Click here to Skip to main content
15,997,856 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I uploaded this mlmpro software, connected the database. I tried to access the login.php extension of the admin with my site url and the use login.php as well. But the page showed blank.

When I went to inspect the page, I found "Failed to load resource: the server responded with a status of 500 (Internal Server Error)"

Please I need help to make this come up on the webpage.

What I have tried:

<pre>
<?php

    // sanitize $_GET variables
    $_GET   = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);        

    // sanitize $_POST variables
    $_POST  = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
    
    session_start();
    include $_SERVER['DOCUMENT_ROOT'] . "/dbase/dbaseconnection.php";
    include $_SERVER['DOCUMENT_ROOT'] . "/functions/mlmfunctions.php";
    //include $_SERVER['DOCUMENT_ROOT'] . "/functions/functions.php";
    function testinput($data) {
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        return $data;
    }
    
?>
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
        <meta name="apple-mobile-web-app-capable" content="yes">
        <meta name="apple-mobile-web-app-status-bar-style" content="black">
        <title>MLMPro | Multi-Level Marketing</title>
        <link href="/css/styles.css" rel="stylesheet" type="text/css" />
        <link href="/icofont/css/icofont.css" rel="stylesheet" type="text/css"/>
        <style type="text/css"> 

            #header {line-height: 9.6em;background-color: #002366;padding-left: 20px;}
            #header h1 {color: #fff;}
            #topbackground img {width: 100%;}
            .loginbox {max-width: 480px;background: rgba(0,0,0,0.5); background:rgba(0, 56, 168,0.5);color: #fff;border-radius: 10px;padding: 60px 20px 40px;box-sizing: border-box;font-family: arial, sans-serif;margin: 0 auto;position: relative;margin-top: -48px;margin-bottom: 96px;margin-top: 100px;}
            .user {width: 80px;height: 80px;border-radius: 50%; overflow: hidden; position: absolute;top: calc(-80px/2); left: calc(50% - 40px);}
            h2 {margin: 0; padding-left: 0 0 20px;color: #efefef; text-align: center;}
            .loginbox p {margin: 0;padding:0; font-weight: bold; color: #fff;}
            .loginbox input {width: 100%; margin-bottom: 20px;}
            .loginbox input[type='text'], input[type="password"] {border: none; border-bottom: 1px solid #fff; background: transparent; outline: none; height: 40px; color: #fff; font-size: 16px;}
            input::placeholder {color: rgba(255,255,255,0.5);}
            .loginbox input[type='submit'] {border: none; outline: none; height: 40px; color: #fff; font-size: 16px; background: #ff267e;cursor: pointer;border-radius: 20px;}
            .loginbox input[type="submit"]:hover {background: #efed40;color: #262626;}
            .loginbox a {color: #fff; font-size: 1.0em;font-weight: normal; text-decoration: none;padding-bottom: 24px;}       


        </style>           
    </head>
    <body id="home"  style="background: url('/images/royalbackground.png'); background-size: cover;">        
        
           
           <?php
            unset($_SESSION['username']);
            unset($_SESSION['userid']);
            unset($_SESSION['logged']);
            $section=isset($_GET['section'])?$_GET['section']:'';
            if($section=='login' || $section==''){
                $usernameErr=$passwordErr=$error='';
                if(isset($_POST['submit']) && $_POST['submit']=='Login'){
                    $usernameErr=$passwordErr=$error='';
                    $username=isset($_POST['username'])?testinput($_POST['username']):'na';
                    $password=isset($_POST['password'])?testinput($_POST['password']):'na';
                    $password=md5($password);

                    $sql="SELECT * FROM mlmmembers WHERE username='$username' AND password='$password'";
                    $result=mysql_query($sql) or die(mysql_error());

                    if(mysql_num_rows($result)>0){
                        
                        $rows=mysql_fetch_array($result);
                        $_SESSION['userid']=$rows['userid'];
                        $_SESSION['logged']=1;
                        $_SESSION['category']=$rows['category'];
                        $_SESSION['username']=$rows['username'];

                        header('Location: /index.php');
                    }else{
                        $error="Invalid Username and/or Password";
                        include $_SERVER['DOCUMENT_ROOT'] . "/includes/loginform.inc.php";
                    } 
                }else{
                    include $_SERVER['DOCUMENT_ROOT'] . "/includes/loginform.inc.php";    
                } 
            }elseif ($section=='reset') {
                # code...
                $errEmail=$errUsername=$status=$username=$email='';
                $errors=0;

                if(isset($_POST['submit'])){
                    $username=isset($_POST['username'])?$_POST['username']:'';
                    $email=isset($_POST['email'])?$_POST['email']:'';

                    if(empty($username)){
                        $errUsername='Username cannot be blank';
                        $errors=1;
                    }
                    if(empty($email)){
                        $errEmail='Email cannot be blank';
                        $errors=1;
                    }elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                        # code...
                        $errEmail = 'Please enter a valid email address';
                        $errors=1;
                    }
                    
                    
                    if($errors==1){
                        include $_SERVER['DOCUMENT_ROOT'] . "/includes/resetpassword.php";    
                    }else{
                        $password = substr(md5(uniqid(rand(),1)),3,5);
                        $sql="SELECT * FROM mlmmembers WHERE username='$username' AND emailaddress='$email'";
                        $result=mysql_query($sql) or die(mysql_error());

                        if(mysql_num_rows($result)>0){
                            $password = substr(md5(uniqid(rand(),1)),3,5);
                            $pass = md5($password); //encrypted version for database entry

                            //sendmail
                            $to=$email;
                            $subject='Password Reset';
                            $status='A password reset information has been sent to your mail box';
                            $msg="Hi " . $username . ", \n\nyou or someone else have requested your account details. \n\nHere is your account information please keep this as you may need this at a later stage. \n\nYour username is $username \n\n your password is: " .  $password . " \n\nYour password has been reset please login and change your password.\n\n MLMPro Multi-Level Marketing";

                            $status=sendmail($to,$msg,$subject,$status);


                            $sql="UPDATE mlmmembers SET password='$pass' WHERE username='$username'";
                            $result=mysql_query($sql) or die(mysql_error());
                            include $_SERVER['DOCUMENT_ROOT'] . "/includes/resetpassword.php"; 

                        }

                    }
                }else{
                    include $_SERVER['DOCUMENT_ROOT'] . "/includes/resetpassword.php";    
                }
                
            }                      
            
        ?> 
        
        <script type="text/javascript" src="/js/jquery-1.7.1.min.js"></script>
        <script src='/js/mlm.js'> </script>
    </body>
</html>
Posted
Updated 16-Oct-20 3:50am

1 solution

A 500 internal server error just means something went wrong with your code. You'll need to examine your server logs to find out what the problem is and fix it.

But there are plenty of problems with the code you've shown.

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]

You're storing an unsalted MD5 hash of the user's password. Don't do that. MD5 has not been considered secure enough for password storage for several decades. Use PHP's built-in functions to handle password storage correctly.
PHP: password_hash[^]
PHP: password_verify[^]

Your comments refer to "encrypting" the password, which is incorrect.

You allow anyone who knows the username and email address of any user to reset that user's password. This could easily become a denial-of-service attack.
Troy Hunt: Everything you ever wanted to know about building a secure password reset feature[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900