Hey all.
I’ve built a website running on my localhost with XAMPP - Everything works perfectly.
However, I’ve recently tried porting it to 000webhost so that I can test some things, and now some crucial parts are broken.
The main issue I’m experiencing now is that when I query my database to modify something (e.g. “INSERT INTO users ([names]) VALUES ([values])”) it just doesn’t work. I have a feeling it’s an issue with permissions, but I can’t find anywhere to modify them.
Any help is appreciated.
Thanks.
Hmm could you post your code?
I’m sure @ckhawand will be able to assist surely.
Else
and
are good resources
Sure! Here’s my code:
Apparently new users can only post one link at a time, so I’m gonna post one link each in replies to this comment.
I have a form that has it’s action set to the “create-account-action.php”, so start there.
I know the problem is with the query
function because after trying to create an account I get my generic “error” message (?msg=err).
EDIT: Apprently I can’t post pastebin links?
I’ll just put the code straight in here, I guess:
create-account-action.php
<?php
include "../inc/account-manager.inc.php";
if(isset($_POST['email'])
&& isset($_POST['username'])
&& isset($_POST['password'])
&& isset($_POST['confirm_password'])){
$username = $_POST['username'];
if(strlen($username) >= 32){
header("Location: ./create-account.php?msg=uname_long");
}
if(user_exists($username)){
header("Location: ./create-account.php?msg=user_exists");
}else{
$email = $_POST['email'];
if(email_in_use($email)){
header("Location: ./create-account.php?msg=email");
}else{
$password = $_POST['password'];
if($password != $_POST['confirm_password']){
header("Location: ./create-account.php?msg=password_match");
}else{
$last_name = isset($_POST['last_name']) ? $_POST['last_name'] : null;
$first_name = isset($_POST['first_name']) ? $_POST['first_name'] : null;
$birthday = isset($_POST['birthday']) ? $_POST['birthday'] : null;
if(create_account($email, $username, $password, $last_name, $first_name, $birthday)){
header("Location: ./create-account.php?msg=account_created");
}else{
header("Location: ./create-account.php?msg=error");
}
}
}
}
}
account-manager.inc.php
<?php
include_once "database-handler.inc.php";
include_once "password-manager.inc.php";
function create_account($email, $username, $password, $last_name, $first_name, $birthday){
$email_sanitized = sanitize($email);
$username_sanitized = sanitize($username);
$last_name_sanitized = sanitize($last_name);
$first_name_sanitized = sanitize($first_name);
$birthday_sanitized = sanitize($birthday);
$salt = gen_salt();
$password_hash = hash_password($password, $salt);
$sql = "INSERT INTO users (username, email, password_hash, salt, last_name, first_name, birthday)" .
" VALUES ('$username_sanitized', '$email_sanitized', '$password_hash', '$salt', '$last_name_sanitized', '$first_name_sanitized', '$birthday_sanitized')";
if(query($sql) == false) return false;
else return true;
}
function user_exists($username){
$username = sanitize($username);
$result = query("SELECT username FROM users WHERE username = '$username'");
return mysqli_num_rows($result) > 0;
}
function email_in_use($email){
$email = sanitize($email);
$result = query("SELECT email FROM users WHERE email = '$email'");
return mysqli_num_rows($result) > 0;
}
function login($email, $password){
$email_sanitized = sanitize($email);
$result = query("SELECT * FROM users WHERE email = '$email_sanitized'");
if($result){
$row = mysqli_fetch_assoc($result);
$salt = $row['salt'];
$password_hash = $row['password_hash'];
if(hash_password($password, $salt) == $password_hash){
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['birthday'] = $row['birthday'];
$_SESSION['uid'] = $row['uid'];
$_SESSION['coins'] = get_coin_count($email);
return true;
}else return false;
}else return false;
}
function get_coin_count($email){
//USER->email DATE->date AMOUNT->number (+) FROMTO=project|"SYSTEM"
$email = sanitize($email);
$sql = "SELECT * FROM transactions WHERE user='$email'";
$result = query($sql);
$coins = 0;
while(($row = mysqli_fetch_assoc($result))){
if(trim($row['fromto']) === "SYSTEM"){
$coins += $row['amount'];
}else $coins -= $row['amount'];
}
return $coins;
}
database-handler.inc.php
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$database = "dono";
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$conn = mysqli_connect($hostname, $username, $password, $database, '3306');
if(!$conn) exit("Connection failed: " . mysqli_connect_error());
$_SESSION['mysql_conn'] = $conn;
function query($sql){
return mysqli_query($_SESSION['mysql_conn'], $sql);
}
function sanitize($str){
return mysqli_real_escape_string($_SESSION['mysql_conn'], htmlspecialchars($str));
}
password-manager.inc.php
<?php
$check_complexity = false;
define("HASH_ALGORITHM", "sha512");
define("COMPLEXITY", 414912);
if($check_complexity){
$now = time();
$current_hash = "password";
$complexity = 0;
while(time() - $now <= 1){
$current_hash = hash(HASH_ALGORITHM, $current_hash);
$complexity++;
}
echo "A complexity of " . $complexity . " was reached in 1 second.";
}
function hash_password($password, $salt){
for($i = 0; $i < COMPLEXITY; $i++){
$password = hash(HASH_ALGORITHM, $password . $salt);
}
return $password;
}
function gen_salt(){
return hash(HASH_ALGORITHM, random_bytes(256));
}
You’ve given me the whole code, please specify where it’s not working
account-manager.inc.php > create_account
Whenever it queries the SQL, the query function returns false (i.e. failure).
This worked perfectly when running on localhost.
You’ll need a better system that actually echoes what the error is.
In STMT for example, you could do
echo $mysqli -> error();
I’m using the procedural system, so that won’t work.
Regardless, I tried echoing out mysqli_error_message, and got nothing.
Switch to OOP, it’s way easier and more effective
I prefer to use procedural, so if you could give some insight on my problem it would be appreciated.
database handler file:
Replace the query function with this.
function query($sql){
return mysqli_query($_SESSION['mysql_conn'], $sql)or die(mysqli_error($_SESSION['mysql_conn']));
}
Cool, now MySQL is giving me an error message like it’s supposed to.
I’ve fixed the problem - Thanks!