Jump to content

Recommended Posts

Okay  - so i wrote a login script for a site im building. However when you click "Login" it goes to a login-handler.php script, which seems to only show an Internal Server Error 500. I've tried using error checking to no success as it still shows the same screen.

 

 

I'm hoping someone will be able to tell me what I have done wrong.

 

 

<?php


$log_user = $_POST["username"];
$log_pass = $_POST["password"];

if(empty($log_user))
{
	die "Please go back and fill in your username.";
}

if(empty($log_pass))
{
	die "Please go back and fill in your password.";
}

$sql = "SELECT * FROM users";
$res = mysql_query($sql);

if(mysql_num_rows($res) != 0)
{
	$row = mysql_fetch_assoc($res);

	$dbuser = $row["username"];
	$dbpass = $row["password"];

	if($log_user != $dbuser)
	{
		echo 'Please go back and enter a valid username.';
	}

	if($log_pass != $dbpass)
	{
		echo 'Please go back and enter a valid password.';
	}

	if($log_user == $dbuser && $log_pass == $dbpass)
	{
		session_register($log_user);
		session_register($log_pass);
		header("Location: index.php");
	}

}
else
{
	echo "There doesn't appear to be any users in the database.";
}


?>

In case it has not already been suggested in one of your threads, when developing and debugging php code, you need to have php's error_reporting set to E_ALL and display_errors set to ON in your master php.ini on your development system so that php will report and display all the errors it detects. You will save a TON of time. Stop and start your web server to get any changes made to the master php.ini to take effect and confirm that the two settings actually got changed in case the php.ini that php is using is not the one that you changed.

The little guy: The connection is brought in further up the page in the header - this works as the other pages are fine with the connection.

 

PFM: Read my original question AGAIN and you will see ive already tried error reporting >_>

 

You may have tried something to get php to display and report errors, but it didn't work or it didn't work in the context of where you used it. We also cannot help you with what you tried unless you state or show what it is you did to turn those two settings on.

 

The 500 http code means that the response sent out was incomplete. For a php page that generally means a fatal parse or runtime error. You cannot set php's error_reporting/display_errors settings in your script and have it show fatal parse errors in the main file because your script is never executed to turn on the settings.

If session_register() can't be used, what else do i use?

 

1) You place a session_start() statement, before outputting anything to the browser, on any page that sets or references a $_SESSION variable.

 

2) You use $_SESSION variables and assign values to them - $_SESSION['log_user'] = $dbuser; or reference them - if(isset($_SESSION['log_user'])){...}

 

this is iwhat is in my php.ini file at the moment:

 

Did you -

Stop and start your web server to get any changes made to the master php.ini to take effect and confirm that the two settings actually got changed in case the php.ini that php is using is not the one that you changed.

redid the code with Zero errors and 1 warning....

 

<?php
$log_user = $_POST["username"];
$log_pass = $_POST["password"];

$log_user = isset($log_user) ? (string)$log_user : 'Please go back and fill in your username.';
$log_pass= isset($log_pass) ? (string)$log_pass : 'Please go back and fill in your password.';	

$sql = "SELECT * FROM users";
$res = mysql_query($sql);


if(mysql_num_rows($res) !== 0)	

{
$row = mysql_fetch_assoc($res);


$dbuser = $row["username"];
$dbpass = $row["password"];


if($log_user !== $dbuser)
{
echo 'Please go back and enter a valid username.';
}

if($log_pass !== $dbpass)
{

echo 'Please go back and enter a valid password.';
}

if($log_user === $dbuser && $log_pass === $dbpass)
{

//session_register($log_user); (deprecated in PHP 5.3 & 5.4)

$_SESSION['log_user'] = $log_user;

//session_register($log_pass); (deprecated in PHP 5.3 & 5.4)

$_SESSION['log_pass'] = $log_pass;


header("Location: index.php");


}
}



else
{
echo "There doesn't appear to be any users in the database.";

}


?>

I don't have access to the web-server :/

 

You should be learning php, developing php code, and debugging php code on a local development system. By trying to use a live server for learning and development, you are wasting countless hours or your life that you will never get back by uploading your code each time to see the result of each change. Also, since code often contains security holes until it is complete and tested, by doing this on a live server you have a greater risk of a hacker taking over your web site.

New problem found with logging in.

 

 

With the code I have, it only only allows the first user in the database to login, when ever a different user tries to login it days for them to go back and enter a valid username.

 

 

The username & password I entered were valid because I copied and pasted them from the database.

You need to look at the logic of your code. Your query is matching all the rows (no WHERE clause), then you retrieve/fetch the first row from the result set and test if the entered username/password matches that row.

 

You need to use a WHERE clause in the query statement to try to find if the entered username/password matches a row in your table - WHERE username = '$log_user' AND password = '$log_pass'. You would then test how many rows the query matched to determine if the entered username/password was found in the table.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.