Jump to content


Login php with session not redirecting to index.php

login session redirect iis7 header

  • Please log in to reply
2 replies to this topic

#1 emen24

  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 06 August 2014 - 07:50 PM

I am using PHP 5.3  iis7 and SLQ Server 2005. I know the script gets to the session part and creates a temp file in C:/windows/temp folder (see info below), but when I try to login and redirect to the index.php  it give a 500 error on the login.php page.





temp file - C:\windows\temp

//set ini
ini_set('session.gc_maxlifetime', 900);
// include file
include ('config.php');
include (LIB_PATH.'functions.php');
			Header("Location: index.php"); 

	$user1 = trim($_POST['user']);
	$pass1 = trim($_POST['pass']);
$user= "'$user1'";
$pass= "'$pass1'";

	if($user == '' or $pass == ''){
		$error = 'You forgot to enter your user_name and your password!';
		$query = "SELECT * FROM users WHERE user_name = $user and pass = $pass";
		$params = array();
		$options =  array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
		$r = sqlsrv_query ($database, $query, $params, $options);


$num = sqlsrv_num_rows($r);
		if ($num >0) {
while ($user_data = sqlsrv_fetch_array($r, SQLSRV_FETCH_ASSOC)) {
		$_SESSION['user_id'] 	= $user_data['user_id'];
		$_SESSION['user_name'] = $user_data['user_name'];
		$_SESSION['user_level'] = $user_data['user_level'];
		$_SESSION['user_rep'] 	= $user_data['rep'];}
			Header("Location: index.php"); 

			$error = 'Wrong username or password!';



//set ini
ini_set('session.gc_maxlifetime', 900);
// include file
include ('config.php');

//include (LIB_PATH.'functions.php');


	Header("Location: login.php");




//config directory
define( 'DS', D );
define('SITE_PATH', dirname(__FILE__) . DS);
define('LIB_PATH', SITE_PATH . 'lib' . DS);
define('TEMP_PATH', SITE_PATH . 'templates' . DS);



#2 Jacques1

  • Members
  • PipPipPip
  • Turtles all the way down
  • 4,224 posts

Posted 07 August 2014 - 07:11 PM

Unfortunately, there are much worse problems than the 500 error. Instead of trying to debug this, I'd rather throw away the code, learn PHP and start from scratch.


Sorry for being so harsh, but you appearently had a very, very bad teacher. Where do I start?

  • If you happily drop any user input into your query strings, then you invite the whole world to change the queries and see what they can find in your database. They'll start with the plaintext passwords of your users.
  • Plaintext passwords? Seriously?
  • Removing spaces from the password is not a good idea. They are actually significant.
  • How could $user or $password ever be empty when you've defined them as "'$user1'" and "'$pass1'"? A string with single quotes isn't empty. Why you would add quotes at this point is beyond me.
  • Why do you have a loop for fetching all users with the provided username? Shouldn't there be at most one user per name?
  • If you don't stop the script after doing a redirect, then it happily keeps running. That's probably not what you want and can lead to major security issues.
  • There's absolutely no session security. However, I do admit that PHP sessions are difficult to handle for beginners.
  • ...

#3 requinix

  • Administrators
  • Lazy Administrator
  • 9,374 posts
  • LocationWA

Posted 07 August 2014 - 07:30 PM

500 error means there was an error. Check your logs for an indication why.

You can also set
error_reporting = -1
display_errors = on
in your php.ini. Restart IIS after you do.
The Reimann Zeta Function Trolley Problem | "Summer is when I, the great ice fairy, can show my true power!"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users