Simple Client Management System in PHP with Source Code

Submitted by oretnom23 on Friday, November 5, 2021 - 16:07.

Language

Introduction

This is a Simple Client Management System in PHP and MySQL Database. This is a simple web-based application that provides an online platform to manage the clients' invoices for companies. The application was developed for educational purposes only and has a different process that can help new programmers and new to the PHP Language enhance and widen their programming capabilities. This application has a pleasant user interface and user-friendly functionalities.

About the Simple Client Management System

I developed this project using the following:

  • XAMPP v3.3.0 as my local webserver that has a PHP Version 8.0.7
  • PHP Language
  • MySQL Database
  • HTML
  • CSS
  • JavaScript
  • jQuery
  • Ajax
  • Bootstrap
  • AdminLTE
  • and some other plugins/libraries.

This Simple Client Management System has 2 modules which are the Admin Module and the Client Module. The Admin Module is the side of the system where company management manages the important list and information in the system such as the list of clients. Admin users are also in charge of managing the list of services does the company offers. The Client Module is the side of the system where the client can manage their invoices to the company they can only view and print the personal invoices of the services of the company.

Features

Admin Side

  • Secure Login and Logout
  • Dashboard
  • Manage Services List (CRUD)
  • Manage Client Records
    • Add New Client
    • List All Client
    • Edit/Update Client's Details
    • View Client's Details
    • Reset Client's Password Details
    • Print Client Details
    • Delete Client
  • Manage Invoices Records
    • Add New Client Invoice
    • List All Invoices
    • Edit/Update Invoice
    • View Invoice Details
    • Print Client's Invoice
    • Delete Client's Invoice
  • Manage Users list (CRUD)
  • Manage Account Details/Credentials
  • Manage System Information

Client-Side

  • Secure Login and Logout
  • List All Personal Invoices
  • View Invoice Details
  • Print Invoice Details
  • Update Account Information/Credentials

System Snapshots of some Features

Admin Dashboard

Simple Client Management System

Client Details (Admin-Side)

Simple Client Management System

Invoice Form (Admin-Side)

Simple Client Management System

Invoice Details (Client-Side)

Simple Client Management System

Update Account Information/Credentials Page (Client-Side)

Simple Client Management System

How to Run ??

Requirements

  • Download and Install any local web server such as XAMPP/WAMP.
  • Download the provided source code zip file. (download button is located below)

Installation/Setup

  1. Open your XAMPP/WAMP's Control Panel and start Apache and MySQL.
  2. Extract the downloaded source code zip file.
  3. If you are using XAMPP, copy the extracted source code folder and paste it into the XAMPP's "htdocs" directory. And If you are using WAMP, paste it into the "www" directory.
  4. Browse the PHPMyAdmin in a browser. i.e. http://localhost/phpmyadmin
  5. Create a new database naming cms_db.
  6. Import the provided SQL file. The file is known as cms_db.sql located inside the database folder.
  7. Browse the Simple Client Management System in a browser. i.e. http://localhost/cms/ for operator's/logging side and http://localhost/cms/admin for the admin side.

Default Admin Access Information

Username: admin
Password: admin123

DEMO VIDEO

Note: Client Access will be automatically created upon saving the client details at the admin side. The default password of the client is the same as the Client Code.

That's it. You can now explore the features and functionalities of this Simple Client Management System in PHP. I hope this project will help you with what you are looking for and you'll find something useful for your future projects.

Explore more on this website for more Free Source Codes and Tutorials.

Enjoy :)

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.

Virus note: All files are scanned once-a-day by SourceCodester.com for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.

FOR YOUR OWN SAFETY, PLEASE:

1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

Tags

Comments

Submitted bytopsec-pengyuyan (not verified)on Thu, 12/16/2021 - 10:24

Hello, the simple client management system has unauthorized access Vulnerability URL: http://localhost/cms/admin/login.php http://localhost/cms/login.php poc:username=admin' or 1=1 --+ password=123456 The source code involved is in / CMS / classes / login .phpIn the login () method of PHP: ---------------------------------------------------------------------------------------------- public function login(){ extract($_POST); $qry = $this->conn->query("SELECT * from users where username = '$username' and password = md5('$password')"); if($qry->num_rows > 0){ foreach($qry->fetch_array() as $k => $v){ if(!is_numeric($k) && $k != ' password'){ $this->settings->set_ userdata($k,$v); } } $this->settings->set_ userdata('login_type',1); return json_ encode(array('status'=>'success')); }else{ return json_ encode(array('status'=>'incorrect','last_qry'=>"SELECT * from users where username = '$username' and password = md5('$password') ")); } } ------------------------------------------------------------------------------------------------------ Causes: When username = admin 'or 1 = 1 -- +, $qry = $this - > conn - > query ("select * from users where username =' admin 'or 1 = 1 -- +' and password = MD5 ($password ')); In this way, you can bypass the mechanism and finally log in to the background as an administrator

I found out it is. I checked the code in the Login.php. To fix ist, simply find the Login.php with the public function login inside and change it to following: 
  1. public function login() {
  2.       // Avoiding extract which actually causes the start of the injection possibility
  3.       $username = isset($_POST['username']) ? $_POST['username'] : '';
  4.       $password = isset($_POST['password']) ? $_POST['password'] : '';
  5.  
  6.       // Validate and sanitize input if needed
  7.       $hashedPassword = md5($password); // Note: Consider using a more secure hashing algorithm like bcrypt
  8.  
  9.       $stmt = $this->conn->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
  10.       $stmt->bind_param("ss", $username, $hashedPassword);
  11.       $stmt->execute();
  12.       $result = $stmt->get_result();
  13.  
  14.       if ($result->num_rows > 0) {
  15.         $this->settings->set_userdata('login_type',1);
  16.         return json_encode(array('status'=>'success'));
  17.       } else {
  18.         return json_encode(array('status'=>'incorrect','last_qry'=>"SELECT * from users where username = '$username' and password = md5('$password') "));
  19.       }
  20.     }
Be my guest. Have a nice day!
Submitted byHaitham (not verified)on Tue, 02/01/2022 - 19:46

Add to List button not work

Add new comment

About text formats