PHP Login script failing to connect PLEASE HELP

Beginners - Learning PHP
#1

Hi All. I am new to PHP and have slowly created a PHP login script however it is failing to connect. Please can someone advise. I am using a freenas hosting apache and using phpmyadmin.

The error i am getting is

“Warning: mysqli_connect(): (HY000/1130): Host ‘HostServer’ is not allowed to connect to this MySQL server in /usr/local/www/apache24/data/php/login.php on line 9
Database connection failed!Host ‘HostServer’ is not allowed to connect to this MySQL server”

[php]
$cookie_name = “loggedin”;

$servername = “192.168.0.2”;
$username = “root”;
$password = “XXXXXXXXXXXXXXX”;
$database = “homedb”;

$conn = mysqli_connect($servername, $username, $password, $database);

if (!$conn) {
die(“Database connection failed!”.mysqli_connect_error());
}

if (isset($_POST[‘login’]))
{
$user = $_POST[‘username’];
$pass = $_POST[‘password’];

$phash = sha1(sha1($pass."salt")."salt");
$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash';";

$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);

if ($count == 1)
{
	$cookie_value = $user;
	setcookie($cookie_name, $cookie_value, time() + (180), "/");
	header("Location: homepage.php");
}

Else
{
	echo "Username or Password is incorrect!";
}

}

else if (isset($_POST[‘register’]))
{
$user = $_POST[‘username’];
$pass = $_POST[‘password’];

$phash = sha1(sha1($pass."salt")."salt");
$sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$phash');";

$result = mysqli_query($conn, $sql);

}
[/php]

#2

You have many other problems. This is very poorly coded. You are creating variables for nothing, putting variables in your query and not using prepared statements, you are selecting everything instead of specific column names and using SHA1 on your passwords instead of properly using password_hash and you are outputting internal system errors to the user that is only good for hackers and you don’t stop the script after the header redirect and you are depending on the name of a button to be submitted for the script to work which will completely fail in certain cases.

I recommend you use PDO with prepared statements. Here is a good tutorial https://phpdelusions.net/pdo

#3

Thank you for the feedback. This is the very first PHP script i have ever built and self teaching on a local network. I will give the PDO a read and find a better way.

Thanks again :smiley:

Sponsor our Newsletter | Privacy Policy | Terms of Service