username ."', '". $password ."', '". $firstname ."', '". $lastname ."', '". $email ."', '". $userlevel ."');";
return $query;
}
function searchJobSN($searchitem, $jobstatus) {
$query = "
SELECT * FROM `jobs`
WHERE `serialno` = '". $searchitem ."'
AND `closed` = '". $jobstatus ."'";
return $query;
}
function searchJobSO($searchitem, $jobstatus) {
$query = "
SELECT * FROM `jobs`
WHERE `serviceord` = '". $searchitem ."'
AND `closed` = '". $jobstatus ."'";
return $query;
}
function searchJobAccNo($searchitem, $jobstatus) {
$query = "
SELECT * FROM `jobs`
WHERE `cid` = '". $searchitem ."'
AND `closed` = '". $jobstatus ."'";
return $query;
}
function searchJobAccNoGetCID($searchitem) {
$query = "
SELECT `id` FROM `customers`
WHERE `customerno` LIKE '%". $searchitem ."%'";
return $query;
}
function searchJobCustomerNameGetCID($searchitem) {
$query = "
SELECT `id` FROM `customers`
WHERE `customername` LIKE '%". $searchitem ."%'";
return $query;
}
function searchJobCustomerNameCID($cid, $jobstatus) {
$query = "
SELECT * FROM `jobs`
WHERE `cid` = '". $cid ."'
AND `closed` = '". $jobstatus ."'";
return $query;
}
function searchJobEngineerName($searchitem, $jobstatus) {
$query = "
SELECT * FROM `jobs`
JOIN users ON jobs.uid = users.uid
WHERE `username` = '". $searchitem ."'
AND `closed` = '". $jobstatus ."'";
return $query;
}
function searchCustomerAccNo($searchitem) {
$query = "
SELECT * FROM `customers`
WHERE `customerno` = '". $searchitem ."'";
return $query;
}
function searchCustomerName($searchitem) {
$query = "
SELECT * FROM `customers`
WHERE `customername` LIKE '%". $searchitem ."%'";
return $query;
}
function searchEquipmentName($searchitem) {
$query = "
SELECT * FROM `equipment`
WHERE `equipment` LIKE '%". $searchitem ."%'";
return $query;
}
function searchUserName($searchitem) {
$query = "
SELECT * FROM `users`
WHERE `username` = '". $searchitem ."'";
return $query;
}
function searchUserFirstName($searchitem) {
$query = "
SELECT * FROM `users`
WHERE `firstname` LIKE '%". $searchitem ."%'";
return $query;
}
}
?>
Ik hoop dat ik zo goed mogelijk informatie heb gegeven. Mocht je dit een interresant probleem vinden en graag willen helpen met oplossen. Klein bedrag kan er tegen over staan.
Blij met jullie hulp.
Tino
