Hallo,
ik heb hier een script voor beveiligde pagina, offline werkt de site volledig met de wamp server zonder ook maar 1 fout, nu heb ik hem online geplaatst en krijg ik deze fout op deze pagina:
hieronder de data, die zogezegt de fout genereert:
Hier is de volledige code:
iemand een idee wat ik heb fout gedaan.
ik heb hier een script voor beveiligde pagina, offline werkt de site volledig met de wamp server zonder ook maar 1 fout, nu heb ik hem online geplaatst en krijg ik deze fout op deze pagina:
Code:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in
PHP:
if ($fetch = mysql_fetch_array( mysql_query("SELECT `loggedip` FROM `ipcheck` WHERE `loggedip`='$iptocheck'"))) {
$resultx = mysql_query("SELECT `failedattempts` FROM `ipcheck` WHERE `loggedip`='$iptocheck'");
Hier is de volledige code:
PHP:
session_start();
require('config.php');
if (($_SESSION['logged_in'])==TRUE) {
$iprecreate= $_SERVER['REMOTE_ADDR'];
$useragentrecreate=$_SERVER["HTTP_USER_AGENT"];
$signaturerecreate=$_SESSION['signature'];
$saltrecreate = substr($signaturerecreate, 0, $length_salt);
$originalhash = substr($signaturerecreate, $length_salt, 40);
$hashrecreate= sha1($saltrecreate.$iprecreate.$useragentrecreate);
if (!($hashrecreate==$originalhash)) {
header(sprintf("Location: %s", $forbidden_url));
exit;
}
if ((isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $sessiontimeout))) {
session_destroy();
session_unset();
$redirectback=$domain.'securelogin/';
header(sprintf("Location: %s", $redirectback));
}
$_SESSION['LAST_ACTIVITY'] = time();
}
$validationresults=TRUE;
$registered=TRUE;
$recaptchavalidation=TRUE;
$iptocheck= $_SERVER['REMOTE_ADDR'];
$iptocheck= mysql_real_escape_string($iptocheck);
if ($fetch = mysql_fetch_array( mysql_query("SELECT `loggedip` FROM `ipcheck` WHERE `loggedip`='$iptocheck'"))) {
$resultx = mysql_query("SELECT `failedattempts` FROM `ipcheck` WHERE `loggedip`='$iptocheck'");
$rowx = mysql_fetch_array($resultx);
$loginattempts_total = $rowx['failedattempts'];
If ($loginattempts_total>$maxfailedattempt) {
header(sprintf("Location: %s", $forbidden_url));
exit;
}
}
if (!isset($_SESSION['logged_in'])) {
$_SESSION['logged_in'] = FALSE;
}
if ((isset($_POST["pass"])) && (isset($_POST["user"])) && ($_SESSION['LAST_ACTIVITY']==FALSE)) {
function sanitize($data){
$data=trim($data);
$data=htmlspecialchars($data);
$data=mysql_real_escape_string($data);
return $data;
}
$user=sanitize($_POST["user"]);
$pass= sanitize($_POST["pass"]);
if (!($fetch = mysql_fetch_array( mysql_query("SELECT `username` FROM `authentication` WHERE `username`='$user'")))) {
$registered=FALSE;
}
if ($registered==TRUE) {
$result1 = mysql_query("SELECT `loginattempt` FROM `authentication` WHERE `username`='$user'");
$row = mysql_fetch_array($result1);
$loginattempts_username = $row['loginattempt'];
}
if(($loginattempts_username>2) || ($registered==FALSE) || ($loginattempts_total>2)) {
require_once('recaptchalib.php');
$resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$recaptchavalidation=FALSE;
} else {
$recaptchavalidation=TRUE;
}
}
if ($registered==TRUE) {
$result = mysql_query("SELECT `password` FROM `authentication` WHERE `username`='$user'");
$row = mysql_fetch_array($result);
$correctpassword = $row['password'];
$salt = substr($correctpassword, 0, 64);
$correcthash = substr($correctpassword, 64, 64);
$userhash = hash("sha256", $salt . $pass);
}
if ((!($userhash == $correcthash)) || ($registered==FALSE) || ($recaptchavalidation==FALSE)) {
$validationresults=FALSE;
if ($registered==TRUE) {
$loginattempts_username= $loginattempts_username + 1;
$loginattempts_username=intval($loginattempts_username);
mysql_query("UPDATE `authentication` SET `loginattempt` = '$loginattempts_username' WHERE `username` = '$user'");
if (!($fetch = mysql_fetch_array( mysql_query("SELECT `loggedip` FROM `ipcheck` WHERE `loggedip`='$iptocheck'")))) {
$loginattempts_total=1;
$loginattempts_total=intval($loginattempts_total);
mysql_query("INSERT INTO `ipcheck` (`loggedip`, `failedattempts`) VALUES ('$iptocheck', '$loginattempts_total')");
} else {
$loginattempts_total= $loginattempts_total + 1;
mysql_query("UPDATE `ipcheck` SET `failedattempts` = '$loginattempts_total' WHERE `loggedip` = '$iptocheck'");
}
}
if ($registered==FALSE) {
if (!($fetch = mysql_fetch_array( mysql_query("SELECT `loggedip` FROM `ipcheck` WHERE `loggedip`='$iptocheck'")))) {
$loginattempts_total=1;
$loginattempts_total=intval($loginattempts_total);
mysql_query("INSERT INTO `ipcheck` (`loggedip`, `failedattempts`) VALUES ('$iptocheck', '$loginattempts_total')");
} else {
$loginattempts_total= $loginattempts_total + 1;
mysql_query("UPDATE `ipcheck` SET `failedattempts` = '$loginattempts_total' WHERE `loggedip` = '$iptocheck'");
}
}
} else {
$loginattempts_username=0;
$loginattempts_total=0;
$loginattempts_username=intval($loginattempts_username);
$loginattempts_total=intval($loginattempts_total);
mysql_query("UPDATE `authentication` SET `loginattempt` = '$loginattempts_username' WHERE `username` = '$user'");
mysql_query("UPDATE `ipcheck` SET `failedattempts` = '$loginattempts_total' WHERE `loggedip` = '$iptocheck'");
function genRandomString() {
$length = 50;
$characters = "0123456789abcdef";
for ($p = 0; $p < $length ; $p++) {
$string .= $characters[mt_rand(0, strlen($characters))];
}
return $string;
}
$random=genRandomString();
$salt_ip= substr($random, 0, $length_salt);
$useragent=$_SERVER["HTTP_USER_AGENT"];
$hash_user= sha1($salt_ip.$iptocheck.$useragent);
$signature= $salt_ip.$hash_user;
session_regenerate_id();
$_SESSION['signature'] = $signature;
$_SESSION['logged_in'] = TRUE;
$_SESSION['LAST_ACTIVITY'] = time();
}
}
if (!$_SESSION['logged_in']):
?>