chetans9 / core-php-admin-panel Goto Github PK
View Code? Open in Web Editor NEWAn Admin panel written in core php with CRUD, filters and pagination.
Home Page: http://freecs9.epizy.com/core-php-admin
An Admin panel written in core php with CRUD, filters and pagination.
Home Page: http://freecs9.epizy.com/core-php-admin
Hello,
First thanks for this wonderful php admin panel. One question, when I create a new element in the side bar, and I tried to make the update option works, always show the same record not matter wich row I selected. What Iยดm doing wrong?
On line 57: "fasle"
http://corephpadmin.000webhostapp.com/add_customer.php
i can add big name and more html code. its realy dangerous because i can add javascript and i can make lots off errors, bugs, and more. i can create malevare on site.
how to register for the first time super admin ุ
Hello @chetans9,
DESCRIPTION: I found a vulnerability in this project where I am able to brute force the add_customer function X number of times which may result in website breakage.
VULNERABILITY: No Rate Limiting
AFFECTED FUNCTIONALITY: Adding Customer (data) Functionality
PROOF OF CONCEPT:
Just visit: "http://freecs9.epizy.com/core-php-admin/customers.php" and you can literally see that I created a sample 500 customers. :)
IMPACT:
If the server or web host has a maximum limit of queries to be stored, this attack can exceed it and exploit the server/host by brute forcing the function request "limit+X" number of times. If it's a web hosting, the hosted project will be deleted/banned by the providers leading to data loss of this admin panel users. If it's a server, the server might go down because of storage fill.
HOW TO FIX:
Add a Rate Limiting functionality to this function and other related functionalities as well.
FOR REFERENCE:
https://helloacm.com/easy-rate-limit-in-php-using-simple-strategy-an-api-example/
https://stackoverflow.com/questions/4257678/php-rate-limiting-client
http://timoh6.github.io/2015/05/07/Rate-limiting-web-application-login-attempts.html
https://security.stackexchange.com/questions/116113/rate-limit-login-attempts-count-by-ip-or-username
https://code.tutsplus.com/tutorials/how-to-build-rate-limiting-into-your-web-app-login--cms-22133
SOME LIBRARIES FOR EASIER FIX & SECURITY:
https://github.com/sunspikes/php-ratelimiter
https://github.com/davedevelopment/stiphle
https://github.com/touhonoob/RateLimit
#SecuringOpenSource - @mufeedvh
Best Regards,
Mufeed VH (@mufeedvh)
Fashion
Fashion1
Fashion2
cannot pass multiple values with name "service_id[]" in checkbox its shows error field not existing..
name with name "service_id" working , but i need to pass multiple values
Given credentials are not working on Demo Link. Please check it and update it accordingly.
I am working on this admin but getting an issue on adding customer from customer form
I am trying to resolve this issue if anyone have already resolved this please tell me
Or
If only i am getting this issue please tell me!
Thanks in Advance
I can't sign in. "Invalid user name or password."
I tried admin admin.
I need super admin password, what is it?
I nee to know how select data between two dates and equal to id given
Date in my db look likes 2019-11-24 07:51:05
Post date like - 2019-11-14 and 2019-11-24
$db->where('o_id', $o_id);
$numorders = $db->getValue("tbl_orders", "count(*)");
It shows up when I try to update the password.
Uncaught Exception: Unknown column 'passwd' in 'field list' query: UPDATE admin_accounts SET `user_name` = ?, `passwd` = ?, `admin_type` = ? WHERE id = ? in /opt/lampp/htdocs/admin/lib/MysqliDb/MysqliDb.php:2006 Stack trace: #0 /opt/lampp/htdocs/admin/lib/MysqliDb/MysqliDb.php(1594): MysqliDb->_prepareQuery() #1 /opt/lampp/htdocs/admin/lib/MysqliDb/MysqliDb.php(913): MysqliDb->_buildQuery(NULL, Array) #2 /opt/lampp/htdocs/admin/edit_admin.php(48): MysqliDb->update('admin_accounts', Array) #3 {main} thrown in /opt/lampp/htdocs/admin/lib/MysqliDb/MysqliDb.php on line 2006
downloaded the zip extracted it, imported SQL into my database, opened the project in xampp and now on login page
using following credentials:
username: admin
password: admin
its always saying "Invalid user name or password"
I have also tried using different usernames in users table bt nothing works
wht are the credentials???
and is there any way I can pass authentication initially or change the password???
Hi.
Thanks for your great code.
I need a register page for users. How can I add this page?
entered login and passwd of admins into mysql manually, after that typed login and passwd credentials saying incorrect
I placed the files in htdocs and created the db with name corephpadmin as how it was default in config but this is the error reflected when I try login (either right user credential or a wrong, it takes to this error message)
Warning: mysqli::__construct(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php on line 323
Fatal error: Uncaught Exception: Connect Error 1045: Access denied for user 'root'@'localhost' (using password: YES) in C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php:326 Stack trace: #0 C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php(415): MysqliDb->connect('default') #1 C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php(1988): MysqliDb->mysqli() #2 C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php(1594): MysqliDb->_prepareQuery() #3 C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php(738): MysqliDb->_buildQuery(NULL) #4 C:\xampp\htdocs\corephpadmin\authenticate.php(14): MysqliDb->get('admin_accounts') #5 {main} thrown in C:\xampp\htdocs\corephpadmin\lib\MysqliDb\MysqliDb.php on line 326
Please help me to solve the issue, thank you
Weather this code is supported in PHP 7.0.27? Thanx in advance
Into project and Readme. MD are not written the steps to install the application.
It is not bug but some steps to install it should be appreciated
Hi there,
In the edit_customers.php file there is the following line:
($operation == 'edit') ? $edit = true : $edit = false;
Can a new operation be added to view records as well?
Then in the customers.php file the following could be added:
<a href="edit_customer.php?customer_id=<?php echo $row['id']; ?>&operation=view" class="btn btn-info"><i class="glyphicon glyphicon-eye-open"></i></a>
Is this possible?
Thanks
Hello,
This panel working fine on php 5.6.9. When i move code to php 7.4, it's showing many errors.
Fatal error: Uncaught Exception: Unknown column 'title, link, company_name, job_rel' in 'field list' query: INSERT INTO TABLE_NAME (title, link, company_name, job_rel
) VALUES (?, ?, ?, ?) in /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php:2008 Stack trace: #0 /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php(1594): MysqliDb->_prepareQuery() #1 /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php(1533): MysqliDb->_buildQuery() #2 /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php(820): MysqliDb->_buildInsert() #3 /var/www/html/demo/Dashboard/add_new_job.php(18): MysqliDb->insert() #4 {main} thrown in /var/www/html/demo/Dashboard/lib/MysqliDb/MysqliDb.php on line 2008
Hello ๐
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@cwavesoftware) has found a potential issue, which I would be eager to share with you.
Could you add a SECURITY.md
file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.
Looking forward to hearing from you ๐
(cc @huntr-helper)
Delete customer not working properly. I tried use mysqli but it not works too.
So after looking at the code for the login some HUGE security issues have come up!
Other than that its all very good!
Hello,
Is possible to share a database, for test. Thanks in adavnce.
@chetans9 thanks for your great work!
by the way, i have issue from my side when trying joining 2 tables.
I've read the doc from https://github.com/ThingEngineer/PHP-MySQLi-Database-Class
but i'm still confuse to use it, any suggest for it ?
Thanks.
distinct select method not working
Hi, im not having any issues, i am just curious on how i can select data from DB and show in a bootstrap dropdown menu?
something like this:
<div class="form-group">
<label for="equipment_used">Equipment used?:</label>
<select class="form-control" id="equipment_used" name="equipment_used" placeholder="Equipment used" placeholder="Equipment used" class="form-control" id ="equipment_used">
<option value="one">One</option>
<?php echo "<option value=" .$equipment['equipment_name']. ">" .$equipment['equipment_name']. "</option>"; ?>
<?php echo htmlspecialchars($row['equipment_name']); ?>
<option value="<?php echo htmlspecialchars($equipment['equipment_name'], ENT_QUOTES, 'UTF-8'); ?>"
<option value="<?=htmlspecialchars($equipment['equipment_name'], ENT_QUOTES, 'UTF-8'); ?>"><?=htmlspecialchars($equipment['equipment_name'], ENT_QUOTES, 'UTF-8') ?></option>
<option value="two">Two</option>
</select>
</div>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.