0

We have had a project developed by a group of students as part of their masters degree final project. The overall solution turned out to work great, unfortunately it was developed for MySQL database and we are using a MsSQL Server databases.

I have been trying to work out a wait to make it work but I am not really getting anywhere. On the local machine I am running an Apache server with PHP 5.3.29 and Sql Server 2012.

Info from phpinfo(); Apache Version Apache/2.2.25 (Win32) PHP/5.3.29 I can't see mention of mssql in the phpinfo() but in PHP.ini I do have the following:

[MSSQL]
; Allow or prevent persistent links.
mssql.allow_persistent = On

; Maximum number of persistent links.  -1 means no limit.
mssql.max_persistent = -1

; Maximum number of links (persistent+non persistent).  -1 means no limit.
mssql.max_links = -1

; Minimum error severity to display.
mssql.min_error_severity = 10

; Minimum message severity to display.
mssql.min_message_severity = 10

; Compatibility mode with old versions of PHP 3.0.
mssql.compatability_mode = Off

; Connect timeout
;mssql.connect_timeout = 5

; Query timeout
;mssql.timeout = 60

; Valid range 0 - 2147483647.  Default = 4096.
;mssql.textlimit = 4096

; Valid range 0 - 2147483647.  Default = 4096.
;mssql.textsize = 4096

; Limits the number of records in each batch.  0 = all records in one batch.
;mssql.batchsize = 0

; Specify how datetime and datetim4 columns are returned
; On => Returns data converted to SQL server settings
; Off => Returns values as YYYY-MM-DD hh:mm:ss
;mssql.datetimeconvert = On

; Use NT authentication when connecting to the server
mssql.secure_connection = On

; Specify max number of processes. -1 = library default
; msdlib defaults to 25
; FreeTDS defaults to 4096
;mssql.max_procs = -1

; Specify client character set.
; If empty or not set the client charset from freetds.conf is used
; This is only used when compiled with FreeTDS
;mssql.charset = "ISO-8859-1"

I have tried the following: dbconnect.php

$myServer = "localhost";
$myUser = "sa";
$myPass = "sa123";
$myDB = "st"; 

//connection to the database
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
  or die("Couldn't connect to SQL Server on $myServer"); 

die();  
  $selected = mssql_select_db($myDB, $dbhandle)
  or die("Couldn't open database $myDB");

I am first trying to get the system to even allow me to login, so the login.php code is as follows. I have change the queries to mssql:

    <?php
error_reporting(E_ALL);
session_start(); // Starting Session
require("includes/db_connect.php");
$hint = "";
$username=$_POST["username"];
$password=$_POST["password"];
/*=============================================================
                    SQL INJECTION PREVENTION
===============================================================*/
$PRElist = array();
$PREsql = "SELECT Username, Password FROM tblUsers ;";
$PREresult = mssql_query($PREsql);
//if (mysqli_num_rows($PREresult)>0) 
if (1 == 1){
    // output data of each row
    while($row = mssql_fetch_assoc($PREresult)) {
        $PRElist[]= strtolower($row['Username']);
        $PRElist[strtolower($row['Username'])]=$row['Password'];
    }
}//to prevent sql injection
//=======================START LOOKING UP THE USER==================
if ((in_array(strtolower($username), $PRElist))&&($PRElist[strtolower($username)]==$password)) 
    {
        $sql = "SELECT UserId, Username, Password FROM tblUsers where Username='$username' AND Password='$password'";
        $result = mssql_query($sql);
        $numRows = mssql_num_rows($result); 
        if ($numRows > 0) {
            // output data of each row
            while($row = mssql_fetch_assoc($result)) {
                $hint="";                   //initialize the hint string.. 
                if (strtolower($username)==strtolower($row["Username"])){
                    $userID= $row["UserId"];
                    $sql = "SELECT GroupId FROM tblUserGroups where UserId='$userID'";
                    $result = mssql_query($sql);
                    $numRows1 = mssql_num_rows($result); 
                    if ($numRows1 > 0) {
                        // output data of each row
                        while($row = mssql_fetch_assoc($result)) {
                            switch ($row["GroupId"]) {
                                case '1':
                                        header("location: home.php"); // Redirecting To Other Page
                                        $hint="<span style='color:green'> This username is registered </span>";
                                        $_SESSION['login_user']=$username; // Initializing Session
                                        $_SESSION['login_pass']=$password; // Initializing Session# code...
                                        $_SESSION['userID']=$userID; // Initializing Session# code...
                                    break;
                                case '2':
                                        header("location: Team_Home.php"); // Redirecting To Other Page
                                        $hint="<span style='color:green'> This username is registered </span>";
                                        $_SESSION['login_user']=$username; // Initializing Session
                                        $_SESSION['login_pass']=$password; // Initializing Session# code...
                                        $_SESSION['userID']=$userID; // Initializing Session# code...
                                    break;
                                case '3':
                                        header("location: Staff_Home.php"); // Redirecting To Other Page
                                        $hint="<span style='color:green'> This username is registered </span>";
                                        $_SESSION['login_user']=$username; // Initializing Session
                                        $_SESSION['login_pass']=$password; // Initializing Session# code...
                                        $_SESSION['userID']=$userID; // Initializing Session# code...
                                    break;
                                default:
                                        $hint="<span style='color:red'>Not registered...</span>";
                                        header("location: index.php"); // Redirecting To Other Page
                                    break;
                            }
                        }
                    }


                }
                else
                {
                    $hint="<span style='color:red'>Not registered...</span>";
                    header("location: index.php"); // Redirecting To Other Page

                }
            }
        } 
    }
    else{
        header("location: index.php"); // Redirecting To Other Page
        $hint="<span style='color:red'>Not registered...</span>";
    }
    echo $hint;
    mssql_close($conn);

I am unable to really see what is happening as when I try to login I just get a white screen with no information or errors in the console.

Improve this question
15
  • If u get a white screen that means you have an syntax error in youre php code Commented Jul 6, 2017 at 13:53
  • did you try with error_reporting(E_ALL); ? Commented Jul 6, 2017 at 13:54
  • I tried error_reporting and still nothing appears Commented Jul 6, 2017 at 13:54
  • This code is very unsafe, those "master students" truly need to learn some aspects of security. This script is vulnerable for SQL injections. Further more your php version is old. Can you add some information from yout phpinfo(); Commented Jul 6, 2017 at 13:54
  • They have some code for SQL Injection prevention at the start of the file, I just didn't include it in the post. Do you want the full phpinfo(); result or what information are you looking for? Commented Jul 6, 2017 at 13:56

1 Answer 1

Reset to default
1 
$myServer = "localhost";
$myUser = "sa";
$myPass = "sa123";
$myDB = "st"; 

//connection to the database
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
  or die("Couldn't connect to SQL Server on $myServer"); 

die();   // whats this for? it can cause white screen.**



$selected = mssql_select_db($myDB, $dbhandle)
  or die("Couldn't open database $myDB");
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

even if it triggered die() he would at least see the message and not a white screen.
Ooops, that was just some debugging I was doing! Same result without the die(); though
@Rushikumar what message would you see if you set die() at the very begin of your code ?
@Ultrazz008 You are referring to this, right? $dbhandle = mssql_connect($myServer, $myUser, $myPass) or die("Couldn't connect to SQL Server on $myServer");
No, the line after that.. It's die(); alone.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.