Login Script failing with Internal Server Error 500.

[White_Lily]

Okay  - so i wrote a login script for a site im building. However when you click "Login" it goes to a login-handler.php script, which seems to only show an Internal Server Error 500. I've tried using error checking to no success as it still shows the same screen.

 

 

I'm hoping someone will be able to tell me what I have done wrong.

 

 

<?php


$log_user = $_POST["username"];
$log_pass = $_POST["password"];

if(empty($log_user))
{
	die "Please go back and fill in your username.";
}

if(empty($log_pass))
{
	die "Please go back and fill in your password.";
}

$sql = "SELECT * FROM users";
$res = mysql_query($sql);

if(mysql_num_rows($res) != 0)
{
	$row = mysql_fetch_assoc($res);

	$dbuser = $row["username"];
	$dbpass = $row["password"];

	if($log_user != $dbuser)
	{
		echo 'Please go back and enter a valid username.';
	}

	if($log_pass != $dbpass)
	{
		echo 'Please go back and enter a valid password.';
	}

	if($log_user == $dbuser && $log_pass == $dbpass)
	{
		session_register($log_user);
		session_register($log_pass);
		header("Location: index.php");
	}

}
else
{
	echo "There doesn't appear to be any users in the database.";
}


?>

[floridaflatlander]

Try

 

$res = mysql_query($sql) or die("Error: ".mysqli_error($dbc));

 

And see what happens

 

[PFMaBiSmAd]

In case it has not already been suggested in one of your threads, when developing and debugging php code, you need to have php's error_reporting set to E_ALL and display_errors set to ON in your master php.ini on your development system so that php will report and display all the errors it detects. You will save a TON of time. Stop and start your web server to get any changes made to the master php.ini to take effect and confirm that the two settings actually got changed in case the php.ini that php is using is not the one that you changed.

[PFMaBiSmAd]

@floridaflatlander,

 

You are mixing mysql_ (no i) and mysqli_ (with an i) statements. That won't work.

[The Little Guy]

If you are using php 5.4 session_register() was removed, 5.3 it was deprecated.

 

I also see that you are not connecting to a database but trying to do a query.

[White_Lily]

The little guy: The connection is brought in further up the page in the header - this works as the other pages are fine with the connection.

 

PFM: Read my original question AGAIN and you will see ive already tried error reporting >_>

 

[PFMaBiSmAd]

You may have tried something to get php to display and report errors, but it didn't work or it didn't work in the context of where you used it. We also cannot help you with what you tried unless you state or show what it is you did to turn those two settings on.

 

The 500 http code means that the response sent out was incomplete. For a php page that generally means a fatal parse or runtime error. You cannot set php's error_reporting/display_errors settings in your script and have it show fatal parse errors in the main file because your script is never executed to turn on the settings.

[White_Lily]

If session_register() can't be used, what else do i use?

 

In the php.ini file how do i turn on error reporting?

 

[White_Lily]

this is iwhat is in my php.ini file at the moment:

 

error_reporting = -1

display errors = On

upload tmp dir = /tmp/

 

[PFMaBiSmAd]

If session_register() can't be used, what else do i use?

 

1) You place a session_start() statement, before outputting anything to the browser, on any page that sets or references a $_SESSION variable.

 

2) You use $_SESSION variables and assign values to them - $_SESSION['log_user'] = $dbuser; or reference them - if(isset($_SESSION['log_user'])){...}

 

this is iwhat is in my php.ini file at the moment:

 

Did you -

Stop and start your web server to get any changes made to the master php.ini to take effect and confirm that the two settings actually got changed in case the php.ini that php is using is not the one that you changed.

[White_Lily]

I don't have access to the web-server :/

 

 

[darkfreaks]

redid the code with Zero errors and 1 warning....

 

<?php
$log_user = $_POST["username"];
$log_pass = $_POST["password"];

$log_user = isset($log_user) ? (string)$log_user : 'Please go back and fill in your username.';
$log_pass= isset($log_pass) ? (string)$log_pass : 'Please go back and fill in your password.';	

$sql = "SELECT * FROM users";
$res = mysql_query($sql);


if(mysql_num_rows($res) !== 0)	

{
$row = mysql_fetch_assoc($res);


$dbuser = $row["username"];
$dbpass = $row["password"];


if($log_user !== $dbuser)
{
echo 'Please go back and enter a valid username.';
}

if($log_pass !== $dbpass)
{

echo 'Please go back and enter a valid password.';
}

if($log_user === $dbuser && $log_pass === $dbpass)
{

//session_register($log_user); (deprecated in PHP 5.3 & 5.4)

$_SESSION['log_user'] = $log_user;

//session_register($log_pass); (deprecated in PHP 5.3 & 5.4)

$_SESSION['log_pass'] = $log_pass;


header("Location: index.php");


}
}



else
{
echo "There doesn't appear to be any users in the database.";

}


?>

[White_Lily]

Thank you darkfreaks, that code seems to work

[darkfreaks]

your quite welcome don't forget to mark as solved

[PFMaBiSmAd]

I don't have access to the web-server :/

 

You should be learning php, developing php code, and debugging php code on a local development system. By trying to use a live server for learning and development, you are wasting countless hours or your life that you will never get back by uploading your code each time to see the result of each change. Also, since code often contains security holes until it is complete and tested, by doing this on a live server you have a greater risk of a hacker taking over your web site.

[White_Lily]

New problem found with logging in.

 

 

With the code I have, it only only allows the first user in the database to login, when ever a different user tries to login it days for them to go back and enter a valid username.

 

 

The username & password I entered were valid because I copied and pasted them from the database.

[Mahngiel]

The username & password I entered were valid because I copied and pasted them from the database.

 

if you can copy/paste user credentials from the database, you need to start over and read about hashing.

[White_Lily]

If i wanted the password to be hashed i would of asked how to, but thats not what im asking - im asking why is it only letting the first user login and no other user? >_>

[PFMaBiSmAd]

You need to look at the logic of your code. Your query is matching all the rows (no WHERE clause), then you retrieve/fetch the first row from the result set and test if the entered username/password matches that row.

 

You need to use a WHERE clause in the query statement to try to find if the entered username/password matches a row in your table - WHERE username = '$log_user' AND password = '$log_pass'. You would then test how many rows the query matched to determine if the entered username/password was found in the table.

[White_Lily]

Right - thank you, PFM, that worked perfectly