I made a website that include a login before you can actually use the functions in it. When I test it on my pc using local host it works just fine. I then created a platform on a QNap (it's basically a NAS) and I then replaced the localhost with the IP of the NAS where I also created a DB in phpmyadmin. The whole wesite it works just fine, but the login.php page won't work because the connection get's a timeout error. Here is the code for the login.php page, what's wrong?
<?php
//Start della sessione per tenere traccia dell'utente
session_start();
//Valori per connettersi al database
$host = "IP:Port";
$user = "root";
$password = "admin";
$db = "segnalazioni";
//Creazione connessione mysqli al database
$conn = mysqli_connect($host, $user, $password, $db);
//Errore che viene visualizzato in caso di login errato
$errore = "Tentativo di accesso non valido";
//Variabile visualizzata in caso l'username non e' specificato
$errorNoUsername = "Inserire i dati per loggare";
//Controllare se l'utente ha inserito l'username
if(isset($_POST['username'])){
//Se lo hanno fatto ecco le variabile per username e password
$userUsername = $_POST['username'];
$userPassword = $_POST['password'];
//Verifica se i dati esistono nel database
$sql = "SELECT * FROM utenti WHERE username='".$userUsername."' AND Password = '".$userPassword."'";
//Eseguire la query all'interno del database
$result = mysqli_query($conn, $sql);
//Controllare il risultato
if(mysqli_num_rows($result)==1){
//Sessione aperta con il nome utente
$_SESSION['username'] = $userUsername;
//Redirect nella location index.php
header("location:main.php");
} else {
//Messaggio di errore
echo $errore;
}
} else {
//Messaggio di errore in caso il username non e' specificato
echo $errorNoUsername;
}
?>
Inside my DB "segnalazioni" there's a Table called "utenti" when the users are stored (username and password). What's wrong with this code? If i replace the IP and the port with just "localhost" I can use it just fine on my local machine. (Yes the db name and the db table are the same on my pc and on my NAS)
The mysql server on the QNap may be not be reachable outside localhost, is a common security feature that should disabled only after some serious consideration.
You should use ssh tunneling for localhost connection from remote or at least use a firewall and filter inbound port and ips
Try to grant permissions from outside localhost:
mysql > GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'@'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Remember to restart the mysql service afterwards