GREAT IDEA but, it has some security flaws that you don't want on your website.

[Dave Smith]

Hello Griffin. I messed with this for a few days trying to get it set up. The database imported nicely to my MySQL on my HOME PC but, when I tried to import it into my MySQL on my Cpanel host, it wouldn't do it. It was giving me errors. I finally exported the sql that loaded into my HOME PC and imported that sql file to my cpanel.

I am not expert at php coding but, there is a bad security flaw in it. I almost had this program fully installed but, the last page when I went to log in with the correct password came up with some error. By the way my site got hacked and a spam bot had a go at it and it planted itself a mZcookie.php file right in the same page as your coding was. It also planted a connector.php file right on my main page. It was sending out messages like "Hi my name is Cheryl and I saw your picture and my heart started racing...blah blah blah" and it echoed my domain name along with her name before the @. My cpanel host flagged me and stopped all of my outgoing messages from going out. My Cpanel host told me an attack like this is because of old coding that hasn't been updated.

I don't know if this is the only bad coding but, your checklogin.php page has a bad security flaw on lines 61 to 63. The session_register function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0. The Globals in the new php are automatically turned off. I was seeing errors when I tried to log in with the correct password. When I tried to log in with the wrong password, it just brought me to the 2nd login page. There is more about php_register topic here: http://php.net/manual/en/function.session-register.php

This program script is really something that I want to work. I am probably the only one whom has even come close to getting to getting this script to work. Not many DJs are programmers. I hope the coding gets updated sometime soon. Also I hope more detailed installation instructions are made for cpanel users.

Thanks Griffin for you work here! Please update it soon and let me know when you have it updated!

~ Dave

[Ov3rwatch [JL Griffin]]

Hi Dave i am sorry you had issues, as of right now i wouldnt recommend putting this script on a production server, though if you would like to, i would recommend making permissions recursively on the entire folder 555 to allow read and execute but to stop anything from writing inside the folder. development on this project of mine hasnt been active for almost 2 years :P ive been extremely busy with other projects on top of running my DJ company. Im sure the entire thing is riddled with bad code as at the time of writing this i was only just starting my php education (it was meant as both a learning excercise and something for practical use) but have progressed significantly. once i finally have some more time im actually going to completely rewrite the software from the ground up with better code techniques such as cookie login system rather than a registered session, blowfish login excryption (i think right now im using an unsalted md5/sha1? what was i thinking??) as well as protection from sql injection attacks (mysql real escape strings) and of course the multiple ../ attack vulnerabilities that exist as is. im sure that spammer php document was added by using fopen in a form field somewhere on the script. which as a result of my inexperience at the time, i did not protect against in the script. you seem to have a lot of great ideas and if youd like i can add you to the project (not sure if you are a programmer or just code savvy) as a second set of eyes is always helpful! Thanks for the input! and hopefully i can get on this soon as its something i do desperately need for my own business as well.