PHP Myinvoice Script...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

djreddog
Forum Newbie
Posts: 10
Joined: Fri Sep 29, 2006 12:32 pm

PHP Myinvoice Script...

Post by djreddog »

Hello,

I am not the best at PHP yet... But I have done a bunch of things yet this one is driving me crazy. I am wondering if anyone can help me with this. I am looking for a simple invoice script and I found one. I tried to email the owner but I think they packed up shop.

I am using this script called myinvoice. I try to set it up (thinking it is basic which it seems). I changed some fields that I know would form to my site. (Meaning file paths etc) and tried to log into it and I am unable to... It just goes in this loop. Every time I use the login it will just loop back to the login page.

Any help would be great. I have battled this for about 2 weeks now and I have rebuilt it and use the original many times.

Please help me, this is my last outlet.

Thanks
Derek
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

it's really tough to say without seeing any code what the problem could be. Given that you didn't write it, you'll need to check the license and ensure that you can share it.

if you can, show us some code so we can help you.
djreddog
Forum Newbie
Posts: 10
Joined: Fri Sep 29, 2006 12:32 pm

Post by djreddog »

Burrito | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


It is a free script so I can post the code...


The index.htm is

Code: Select all

<html>
<head>
<title>My Invoice - log in</title>
<link rel="stylesheet" href="inc/style.css" type="text/css">
<script language="">
<!--
function cursor(){document.login.name.focus();}
// -->
</script>
</head>

<body bgcolor="#FFFFFF" text="#000000" onLoad=cursor()>
<img src="inc/title.gif" width="308" height="82">
<blockquote>
  <p><b>please login</b></p>

<table border="0" cellspacing="0" cellpadding="2">
  <form action="login.php" method="post" name=login>
    <tr>
      <td>Username</td>
      <td>
        <input type="Text" name="name" size="15">
      </td>
    </tr>
    <tr>
      <td height="6">Password</td>
      <td height="6">
        <input type="password" name="password" size="15">
      </td>
    </tr>
    <tr>
      <td colspan="2">
        <input type="Submit" name="submit" value="Enter">
      </td>
    </tr>
  </form>
</table>
</blockquote>
</body>
</html>
This is the login.php code...

Code: Select all

<?
include("inc/config.php");
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
$query = "SELECT * FROM clients WHERE name = '$name' AND password = PASSWORD('$password')";
$result = mysql_db_query($database, $query, $connection);
if (mysql_num_rows($result) == 1)
	{
	session_start();

	session_register("client_id");
	session_register("client_name");
	session_register("client_email");
	session_register("client_ref");
	session_register("client_title");
	list($clientid, $name, $pass, $email, $ref, $title) = mysql_fetch_row($result);
	$client_id = $clientid;
	$client_name = $name;
	$client_email = $email;
	$client_ref = $ref;
	$client_title = $title;
	
	header("Location: menu.php");
	mysql_free_result ($result);	

	mysql_close($connection);
	}
else

	{
	mysql_free_result ($result);	
	mysql_close($connection);

	header("Location: index.htm");
	exit;
	}
?>
I have a username and password to login but it is not working... plus I am using MYSQL and PHP...

Thanks for the help and any help you can tell me is great.

Derek




Burrito | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

try echoing your query to make sure it's selecting what you think it should be.

also change your include() to require() to make sure that the inc/config.php file is really being found and included.
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

The username and or password is wrong so the query returns 0 rows or maybe there are multiple records with the same username password so the query returns > 1 rows.

Or you have disabled register_globals and you should change to

Code: Select all

$query = "SELECT * FROM clients WHERE name = '{$_POST['name']}' AND password = PASSWORD('{$_POST['password']}')";
djreddog
Forum Newbie
Posts: 10
Joined: Fri Sep 29, 2006 12:32 pm

Post by djreddog »

I tried them and that did not work either. I have the username and password of admin/ admin and it will not let me login...

I tried those things you post and no go, any other ideas?

Thanks Derek
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

how is the password saved on the database?

in other words, how did you create the password?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

L

Post by twigletmac »

The code looks a little old - mysql_db_query(), for example, has been deprecated for a number of years and session_register() is useless with register_globals off. So - if the code was written for MySQL 3.23 and you are using MySQL 4.x or 5.x then MySQL's PASSWORD() function is returning a different hash than it used to (it's longer for one) and thus an old table definition (based on the expectation of a shorter value) would be truncating the password when it's initially entered so it can't match the result from the function when you try and login.

What all of this means is that you probably need to keep looking for a script (written for PHP 4.2 or up and MySQL 4.1 or up) or give this one a fairly hefty rewrite to bring it up to date.

Mac
djreddog
Forum Newbie
Posts: 10
Joined: Fri Sep 29, 2006 12:32 pm

Post by djreddog »

I have imported it in there myself with PHPAdmin.

I am calling the row that I want to use to login with.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

with phpMyAdmin did you run it through the password() function?

just to narrow down the problem, I would insert it as plain text, then remove the password() function form your select statement. If that lets you through then you know where the issue lies. You can then deal with your password however you want, I'd recommend using sha256 and scrapping the mysql password() function all together.
djreddog
Forum Newbie
Posts: 10
Joined: Fri Sep 29, 2006 12:32 pm

Post by djreddog »

If these things are no longer used what has replaced them? If all I need to do is go through the script and edit them I will do that. it might be easier to just edit the script and use it that way.

Any thoughts?
djreddog
Forum Newbie
Posts: 10
Joined: Fri Sep 29, 2006 12:32 pm

Post by djreddog »

What is sha256? Sorry I am a newbie still....
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Script looks pretty crappy to me... it requires register_globals to be on to even work... and it is asking for sql injection.
djreddog
Forum Newbie
Posts: 10
Joined: Fri Sep 29, 2006 12:32 pm

Post by djreddog »

I shut off the register_globals what would I replace the code with. i looked on php.net and they have it there. Meaning they're still showing the code I have working... I was kind of thrown for a loop.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

I wouldn't even use it... how large is the script?
Post Reply