I need super admin password, what is it?

Into project and Readme. MD are not written the steps to install the application.
It is not bug but some steps to install it should be appreciated

Hello,

This panel working fine on php 5.6.9. When i move code to php 7.4, it's showing many errors.

Fatal error: Uncaught Exception: Unknown column 'title, link, company_name, job_rel' in 'field list' query: INSERT INTO TABLE_NAME (title, link, company_name, job_rel) VALUES (?, ?, ?, ?) in /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php:2008 Stack trace: #0 /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php(1594): MysqliDb->_prepareQuery() #1 /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php(1533): MysqliDb->_buildQuery() #2 /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php(820): MysqliDb->_buildInsert() #3 /var/www/html/demo/Dashboard/add_new_job.php(18): MysqliDb->insert() #4 {main} thrown in /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php on line 2008

So after looking at the code for the login some HUGE security issues have come up!

• MD5 on the passwords! HUGE no no... Use password_hash()!
• Storing the password as a cookie and using that to remember the user! Means I only need the hash to get into an account! Easy with a MITM attack.

Other than that its all very good!

I nee to know how select data between two dates and equal to id given

Date in my db look likes 2019-11-24 07:51:05

Post date like - 2019-11-14 and 2019-11-24

$db->where('o_id', $o_id);
$numorders = $db->getValue("tbl_orders", "count(*)");

Hello @chetans9,

DESCRIPTION: I found a vulnerability in this project where I am able to brute force the add_customer function X number of times which may result in website breakage.

VULNERABILITY: No Rate Limiting

AFFECTED FUNCTIONALITY: Adding Customer (data) Functionality

PROOF OF CONCEPT:
Just visit: "http://freecs9.epizy.com/core-php-admin/customers.php" and you can literally see that I created a sample 500 customers. :)

IMPACT:
If the server or web host has a maximum limit of queries to be stored, this attack can exceed it and exploit the server/host by brute forcing the function request "limit+X" number of times. If it's a web hosting, the hosted project will be deleted/banned by the providers leading to data loss of this admin panel users. If it's a server, the server might go down because of storage fill.

HOW TO FIX:
Add a Rate Limiting functionality to this function and other related functionalities as well.

FOR REFERENCE:
https://helloacm.com/easy-rate-limit-in-php-using-simple-strategy-an-api-example/
https://stackoverflow.com/questions/4257678/php-rate-limiting-client
http://timoh6.github.io/2015/05/07/Rate-limiting-web-application-login-attempts.html
https://security.stackexchange.com/questions/116113/rate-limit-login-attempts-count-by-ip-or-username
https://code.tutsplus.com/tutorials/how-to-build-rate-limiting-into-your-web-app-login--cms-22133

SOME LIBRARIES FOR EASIER FIX & SECURITY:
https://github.com/sunspikes/php-ratelimiter
https://github.com/davedevelopment/stiphle
https://github.com/touhonoob/RateLimit

#SecuringOpenSource - @mufeedvh

Best Regards,
Mufeed VH (@mufeedvh)

I can't sign in. "Invalid user name or password."
I tried admin admin.

Weather this code is supported in PHP 7.0.27? Thanx in advance

entered login and passwd of admins into mysql manually, after that typed login and passwd credentials saying incorrect

distinct select method not working

I am working on this admin but getting an issue on adding customer from customer form

I am trying to resolve this issue if anyone have already resolved this please tell me
Or
If only i am getting this issue please tell me!

Thanks in Advance

Hi there,

In the edit_customers.php file there is the following line:
($operation == 'edit') ? $edit = true : $edit = false;

Can a new operation be added to view records as well?

Then in the customers.php file the following could be added:
<a href="edit_customer.php?customer_id=<?php echo $row['id']; ?>&operation=view" class="btn btn-info"><i class="glyphicon glyphicon-eye-open"></i></a>

Is this possible?

Thanks

Fashion
Fashion1
Fashion2

cannot pass multiple values with name "service_id[]" in checkbox its shows error field not existing..

name with name "service_id" working , but i need to pass multiple values

Hello,

First thanks for this wonderful php admin panel. One question, when I create a new element in the side bar, and I tried to make the update option works, always show the same record not matter wich row I selected. What I´m doing wrong?

downloaded the zip extracted it, imported SQL into my database, opened the project in xampp and now on login page

using following credentials:
username: admin
password: admin

its always saying "Invalid user name or password"

I have also tried using different usernames in users table bt nothing works

wht are the credentials???
and is there any way I can pass authentication initially or change the password???

It shows up when I try to update the password.

Uncaught Exception: Unknown column 'passwd' in 'field list' query: UPDATE admin_accounts SET `user_name` = ?, `passwd` = ?, `admin_type` = ? WHERE id = ? in /opt/lampp/htdocs/admin/lib/MysqliDb/MysqliDb.php:2006 Stack trace: #0 /opt/lampp/htdocs/admin/lib/MysqliDb/MysqliDb.php(1594): MysqliDb->_prepareQuery() #1 /opt/lampp/htdocs/admin/lib/MysqliDb/MysqliDb.php(913): MysqliDb->_buildQuery(NULL, Array) #2 /opt/lampp/htdocs/admin/edit_admin.php(48): MysqliDb->update('admin_accounts', Array) #3 {main} thrown in /opt/lampp/htdocs/admin/lib/MysqliDb/MysqliDb.php on line 2006

On line 57: "fasle"

I placed the files in htdocs and created the db with name corephpadmin as how it was default in config but this is the error reflected when I try login (either right user credential or a wrong, it takes to this error message)

Warning: mysqli::__construct(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php on line 323

Fatal error: Uncaught Exception: Connect Error 1045: Access denied for user 'root'@'localhost' (using password: YES) in C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php:326 Stack trace: #0 C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php(415): MysqliDb->connect('default') #1 C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php(1988): MysqliDb->mysqli() #2 C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php(1594): MysqliDb->_prepareQuery() #3 C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php(738): MysqliDb->_buildQuery(NULL) #4 C:\xampp\htdocs\corephpadmin\authenticate.php(14): MysqliDb->get('admin_accounts') #5 {main} thrown in C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php on line 326

Please help me to solve the issue, thank you

Hi.
Thanks for your great code.
I need a register page for users. How can I add this page?

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@cwavesoftware) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

Hi, im not having any issues, i am just curious on how i can select data from DB and show in a bootstrap dropdown menu?

something like this:

<div class="form-group">
<label for="equipment_used">Equipment used?:</label>
    <select class="form-control" id="equipment_used" name="equipment_used" placeholder="Equipment used"  placeholder="Equipment used" class="form-control" id ="equipment_used">
        <option value="one">One</option>

        <?php echo "<option value=" .$equipment['equipment_name']. ">" .$equipment['equipment_name']. "</option>"; ?>

        <?php echo htmlspecialchars($row['equipment_name']); ?>
        <option value="<?php echo htmlspecialchars($equipment['equipment_name'], ENT_QUOTES, 'UTF-8'); ?>"
        <option value="<?=htmlspecialchars($equipment['equipment_name'], ENT_QUOTES, 'UTF-8'); ?>"><?=htmlspecialchars($equipment['equipment_name'], ENT_QUOTES, 'UTF-8') ?></option>
        <option value="two">Two</option>
    </select>
</div>

Given credentials are not working on Demo Link. Please check it and update it accordingly.

Hello,

Is possible to share a database, for test. Thanks in adavnce.

@chetans9 thanks for your great work!
by the way, i have issue from my side when trying joining 2 tables.
I've read the doc from https://github.com/ThingEngineer/PHP-MySQLi-Database-Class
but i'm still confuse to use it, any suggest for it ?
Thanks.

Delete customer not working properly. I tried use mysqli but it not works too.

http://corephpadmin.000webhostapp.com/add_customer.php
i can add big name and more html code. its realy dangerous because i can add javascript and i can make lots off errors, bugs, and more. i can create malevare on site.

how to register for the first time super admin ؟

HI "Tasks" part doesnt do anything