我正在尝试将数据库移动到新服务器。我的朋友给了我整个网站,我上传到服务器。他给了我一个干净的DB,以避免提供敏感的细节。该网站有一个登录部分,完整的管理员后端,我可以填充网站供用户注册,但由于某种原因,它缺少一些东西,如我自己的管理员访问网站和表格,让我访问后端。
数据库连接成功。我可以通过phpMyAdmin添加用户和值,但我不知道如何给自己管理员访问权。
以下是我上传到服务器的整个数据库文件的代码:
-- phpMyAdmin SQL Dump
-- version 4.0.10deb1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jul 21, 2016 at 02:03 PM
-- Server version: 5.5.49-0ubuntu0.14.04.1
-- PHP Version: 5.5.9-1ubuntu4.17
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
--
-- Database: `transportation`
--
-- --------------------------------------------------------
--
-- Table structure for table `tbl_3_vehicle_limit`
--
CREATE TABLE IF NOT EXISTS `tbl_3_vehicle_limit` (
`limit_id` int(11) NOT NULL AUTO_INCREMENT,
`soption` tinyint(4) NOT NULL,
`dept_id` varchar(4) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`user_id` int(11) NOT NULL,
`from_date` date NOT NULL,
`to_date` date NOT NULL,
PRIMARY KEY (`limit_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=48 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_abandon_trips`
--
CREATE TABLE IF NOT EXISTS `tbl_abandon_trips` (
`abandon_id` bigint(20) NOT NULL AUTO_INCREMENT,
`abandon_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`notes` text NOT NULL,
`res_id` bigint(20) NOT NULL,
`user_id` int(11) DEFAULT NULL,
`mile_charges` double NOT NULL,
`calculate_fine` tinyint(1) NOT NULL DEFAULT '0',
`miles` smallint(6) NOT NULL DEFAULT '25',
PRIMARY KEY (`abandon_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1106 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_comment_log`
--
CREATE TABLE IF NOT EXISTS `tbl_comment_log` (
`comment_id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`comments` text COLLATE latin1_general_ci NOT NULL,
`comment_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`comment_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=2 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_departments`
--
CREATE TABLE IF NOT EXISTS `tbl_departments` (
`dept_id` varchar(4) COLLATE latin1_general_ci NOT NULL,
`dept_name` varchar(50) COLLATE latin1_general_ci NOT NULL,
`leader_f_name` varchar(15) COLLATE latin1_general_ci NOT NULL,
`leader_l_name` varchar(15) COLLATE latin1_general_ci NOT NULL,
`leader_phone` varchar(25) COLLATE latin1_general_ci NOT NULL,
`leader_email` varchar(150) COLLATE latin1_general_ci NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`active` tinyint(1) NOT NULL DEFAULT '1',
`deactive_date` date DEFAULT NULL,
`dept_info` varchar(200) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`dept_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_driver_links_order`
--
CREATE TABLE IF NOT EXISTS `tbl_driver_links_order` (
`link_id` mediumint(9) NOT NULL,
`link_order` mediumint(9) NOT NULL,
`driver_login` tinyint(1) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_global_settings`
--
CREATE TABLE IF NOT EXISTS `tbl_global_settings` (
`id` int(11) NOT NULL,
`leader_code` varchar(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_info_links`
--
CREATE TABLE IF NOT EXISTS `tbl_info_links` (
`link_id` mediumint(9) NOT NULL AUTO_INCREMENT,
`link_title` varchar(100) NOT NULL,
`link_text` text NOT NULL,
`link_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`link_order` tinyint(4) NOT NULL DEFAULT '1',
`link_display_page` varchar(25) NOT NULL,
`link_display_flag` char(1) DEFAULT NULL,
PRIMARY KEY (`link_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=30 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_log`
--
CREATE TABLE IF NOT EXISTS `tbl_log` (
`log_id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`login_datetime` datetime NOT NULL,
`logout_datetime` datetime NOT NULL,
`ip_address` varchar(16) NOT NULL,
PRIMARY KEY (`log_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=16735 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_reservations`
--
CREATE TABLE IF NOT EXISTS `tbl_reservations` (
`res_id` bigint(20) NOT NULL AUTO_INCREMENT,
`vehicle_id` bigint(20) NOT NULL,
`user_id` int(11) NOT NULL,
`planned_passngr_no` varchar(2) COLLATE latin1_general_ci NOT NULL,
`coord_approval` varchar(15) COLLATE latin1_general_ci NOT NULL DEFAULT 'Approved',
`planned_depart_day_time` datetime NOT NULL,
`planned_return_day_time` datetime NOT NULL,
`overnight` tinyint(1) NOT NULL,
`childseat` tinyint(1) NOT NULL,
`destination` varchar(100) COLLATE latin1_general_ci NOT NULL,
`reservation_cancelled` tinyint(1) NOT NULL DEFAULT '0',
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`cancelled_by_driver` tinyint(1) NOT NULL DEFAULT '0',
`driver_cancelled_time` datetime DEFAULT NULL,
`key_no` varchar(4) COLLATE latin1_general_ci DEFAULT NULL,
`card_no` varchar(8) COLLATE latin1_general_ci DEFAULT NULL,
`billing_dept` varchar(4) COLLATE latin1_general_ci NOT NULL,
`assigned_driver` int(11) NOT NULL,
`repeating` tinyint(1) NOT NULL DEFAULT '0',
`res_delete_user` bigint(20) DEFAULT NULL,
`res_delete_datetime` datetime DEFAULT NULL,
`no_cost` tinyint(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`res_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=18416 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_restricted_charges`
--
CREATE TABLE IF NOT EXISTS `tbl_restricted_charges` (
`charge_id` int(11) NOT NULL AUTO_INCREMENT,
`vehicle_id` int(11) NOT NULL,
`charge_month` varchar(2) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`charge_year` char(4) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`dept_id` varchar(4) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`calc_method` varchar(50) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`total_charge` double NOT NULL,
`begin_mileage` varchar(7) CHARACTER SET latin1 COLLATE latin1_general_ci DEFAULT NULL,
`end_mileage` varchar(7) CHARACTER SET latin1 COLLATE latin1_general_ci DEFAULT NULL,
`rate` double DEFAULT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`charge_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=745 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_shop_tasks`
--
CREATE TABLE IF NOT EXISTS `tbl_shop_tasks` (
`task_id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`vehicle_id` int(11) NOT NULL,
`miles_reading_tech` varchar(7) COLLATE latin1_general_ci NOT NULL,
`last_mileage` varchar(7) COLLATE latin1_general_ci NOT NULL,
`work_type_id` tinyint(4) NOT NULL,
`work_start_date` date NOT NULL,
`next_oil` date NOT NULL,
`total_cost` double NOT NULL,
`parts_source` varchar(255) COLLATE latin1_general_ci NOT NULL,
`drive_test_done` tinyint(1) NOT NULL,
`task_complete` tinyint(1) NOT NULL,
`tech_comments` text COLLATE latin1_general_ci NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`invoice_no` varchar(50) COLLATE latin1_general_ci NOT NULL,
`vendor_name` varchar(50) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`task_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=40 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_special_notice`
--
CREATE TABLE IF NOT EXISTS `tbl_special_notice` (
`notice_id` int(11) NOT NULL AUTO_INCREMENT,
`notice_date` datetime NOT NULL,
`user_id` int(11) NOT NULL,
`notice_title` varchar(255) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`notice` text CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`notice_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_srvc_resvs`
--
CREATE TABLE IF NOT EXISTS `tbl_srvc_resvs` (
`srvc_id` int(11) NOT NULL AUTO_INCREMENT,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`vehicle_id` int(11) NOT NULL,
`from_date` datetime DEFAULT NULL,
`to_date` datetime DEFAULT NULL,
`is_cancelled` tinyint(1) NOT NULL DEFAULT '0',
`service_type` varchar(15) NOT NULL,
PRIMARY KEY (`srvc_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=235 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_srvc_resvs_details`
--
CREATE TABLE IF NOT EXISTS `tbl_srvc_resvs_details` (
`srvc_id` int(11) NOT NULL,
`res_id` bigint(20) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_temp_mass_emails`
--
CREATE TABLE IF NOT EXISTS `tbl_temp_mass_emails` (
`email_id` varchar(250) NOT NULL,
`driver_name` varchar(50) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_trip_details`
--
CREATE TABLE IF NOT EXISTS `tbl_trip_details` (
`trip_id` bigint(20) NOT NULL AUTO_INCREMENT,
`res_id` bigint(20) NOT NULL,
`begin_mileage` varchar(7) COLLATE latin1_general_ci NOT NULL,
`end_mileage` varchar(7) COLLATE latin1_general_ci NOT NULL,
`end_gas_percent` varchar(4) COLLATE latin1_general_ci NOT NULL,
`problem` tinyint(1) NOT NULL,
`desc_problem` text COLLATE latin1_general_ci NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`mile_charges` double NOT NULL,
`user_id` int(11) DEFAULT NULL,
PRIMARY KEY (`trip_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=13155 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_user`
--
CREATE TABLE IF NOT EXISTS `tbl_user` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`f_name` varchar(20) COLLATE latin1_general_ci NOT NULL,
`l_name` varchar(20) COLLATE latin1_general_ci NOT NULL,
`dept_id` varchar(4) COLLATE latin1_general_ci NOT NULL,
`phone` varchar(25) COLLATE latin1_general_ci NOT NULL,
`birth_date` date NOT NULL,
`license_no` varchar(20) COLLATE latin1_general_ci NOT NULL,
`license_state` varchar(15) COLLATE latin1_general_ci NOT NULL,
`license_expire` date NOT NULL,
`email` varchar(150) COLLATE latin1_general_ci NOT NULL,
`password` varchar(255) COLLATE latin1_general_ci DEFAULT NULL,
`drive_tested` varchar(30) COLLATE latin1_general_ci NOT NULL,
`test_date` date NOT NULL,
`end_permit` date NOT NULL,
`home_st_country` varchar(30) COLLATE latin1_general_ci NOT NULL,
`active` tinyint(1) NOT NULL DEFAULT '0',
`status_date` datetime DEFAULT NULL,
`user_group` tinyint(4) NOT NULL,
`user_type` varchar(20) COLLATE latin1_general_ci NOT NULL,
`photo` varchar(255) COLLATE latin1_general_ci NOT NULL,
`photo_link` varchar(255) COLLATE latin1_general_ci NOT NULL,
`comment` varchar(300) COLLATE latin1_general_ci NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`permit_type` varchar(5) COLLATE latin1_general_ci NOT NULL DEFAULT 'First',
`renew_date` date DEFAULT NULL,
`renew_text` varchar(200) COLLATE latin1_general_ci DEFAULT NULL,
`new_user` tinyint(1) NOT NULL DEFAULT '0',
`driver_permission` tinyint(1) NOT NULL DEFAULT '0',
`license_country` varchar(60) COLLATE latin1_general_ci NOT NULL,
`max_passengers` int(11) NOT NULL DEFAULT '15',
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=1695 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_user_comments`
--
CREATE TABLE IF NOT EXISTS `tbl_user_comments` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`posting_user_id` int(11) NOT NULL,
`about_user_id` int(11) NOT NULL,
`comments_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`comments` text NOT NULL,
`trip_id` bigint(20) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=248 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_user_group`
--
CREATE TABLE IF NOT EXISTS `tbl_user_group` (
`group_id` tinyint(4) NOT NULL AUTO_INCREMENT,
`group_name` varchar(50) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`group_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=7 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_vehicles`
--
CREATE TABLE IF NOT EXISTS `tbl_vehicles` (
`vehicle_id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`vehicle_no` varchar(12) COLLATE latin1_general_ci NOT NULL,
`vin_no` varchar(20) COLLATE latin1_general_ci NOT NULL,
`oil_filter` varchar(20) COLLATE latin1_general_ci NOT NULL,
`safety_date` date NOT NULL,
`registration_date` date NOT NULL,
`lic_plate_no` varchar(50) COLLATE latin1_general_ci NOT NULL,
`make_id` tinyint(4) NOT NULL,
`model` tinyint(4) NOT NULL,
`year_manuf` char(4) COLLATE latin1_general_ci NOT NULL,
`mileage_un` varchar(7) COLLATE latin1_general_ci NOT NULL,
`date_to_un` date NOT NULL,
`cost_to_un` double NOT NULL,
`cost_rate` double NOT NULL,
`passenger_cap` varchar(2) COLLATE latin1_general_ci NOT NULL,
`condition_tech` varchar(50) COLLATE latin1_general_ci NOT NULL,
`restriction` varchar(150) COLLATE latin1_general_ci NOT NULL,
`issues` varchar(255) COLLATE latin1_general_ci NOT NULL,
`active` tinyint(1) NOT NULL,
`restricted` tinyint(1) NOT NULL,
`date_revised` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`sold` tinyint(1) NOT NULL DEFAULT '0',
`sold_date` date DEFAULT NULL,
`admin_issues` text COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`vehicle_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=95 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_vehicle_brand`
--
CREATE TABLE IF NOT EXISTS `tbl_vehicle_brand` (
`brand_id` tinyint(4) NOT NULL AUTO_INCREMENT,
`brand_name` varchar(255) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`brand_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=6 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_vehicle_comments`
--
CREATE TABLE IF NOT EXISTS `tbl_vehicle_comments` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`posting_user_id` int(11) NOT NULL,
`vehicle_id` int(11) NOT NULL,
`comment_date` int(11) NOT NULL,
`comment_type` varchar(25) NOT NULL,
`comments` varchar(300) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_vehicle_type`
--
CREATE TABLE IF NOT EXISTS `tbl_vehicle_type` (
`v_type_id` tinyint(4) NOT NULL AUTO_INCREMENT,
`v_type` varchar(255) COLLATE latin1_general_ci NOT NULL,
`capacity` tinyint(4) NOT NULL,
PRIMARY KEY (`v_type_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=8 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_work_type`
--
CREATE TABLE IF NOT EXISTS `tbl_work_type` (
`work_type_id` tinyint(4) NOT NULL AUTO_INCREMENT,
`work_type` varchar(255) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`work_type_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=13 ;
-- --------------------------------------------------------
--
-- Stand-in structure for view `VW_DELETABLE_USER_LIST`
--
CREATE TABLE IF NOT EXISTS `VW_DELETABLE_USER_LIST` (
`user_id` int(11)
,`f_name` varchar(20)
,`l_name` varchar(20)
,`dept_name` varchar(50)
,`group_name` varchar(50)
,`reg_date` timestamp
,`res_id` bigint(20)
,`res_reg_date` timestamp
);
-- --------------------------------------------------------
--
-- Stand-in structure for view `VW_DELETABLE_USER_LIST_SUB`
--
CREATE TABLE IF NOT EXISTS `VW_DELETABLE_USER_LIST_SUB` (
`user_id` int(11)
,`res_id` bigint(20)
,`reg_date` timestamp
);
-- --------------------------------------------------------
--
-- Structure for view `VW_DELETABLE_USER_LIST`
--
DROP TABLE IF EXISTS `VW_DELETABLE_USER_LIST`;
-- in use(#1142 - SHOW VIEW command denied to user 'transport'@'localhost' for table 'VW_DELETABLE_USER_LIST')
-- --------------------------------------------------------
--
-- Structure for view `VW_DELETABLE_USER_LIST_SUB`
--
DROP TABLE IF EXISTS `VW_DELETABLE_USER_LIST_SUB`;
-- in use(#1142 - SHOW VIEW command denied to user 'transport'@'localhost' for table 'VW_DELETABLE_USER_LIST_SUB')
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
处理登录的代码如下:
if(isset($_POST["action"]) && $_POST["action"]=="login"){
$sUserName = $_POST["txtemail"];
$sPassword = $_POST["txtpassword"];
$iGROUP = $_POST["drpusergroup"];
if(isset($_POST["drpleaderdepts"]) && $_POST["drpleaderdepts"]!="") $iDEPT_ID = $_POST["drpleaderdepts"];
//$sLoginSQL = "select user_id, email, user_group from tbl_user where email = '".$sUserName."' and password = '".$sPassword."' and user_group = ".$iGROUP." and active = 1";
//if($iGROUP==$iGROUP_DRIVER || $iGROUP==$iGROUP_COORDINATOR_STAFF){
$sLoginSQL = "SELECT user_id FROM tbl_user WHERE email = '".$sUserName."' AND BINARY password = '".$sPassword."' AND user_group = ".$iGROUP;
$iRsLogin = mysql_query($sLoginSQL) or die(mysql_error());
if (mysql_num_rows($iRsLogin)<=0){
$sMessage = fn_Print_MSG_BOX("<li>Error!!! invalid login information, please try again.", "C_ERROR");
$bDRIVER_ERR_TITLE = "Invalid Information!";
$bDRIVER_ERR_MSG = "Your username or password is invalid, please try again.";
$bDRIVER_INACTIVE_ERR = true;
}else{
list($iUSER_ID) = mysql_fetch_row($iRsLogin);
$sSQL = "SELECT active, new_user FROM tbl_user WHERE user_id = ".$iUSER_ID;
$rsDRIVER = mysql_query($sSQL) or die(mysql_error());
if(mysql_num_rows($rsDRIVER)>0){
list($bACTIIVE, $bNEW_DRIVER) = mysql_fetch_row($rsDRIVER);
if($bACTIIVE==0 && $bNEW_DRIVER==1){ //DRIVER IS new
$bDRIVER_ERR_TITLE = "Not an approved account!";
$bDRIVER_ERR_MSG = "You are not yet been approved from Administration, please contact to Transportation Office";
$bDRIVER_INACTIVE_ERR = true;
$sMessage = fn_Print_MSG_BOX("<li>Error!!! You are not yet been approved from Administration, please contact to Transportation Office", "C_ERROR");
}elseif($bACTIIVE==0 && $bNEW_DRIVER==0){ //DRIVER is inactive
$bDRIVER_ERR_TITLE = "Inactive Account!";
if($iGROUP==$iGROUP_DRIVER || $iGROUP==$iGROUP_COORDINATOR_STAFF){
$bDRIVER_ERR_MSG = "Your account has been suspended...<br />you may need to change your home department..<br />contact transportation Office for more information";
$sMessage = fn_Print_MSG_BOX("<li>Error!!! Your account has been suspended...you may need to change your home department..<br />contact transportation Office for more information", "C_ERROR");
}else{
$bDRIVER_ERR_MSG = "Your account has been suspended...<br />contact administration for more information";
$sMessage = fn_Print_MSG_BOX("<li>Error!!! Your account has been suspended...<br />contact administration for more information", "C_ERROR");
}
$bDRIVER_INACTIVE_ERR = true;
}elseif($bACTIIVE==1 && $bNEW_DRIVER==0){
$_SESSION["User_ID"] = $iUSER_ID;
$_SESSION["User_Name"] = $sUserName;
$_SESSION["User_Group"] = $iGROUP;
$sIP_ADDRESS = getRealIpAddr();
//print("DATE==".date('Y-m-d H:i:s'));
//die();
$sSQL = "INSERT INTO tbl_log (user_id, login_datetime, ip_address) VALUES (".$_SESSION["User_ID"].", '".date('Y-m-d H:i:s')."', '".$sIP_ADDRESS."')";
$rsLOG = mysql_query($sSQL) or die(mysql_error());
if($iGROUP==$iGROUP_DRIVER || $iGROUP==$iGROUP_COORDINATOR_STAFF){
$_SESSION["load_counter"] = "1";
echo "<SCRIPT LANGUAGE='JAVASCRIPT'> window.location='reservations.php'</SCRIPT>";
}elseif($iGROUP==$iGROUP_TM){
echo "<SCRIPT LANGUAGE='JAVASCRIPT'> window.location='management.php'</SCRIPT>";
}elseif($iGROUP==$iGROUP_TC){
echo "<SCRIPT LANGUAGE='JAVASCRIPT'> window.location='admin.php'</SCRIPT>";
}elseif($iGROUP==$iGROUP_SERVICETCH){
echo "<SCRIPT LANGUAGE='JAVASCRIPT'> window.location='shopwork.php'</SCRIPT>";
}
}
}
}
}
答案 0 :(得分:3)
您的代码中存在一些安全漏洞,并且它们严重到足以保证答案,即使这不是您所要求的。希望其他人能解决这个问题。如果该系统在网络上存在,那么在解决之前将其删除是值得考虑的,这样您的用户数据就不会受到威胁。
您有两个安全问题需要及时处理。我可以尝试概述它们,但如果您的数据至少具有中等价值,那么我建议您参与可以进入并修复它们的承包商的服务。无论如何,他或她可能想要将你的角色集改为UTF-8!
考虑这个问题:
SELECT user_id FROM tbl_user WHERE email = '$sUserName'
AND BINARY password = '$sPassword'
AND user_group = $iGROUP;
假设你有这样的值:
$sUserName = "halfer@example.com";
$sPassword = "p@ssw0rd";
$iGROUP = 1;
好的,让我们尝试一下,这对于网络表单来说通常是微不足道的:
$sUserName = "halfer@example.com' OR user_id = 1 --";
$sPassword = "p@ssw0rd";
$iGROUP = 1;
这将创建一个如下所示的查询:
SELECT user_id FROM tbl_user WHERE email = 'halfer@example.com' OR user_id = 1 --'
AND BINARY password = 'p@ssw0rd'
AND user_group = 1;
由于我们使用了归结为此的评论设备--:
SELECT user_id FROM tbl_user WHERE email = 'halfer@example.com' OR user_id = 1;
现在,您可能没有halfer@example.com,但您几乎肯定会有ID为1的用户,而且他们可能会被标记为已批准的帐户。如果不是,攻击者可以继续尝试使用一些数字,并且可能会在几分钟内得到结果。
此问题的解决方案is very well documented。
假设您修复了上述漏洞,但存在另一个未知漏洞,无论如何您的数据库都被盗了。您的攻击者将拥有您的所有用户记录(可能足以进行身份欺诈),他们肯定会拥有大量的电子邮件地址和密码。
因此,他们会将它们提供给自动脚本,以便在Facebook,GMail,eBay,Hotmail以及某些银行网站上尝试这些凭据。他们会这样做,因为众所周知大多数人都会重复使用电子邮件/密码组合,即使专家告诉他们不要 ad adause 。
因此,如果您以明文形式存储密码,则表示您已帮助攻击者进行二次攻击,并且当您的用户遭受欺诈或经济损失时可以分担一些责任。 (我不知道是否有人因为次要攻击而被合法犯罪 - 这将是非常有趣的。)
此处的解决方案是password hashing。这是一种单向算法,很难逆转,并且大大减慢了重复使用攻击的速度。
答案 1 :(得分:0)
好的..我设法自己解决了如何将用户添加到数据库并授予自己管理员权限的权限。基本上通过阅读代码我遵循路径并基于phpCode归因的设置创建用户。这比我想象的要简单得多。
所以我们有(请主要注意第一行):
if($bACTIIVE==0 && $bNEW_DRIVER==1){ //DRIVER IS new
$bDRIVER_ERR_TITLE = "Not an approved account!";
$bDRIVER_ERR_MSG = "You are not yet been approved from Administration, please contact to Transportation Office";
$bDRIVER_INACTIVE_ERR = true;
$sMessage = fn_Print_MSG_BOX("<li>Error!!! You are not yet been approved from Administration, please contact to Transportation Office", "C_ERROR");
}elseif($bACTIIVE==0 && $bNEW_DRIVER==0){ //DRIVER is inactive
所以我创建了一个用户,我将他设置为($bACTIIVE==1 && $bNEW_DRIVER==0),但NEW_DRIVER是一个组,但在数据库中,用户默认设置为new_user=1,因此我将其更改为new_user=0 。创建了正确的组,在这样做的过程中,我能够在数据库中添加活动用户以登录网站。要授予自己管理员权限,我只需使用user_group中的ID将其添加到正确的admin_group。
感谢所有回复和帮助人员!