Hugo
Reputation: 145
How to import a MySQL database?
I am trying to move a DB to a new serve. My friend gave me the entire site and I uploaded to a server. He gave me a clean DB to avoid giving sensitive details. The site has a log in section, complete admin backend where I can populate the website for users to sign up but for some reason its missing a few things like my own admin access to the website and tables to give me access to the back end.
The database connected successfully. I am able to add users and values through the phpMyAdmin but I don't know how to give myself admin access.
Below is the code for the entire database file I uploaded to the server:
-- phpMyAdmin SQL Dump
-- version 4.0.10deb1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jul 21, 2016 at 02:03 PM
-- Server version: 5.5.49-0ubuntu0.14.04.1
-- PHP Version: 5.5.9-1ubuntu4.17
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
--
-- Database: `transportation`
--
-- --------------------------------------------------------
--
-- Table structure for table `tbl_3_vehicle_limit`
--
CREATE TABLE IF NOT EXISTS `tbl_3_vehicle_limit` (
`limit_id` int(11) NOT NULL AUTO_INCREMENT,
`soption` tinyint(4) NOT NULL,
`dept_id` varchar(4) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`user_id` int(11) NOT NULL,
`from_date` date NOT NULL,
`to_date` date NOT NULL,
PRIMARY KEY (`limit_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=48 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_abandon_trips`
--
CREATE TABLE IF NOT EXISTS `tbl_abandon_trips` (
`abandon_id` bigint(20) NOT NULL AUTO_INCREMENT,
`abandon_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`notes` text NOT NULL,
`res_id` bigint(20) NOT NULL,
`user_id` int(11) DEFAULT NULL,
`mile_charges` double NOT NULL,
`calculate_fine` tinyint(1) NOT NULL DEFAULT '0',
`miles` smallint(6) NOT NULL DEFAULT '25',
PRIMARY KEY (`abandon_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1106 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_comment_log`
--
CREATE TABLE IF NOT EXISTS `tbl_comment_log` (
`comment_id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`comments` text COLLATE latin1_general_ci NOT NULL,
`comment_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`comment_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=2 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_departments`
--
CREATE TABLE IF NOT EXISTS `tbl_departments` (
`dept_id` varchar(4) COLLATE latin1_general_ci NOT NULL,
`dept_name` varchar(50) COLLATE latin1_general_ci NOT NULL,
`leader_f_name` varchar(15) COLLATE latin1_general_ci NOT NULL,
`leader_l_name` varchar(15) COLLATE latin1_general_ci NOT NULL,
`leader_phone` varchar(25) COLLATE latin1_general_ci NOT NULL,
`leader_email` varchar(150) COLLATE latin1_general_ci NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`active` tinyint(1) NOT NULL DEFAULT '1',
`deactive_date` date DEFAULT NULL,
`dept_info` varchar(200) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`dept_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_driver_links_order`
--
CREATE TABLE IF NOT EXISTS `tbl_driver_links_order` (
`link_id` mediumint(9) NOT NULL,
`link_order` mediumint(9) NOT NULL,
`driver_login` tinyint(1) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_global_settings`
--
CREATE TABLE IF NOT EXISTS `tbl_global_settings` (
`id` int(11) NOT NULL,
`leader_code` varchar(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_info_links`
--
CREATE TABLE IF NOT EXISTS `tbl_info_links` (
`link_id` mediumint(9) NOT NULL AUTO_INCREMENT,
`link_title` varchar(100) NOT NULL,
`link_text` text NOT NULL,
`link_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`link_order` tinyint(4) NOT NULL DEFAULT '1',
`link_display_page` varchar(25) NOT NULL,
`link_display_flag` char(1) DEFAULT NULL,
PRIMARY KEY (`link_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=30 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_log`
--
CREATE TABLE IF NOT EXISTS `tbl_log` (
`log_id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`login_datetime` datetime NOT NULL,
`logout_datetime` datetime NOT NULL,
`ip_address` varchar(16) NOT NULL,
PRIMARY KEY (`log_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=16735 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_reservations`
--
CREATE TABLE IF NOT EXISTS `tbl_reservations` (
`res_id` bigint(20) NOT NULL AUTO_INCREMENT,
`vehicle_id` bigint(20) NOT NULL,
`user_id` int(11) NOT NULL,
`planned_passngr_no` varchar(2) COLLATE latin1_general_ci NOT NULL,
`coord_approval` varchar(15) COLLATE latin1_general_ci NOT NULL DEFAULT 'Approved',
`planned_depart_day_time` datetime NOT NULL,
`planned_return_day_time` datetime NOT NULL,
`overnight` tinyint(1) NOT NULL,
`childseat` tinyint(1) NOT NULL,
`destination` varchar(100) COLLATE latin1_general_ci NOT NULL,
`reservation_cancelled` tinyint(1) NOT NULL DEFAULT '0',
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`cancelled_by_driver` tinyint(1) NOT NULL DEFAULT '0',
`driver_cancelled_time` datetime DEFAULT NULL,
`key_no` varchar(4) COLLATE latin1_general_ci DEFAULT NULL,
`card_no` varchar(8) COLLATE latin1_general_ci DEFAULT NULL,
`billing_dept` varchar(4) COLLATE latin1_general_ci NOT NULL,
`assigned_driver` int(11) NOT NULL,
`repeating` tinyint(1) NOT NULL DEFAULT '0',
`res_delete_user` bigint(20) DEFAULT NULL,
`res_delete_datetime` datetime DEFAULT NULL,
`no_cost` tinyint(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`res_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=18416 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_restricted_charges`
--
CREATE TABLE IF NOT EXISTS `tbl_restricted_charges` (
`charge_id` int(11) NOT NULL AUTO_INCREMENT,
`vehicle_id` int(11) NOT NULL,
`charge_month` varchar(2) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`charge_year` char(4) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`dept_id` varchar(4) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`calc_method` varchar(50) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`total_charge` double NOT NULL,
`begin_mileage` varchar(7) CHARACTER SET latin1 COLLATE latin1_general_ci DEFAULT NULL,
`end_mileage` varchar(7) CHARACTER SET latin1 COLLATE latin1_general_ci DEFAULT NULL,
`rate` double DEFAULT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`charge_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=745 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_shop_tasks`
--
CREATE TABLE IF NOT EXISTS `tbl_shop_tasks` (
`task_id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`vehicle_id` int(11) NOT NULL,
`miles_reading_tech` varchar(7) COLLATE latin1_general_ci NOT NULL,
`last_mileage` varchar(7) COLLATE latin1_general_ci NOT NULL,
`work_type_id` tinyint(4) NOT NULL,
`work_start_date` date NOT NULL,
`next_oil` date NOT NULL,
`total_cost` double NOT NULL,
`parts_source` varchar(255) COLLATE latin1_general_ci NOT NULL,
`drive_test_done` tinyint(1) NOT NULL,
`task_complete` tinyint(1) NOT NULL,
`tech_comments` text COLLATE latin1_general_ci NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`invoice_no` varchar(50) COLLATE latin1_general_ci NOT NULL,
`vendor_name` varchar(50) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`task_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=40 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_special_notice`
--
CREATE TABLE IF NOT EXISTS `tbl_special_notice` (
`notice_id` int(11) NOT NULL AUTO_INCREMENT,
`notice_date` datetime NOT NULL,
`user_id` int(11) NOT NULL,
`notice_title` varchar(255) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
`notice` text CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`notice_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_srvc_resvs`
--
CREATE TABLE IF NOT EXISTS `tbl_srvc_resvs` (
`srvc_id` int(11) NOT NULL AUTO_INCREMENT,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`vehicle_id` int(11) NOT NULL,
`from_date` datetime DEFAULT NULL,
`to_date` datetime DEFAULT NULL,
`is_cancelled` tinyint(1) NOT NULL DEFAULT '0',
`service_type` varchar(15) NOT NULL,
PRIMARY KEY (`srvc_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=235 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_srvc_resvs_details`
--
CREATE TABLE IF NOT EXISTS `tbl_srvc_resvs_details` (
`srvc_id` int(11) NOT NULL,
`res_id` bigint(20) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_temp_mass_emails`
--
CREATE TABLE IF NOT EXISTS `tbl_temp_mass_emails` (
`email_id` varchar(250) NOT NULL,
`driver_name` varchar(50) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_trip_details`
--
CREATE TABLE IF NOT EXISTS `tbl_trip_details` (
`trip_id` bigint(20) NOT NULL AUTO_INCREMENT,
`res_id` bigint(20) NOT NULL,
`begin_mileage` varchar(7) COLLATE latin1_general_ci NOT NULL,
`end_mileage` varchar(7) COLLATE latin1_general_ci NOT NULL,
`end_gas_percent` varchar(4) COLLATE latin1_general_ci NOT NULL,
`problem` tinyint(1) NOT NULL,
`desc_problem` text COLLATE latin1_general_ci NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`mile_charges` double NOT NULL,
`user_id` int(11) DEFAULT NULL,
PRIMARY KEY (`trip_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=13155 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_user`
--
CREATE TABLE IF NOT EXISTS `tbl_user` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`f_name` varchar(20) COLLATE latin1_general_ci NOT NULL,
`l_name` varchar(20) COLLATE latin1_general_ci NOT NULL,
`dept_id` varchar(4) COLLATE latin1_general_ci NOT NULL,
`phone` varchar(25) COLLATE latin1_general_ci NOT NULL,
`birth_date` date NOT NULL,
`license_no` varchar(20) COLLATE latin1_general_ci NOT NULL,
`license_state` varchar(15) COLLATE latin1_general_ci NOT NULL,
`license_expire` date NOT NULL,
`email` varchar(150) COLLATE latin1_general_ci NOT NULL,
`password` varchar(255) COLLATE latin1_general_ci DEFAULT NULL,
`drive_tested` varchar(30) COLLATE latin1_general_ci NOT NULL,
`test_date` date NOT NULL,
`end_permit` date NOT NULL,
`home_st_country` varchar(30) COLLATE latin1_general_ci NOT NULL,
`active` tinyint(1) NOT NULL DEFAULT '0',
`status_date` datetime DEFAULT NULL,
`user_group` tinyint(4) NOT NULL,
`user_type` varchar(20) COLLATE latin1_general_ci NOT NULL,
`photo` varchar(255) COLLATE latin1_general_ci NOT NULL,
`photo_link` varchar(255) COLLATE latin1_general_ci NOT NULL,
`comment` varchar(300) COLLATE latin1_general_ci NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`permit_type` varchar(5) COLLATE latin1_general_ci NOT NULL DEFAULT 'First',
`renew_date` date DEFAULT NULL,
`renew_text` varchar(200) COLLATE latin1_general_ci DEFAULT NULL,
`new_user` tinyint(1) NOT NULL DEFAULT '0',
`driver_permission` tinyint(1) NOT NULL DEFAULT '0',
`license_country` varchar(60) COLLATE latin1_general_ci NOT NULL,
`max_passengers` int(11) NOT NULL DEFAULT '15',
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=1695 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_user_comments`
--
CREATE TABLE IF NOT EXISTS `tbl_user_comments` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`posting_user_id` int(11) NOT NULL,
`about_user_id` int(11) NOT NULL,
`comments_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`comments` text NOT NULL,
`trip_id` bigint(20) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=248 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_user_group`
--
CREATE TABLE IF NOT EXISTS `tbl_user_group` (
`group_id` tinyint(4) NOT NULL AUTO_INCREMENT,
`group_name` varchar(50) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`group_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=7 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_vehicles`
--
CREATE TABLE IF NOT EXISTS `tbl_vehicles` (
`vehicle_id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`vehicle_no` varchar(12) COLLATE latin1_general_ci NOT NULL,
`vin_no` varchar(20) COLLATE latin1_general_ci NOT NULL,
`oil_filter` varchar(20) COLLATE latin1_general_ci NOT NULL,
`safety_date` date NOT NULL,
`registration_date` date NOT NULL,
`lic_plate_no` varchar(50) COLLATE latin1_general_ci NOT NULL,
`make_id` tinyint(4) NOT NULL,
`model` tinyint(4) NOT NULL,
`year_manuf` char(4) COLLATE latin1_general_ci NOT NULL,
`mileage_un` varchar(7) COLLATE latin1_general_ci NOT NULL,
`date_to_un` date NOT NULL,
`cost_to_un` double NOT NULL,
`cost_rate` double NOT NULL,
`passenger_cap` varchar(2) COLLATE latin1_general_ci NOT NULL,
`condition_tech` varchar(50) COLLATE latin1_general_ci NOT NULL,
`restriction` varchar(150) COLLATE latin1_general_ci NOT NULL,
`issues` varchar(255) COLLATE latin1_general_ci NOT NULL,
`active` tinyint(1) NOT NULL,
`restricted` tinyint(1) NOT NULL,
`date_revised` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`sold` tinyint(1) NOT NULL DEFAULT '0',
`sold_date` date DEFAULT NULL,
`admin_issues` text COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`vehicle_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=95 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_vehicle_brand`
--
CREATE TABLE IF NOT EXISTS `tbl_vehicle_brand` (
`brand_id` tinyint(4) NOT NULL AUTO_INCREMENT,
`brand_name` varchar(255) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`brand_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=6 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_vehicle_comments`
--
CREATE TABLE IF NOT EXISTS `tbl_vehicle_comments` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`posting_user_id` int(11) NOT NULL,
`vehicle_id` int(11) NOT NULL,
`comment_date` int(11) NOT NULL,
`comment_type` varchar(25) NOT NULL,
`comments` varchar(300) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_vehicle_type`
--
CREATE TABLE IF NOT EXISTS `tbl_vehicle_type` (
`v_type_id` tinyint(4) NOT NULL AUTO_INCREMENT,
`v_type` varchar(255) COLLATE latin1_general_ci NOT NULL,
`capacity` tinyint(4) NOT NULL,
PRIMARY KEY (`v_type_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=8 ;
-- --------------------------------------------------------
--
-- Table structure for table `tbl_work_type`
--
CREATE TABLE IF NOT EXISTS `tbl_work_type` (
`work_type_id` tinyint(4) NOT NULL AUTO_INCREMENT,
`work_type` varchar(255) COLLATE latin1_general_ci NOT NULL,
PRIMARY KEY (`work_type_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=13 ;
-- --------------------------------------------------------
--
-- Stand-in structure for view `VW_DELETABLE_USER_LIST`
--
CREATE TABLE IF NOT EXISTS `VW_DELETABLE_USER_LIST` (
`user_id` int(11)
,`f_name` varchar(20)
,`l_name` varchar(20)
,`dept_name` varchar(50)
,`group_name` varchar(50)
,`reg_date` timestamp
,`res_id` bigint(20)
,`res_reg_date` timestamp
);
-- --------------------------------------------------------
--
-- Stand-in structure for view `VW_DELETABLE_USER_LIST_SUB`
--
CREATE TABLE IF NOT EXISTS `VW_DELETABLE_USER_LIST_SUB` (
`user_id` int(11)
,`res_id` bigint(20)
,`reg_date` timestamp
);
-- --------------------------------------------------------
--
-- Structure for view `VW_DELETABLE_USER_LIST`
--
DROP TABLE IF EXISTS `VW_DELETABLE_USER_LIST`;
-- in use(#1142 - SHOW VIEW command denied to user 'transport'@'localhost' for table 'VW_DELETABLE_USER_LIST')
-- --------------------------------------------------------
--
-- Structure for view `VW_DELETABLE_USER_LIST_SUB`
--
DROP TABLE IF EXISTS `VW_DELETABLE_USER_LIST_SUB`;
-- in use(#1142 - SHOW VIEW command denied to user 'transport'@'localhost' for table 'VW_DELETABLE_USER_LIST_SUB')
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
Code to process the log in goes as:
if(isset($_POST["action"]) && $_POST["action"]=="login"){
$sUserName = $_POST["txtemail"];
$sPassword = $_POST["txtpassword"];
$iGROUP = $_POST["drpusergroup"];
if(isset($_POST["drpleaderdepts"]) && $_POST["drpleaderdepts"]!="") $iDEPT_ID = $_POST["drpleaderdepts"];
//$sLoginSQL = "select user_id, email, user_group from tbl_user where email = '".$sUserName."' and password = '".$sPassword."' and user_group = ".$iGROUP." and active = 1";
//if($iGROUP==$iGROUP_DRIVER || $iGROUP==$iGROUP_COORDINATOR_STAFF){
$sLoginSQL = "SELECT user_id FROM tbl_user WHERE email = '".$sUserName."' AND BINARY password = '".$sPassword."' AND user_group = ".$iGROUP;
$iRsLogin = mysql_query($sLoginSQL) or die(mysql_error());
if (mysql_num_rows($iRsLogin)<=0){
$sMessage = fn_Print_MSG_BOX("<li>Error!!! invalid login information, please try again.", "C_ERROR");
$bDRIVER_ERR_TITLE = "Invalid Information!";
$bDRIVER_ERR_MSG = "Your username or password is invalid, please try again.";
$bDRIVER_INACTIVE_ERR = true;
}else{
list($iUSER_ID) = mysql_fetch_row($iRsLogin);
$sSQL = "SELECT active, new_user FROM tbl_user WHERE user_id = ".$iUSER_ID;
$rsDRIVER = mysql_query($sSQL) or die(mysql_error());
if(mysql_num_rows($rsDRIVER)>0){
list($bACTIIVE, $bNEW_DRIVER) = mysql_fetch_row($rsDRIVER);
if($bACTIIVE==0 && $bNEW_DRIVER==1){ //DRIVER IS new
$bDRIVER_ERR_TITLE = "Not an approved account!";
$bDRIVER_ERR_MSG = "You are not yet been approved from Administration, please contact to Transportation Office";
$bDRIVER_INACTIVE_ERR = true;
$sMessage = fn_Print_MSG_BOX("<li>Error!!! You are not yet been approved from Administration, please contact to Transportation Office", "C_ERROR");
}elseif($bACTIIVE==0 && $bNEW_DRIVER==0){ //DRIVER is inactive
$bDRIVER_ERR_TITLE = "Inactive Account!";
if($iGROUP==$iGROUP_DRIVER || $iGROUP==$iGROUP_COORDINATOR_STAFF){
$bDRIVER_ERR_MSG = "Your account has been suspended...<br />you may need to change your home department..<br />contact transportation Office for more information";
$sMessage = fn_Print_MSG_BOX("<li>Error!!! Your account has been suspended...you may need to change your home department..<br />contact transportation Office for more information", "C_ERROR");
}else{
$bDRIVER_ERR_MSG = "Your account has been suspended...<br />contact administration for more information";
$sMessage = fn_Print_MSG_BOX("<li>Error!!! Your account has been suspended...<br />contact administration for more information", "C_ERROR");
}
$bDRIVER_INACTIVE_ERR = true;
}elseif($bACTIIVE==1 && $bNEW_DRIVER==0){
$_SESSION["User_ID"] = $iUSER_ID;
$_SESSION["User_Name"] = $sUserName;
$_SESSION["User_Group"] = $iGROUP;
$sIP_ADDRESS = getRealIpAddr();
//print("DATE==".date('Y-m-d H:i:s'));
//die();
$sSQL = "INSERT INTO tbl_log (user_id, login_datetime, ip_address) VALUES (".$_SESSION["User_ID"].", '".date('Y-m-d H:i:s')."', '".$sIP_ADDRESS."')";
$rsLOG = mysql_query($sSQL) or die(mysql_error());
if($iGROUP==$iGROUP_DRIVER || $iGROUP==$iGROUP_COORDINATOR_STAFF){
$_SESSION["load_counter"] = "1";
echo "<SCRIPT LANGUAGE='JAVASCRIPT'> window.location='reservations.php'</SCRIPT>";
}elseif($iGROUP==$iGROUP_TM){
echo "<SCRIPT LANGUAGE='JAVASCRIPT'> window.location='management.php'</SCRIPT>";
}elseif($iGROUP==$iGROUP_TC){
echo "<SCRIPT LANGUAGE='JAVASCRIPT'> window.location='admin.php'</SCRIPT>";
}elseif($iGROUP==$iGROUP_SERVICETCH){
echo "<SCRIPT LANGUAGE='JAVASCRIPT'> window.location='shopwork.php'</SCRIPT>";
}
}
}
}
}
Upvotes: 0
Views: 133
Answers (2)
Hugo
Reputation: 145
Okay.. I managed to figure it out on my own how to add the user to the database and grant myself admin access. Basically by reading through the code I followed the path and created an user based on the settings attributed by the phpCode. This was more simpler than I thought.
So where we have(Please pay attention mainly to the first line):
if($bACTIIVE==0 && $bNEW_DRIVER==1){ //DRIVER IS new
$bDRIVER_ERR_TITLE = "Not an approved account!";
$bDRIVER_ERR_MSG = "You are not yet been approved from Administration, please contact to Transportation Office";
$bDRIVER_INACTIVE_ERR = true;
$sMessage = fn_Print_MSG_BOX("<li>Error!!! You are not yet been approved from Administration, please contact to Transportation Office", "C_ERROR");
}elseif($bACTIIVE==0 && $bNEW_DRIVER==0){ //DRIVER is inactive
So I created an user and I got him set to ($bACTIIVE==1 && $bNEW_DRIVER==0) but NEW_DRIVER was a group but in the DB the users were by default set to new_user=1 so I changed it to new_user=0. Created the proper groups and in doing this I was able to add active users in the database to log into the website. To grant myself admin access, I simply added them to the correct admin_group using the ID through the user_group.
Thanks for all the responses and help guys!
Upvotes: 0
halfer
Reputation: 20430
There are some security vulnerabilities in your code, and they are serious enough to warrant an answer, even though this is not quite what you were asking. Hopefully someone else will address that. If this system is live on the web then it would be worth considering taking it down until it is resolved, so that your users' data is not put at risk.
You have two security issues that need to be dealt with promptly. I can try to outline them but if your data is of at least moderate value then I recommend you engage the services of a contractor who can come in and fix them. He or she will probably want to change your character set to UTF-8 anyway!
SQL injection
Consider this query:
SELECT user_id FROM tbl_user WHERE email = '$sUserName'
AND BINARY password = '$sPassword'
AND user_group = $iGROUP;
The assumption is that you have values like this:
$sUserName = "[email protected]";
$sPassword = "p@ssw0rd";
$iGROUP = 1;
OK, so let's try something, which is usually trivial to do with web forms:
$sUserName = "[email protected]' OR user_id = 1 --";
$sPassword = "p@ssw0rd";
$iGROUP = 1;
That will create a query that looks like this:
SELECT user_id FROM tbl_user WHERE email = '[email protected]' OR user_id = 1 --'
AND BINARY password = 'p@ssw0rd'
AND user_group = 1;
Since we have used the comment device -- that boils down to this:
SELECT user_id FROM tbl_user WHERE email = '[email protected]' OR user_id = 1;
Now, you probably don't have [email protected] in there, but you almost certainly do have a user with an ID of 1, and moreover they are likely to be marked as an approved account. If they are not, an attacker could keep trying with a few numbers, and would be likely to get a result within a few minutes.
The solution to this problem is very well documented.
Plaintext passwords
Let's say you fix the above vulnerability, but that another unknown one exists, and your database gets stolen anyway. Your attacker will have all your user records (perhaps enough to conduct identity fraud) and they will certainly have lots of email addresses and passwords.
So they will feed them into an automated script to try those credentials in Facebook, GMail, eBay, Hotmail, and perhaps some banking sites too. They will do this because it is well-known that most people re-use email/password combinations, even though experts have told them not to ad nauseum.
Thus if you store passwords in plain text you have aided an attacker in a secondary attack, and can share some of the blame when your user suffers fraud or financial loss. (I don't know if anyone has been held legally culpable for a secondary attack - it would be very interesting to look into).
Your solution here is password hashing. This is a one-way algorithm that is very difficult to reverse, and slows re-use attacks down considerably.
Upvotes: 3
Related Questions
- How do I import a .sql file in mysql database using PHP?
- Importing a MySQL Database on Localhost
- Import sql file into MYSQL database using MYSQLAdmin or php
- How to export and import mysql database with its data using php script?
- Import .db file into MySql database
- How to Import Local MySQL Database to Web Server
- How to import .sql table file to mysql table
- import sql via php
- how to import mysql database
- Import MySQL file in PHP