emen24 Posted August 6, 2014 Share Posted August 6, 2014 I am using PHP 5.3 iis7 and SLQ Server 2005. I know the script gets to the session part and creates a temp file in C:/windows/temp folder (see info below), but when I try to login and redirect to the index.php it give a 500 error on the login.php page. login.php index.php conifg.php temp file - C:\windows\temp <?php //set ini ini_set('session.gc_maxlifetime', 900); if(!ini_get('session.auto_start')){ session_start(); } // include file include ('config.php'); include (LIB_PATH.'functions.php'); include(LIB_PATH.'sqlsrv_connect.php'); if($_SESSION['user_id']){ Header("Location: index.php"); } if($_POST['submit']){ $user1 = trim($_POST['user']); $pass1 = trim($_POST['pass']); $user= "'$user1'"; $pass= "'$pass1'"; if($user == '' or $pass == ''){ $error = 'You forgot to enter your user_name and your password!'; }else{ $query = "SELECT * FROM users WHERE user_name = $user and pass = $pass"; $params = array(); $options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET ); $r = sqlsrv_query ($database, $query, $params, $options); $num = sqlsrv_num_rows($r); if ($num >0) { while ($user_data = sqlsrv_fetch_array($r, SQLSRV_FETCH_ASSOC)) { $_SESSION['user_id'] = $user_data['user_id']; $_SESSION['user_name'] = $user_data['user_name']; $_SESSION['user_level'] = $user_data['user_level']; $_SESSION['user_rep'] = $user_data['rep'];} Header("Location: index.php"); }else{ $error = 'Wrong username or password!'; } } } //template include(TEMP_PATH.'login_tpl.php'); ?> <?php //set ini ini_set('session.gc_maxlifetime', 900); if(!ini_get('session.auto_start')){ session_start(); } // include file include ('config.php'); //include (LIB_PATH.'functions.php'); include(LIB_PATH.'sqlsrv_connect.php'); if(!$_SESSION['user_id']){ Header("Location: login.php"); } $database //template include(TEMP_PATH.'index_tpl.php'); ?> <?php date_default_timezone_set('America/Los_Angeles'); //config directory define( 'DS', DIRECTORY_SEPARATOR ); define( 'DS', D ); define('SITE_PATH', dirname(__FILE__) . DS); define('LIB_PATH', SITE_PATH . 'lib' . DS); define('TEMP_PATH', SITE_PATH . 'templates' . DS); define('SO_PER_PAGE',20); ?> user_id|s:1:"6";user_name|s:2:"EM";user_level|s:1:"1";user_rep|s:0:""; Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted August 7, 2014 Share Posted August 7, 2014 Unfortunately, there are much worse problems than the 500 error. Instead of trying to debug this, I'd rather throw away the code, learn PHP and start from scratch. Sorry for being so harsh, but you appearently had a very, very bad teacher. Where do I start? If you happily drop any user input into your query strings, then you invite the whole world to change the queries and see what they can find in your database. They'll start with the plaintext passwords of your users. Plaintext passwords? Seriously? Removing spaces from the password is not a good idea. They are actually significant. How could $user or $password ever be empty when you've defined them as "'$user1'" and "'$pass1'"? A string with single quotes isn't empty. Why you would add quotes at this point is beyond me. Why do you have a loop for fetching all users with the provided username? Shouldn't there be at most one user per name? If you don't stop the script after doing a redirect, then it happily keeps running. That's probably not what you want and can lead to major security issues. There's absolutely no session security. However, I do admit that PHP sessions are difficult to handle for beginners. ... 1 Quote Link to comment Share on other sites More sharing options...
requinix Posted August 7, 2014 Share Posted August 7, 2014 500 error means there was an error. Check your logs for an indication why. You can also set error_reporting = -1 display_errors = onin your php.ini. Restart IIS after you do. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.