I played around a bit with a PHP and MySQL Login and realized its pretty easy to sql inject. So I changed a few things so instead of $query I used $smtp and so on.
The page loads and works on my local server (xammp) but when I upload it to my public server I get a 500 Internal Server Error (the page worked before the changes)
I did not change anything to the HTML, its only the PHP part that makes the problem.
And this is my code which works on the local server but not on the public server:
<?php
session_start();
require('../db/DBconnect.php');
$select_db = mysqli_select_db($connection, 'website');
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
//$query = "SELECT * FROM `users` WHERE userName='$username' and userPass='$password'"; OLD LOGIN
$stmt = $connection->prepare('SELECT * FROM users WHERE userName= ? and userPass= ?');
$stmt->bind_param('is', $username, $password);
$stmt->execute();
//$result = $stmt->get_result(); OLD LOGIN
//while ($row = $result->fetch_assoc()) { OLD LOGIN
// do something with $row OLD LOGIN
//} OLD LOGIN
$result = $stmt->get_result();
//$result = mysqli_query($connection, $stmt) or die(mysqli_error($connection)); OLD LOGIN
$count = mysqli_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}else{
$fmsg = "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
header('Location: /beta/adminpanel.php');
}else{
?>
<!DOCTYPE html>
<base href="/">
<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Admin - Freunde Gamen ♥</title>
<link href="../host-files/bootstrap.css" rel="stylesheet">
<link href="../host-files/admin.css" rel="stylesheet">
<html>
<head>
<base href="/">
<link rel="icon" href="../favicon.ico" type="image/x-icon"/>
</head>
<body>
<div class="container">
<div class="login">
<form class="form-signin" method="POST">
<?php if(isset($fmsg)){ ?><div class="alert alert-danger" role="alert"> <?php echo $fmsg; ?> </div><?php } ?>
<h2 class="form-signin-heading">FG - Admin Login</h2>
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">@</span>
<input type="text" name="username" class="form-control" placeholder="Username" required>
</div>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
</form>
</div>
</div>
<script src="../host-files/js/bootstrap.js"></script>
<script src="../host-files/js/jquery.min.js"></script>
</body></html>
<?php } ?>
Both Local and Public server use:
Apache/2.4.10
PHP Version 5.6.33-0+deb8u1 ( I know I should update to PHP 7)
Share the same MySQL DB and Server
So after adding this to the admin.php:
// DEBUGGING
error_reporting(E_ALL);
ini_set('display_errors', true);
I realized mysqli_mysqlnd.dll was missing as a package on my Public Server so I installed it.
sudo apt-get install php5-mysqlnd
And it worked! Thank you all!