00stuff Posted December 5, 2017 Share Posted December 5, 2017 I'm getting and Error 500 from my server. I'm not sure why... I think it might be my code. Can someone take a look please. localhost is currently unable to handle this request. HTTP ERROR 500 <?php include("common/common.php"); include("../common/db_connector.php"); $email_sent = $_POST["inputEmail"]; $password_sent = md5($_POST["inputPassword"]); // Check database for user credentials... $sql = "SELECT * FROM users WHERE email = '$email_sent'"; $result = $conn->query($sql); if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { //checks for true conditions if password and meail match database...... if($email_sent == $row["email"] AND $password_sent == $row["password"]) { $_SESSION["username"] = $email_sent; echo "<script>window.location = 'dashboard/index.php';</script>"; } else { echo "<script>alert('access denied'); window.location = 'index.php';</script>"; } } } ////////////////////////////////////////////// ?> Quote Link to comment Share on other sites More sharing options...
requinix Posted December 5, 2017 Share Posted December 5, 2017 Check your server error log for a reason why. Quote Link to comment Share on other sites More sharing options...
Solution BigB Posted December 5, 2017 Solution Share Posted December 5, 2017 Create a page - ie my_error_find.php and include the file you are testing to see if you can generate a useful error. <?php ######### ERROR FINDING PAGE ######### ini_set('display_errors', 1); ini_set('display_startup_errors', 1); ini_set('error_reporting', E_ALL); error_reporting(E_ALL); error_reporting(-1); include("Your_file_name.php"); // <<== PATH TO FILE WITH ERRORS include("Your_file_name.php"); // <<== PATH TO FILE WITH ERRORS ?> 1 Quote Link to comment Share on other sites More sharing options...
Psycho Posted December 5, 2017 Share Posted December 5, 2017 Several problems with that code aside from the error you are getting. 1. Using user provided data directly in the query creating a risk of SQL injection. Should be using prepared statements. 2. Password is only hashed using MD5. This provides zero security. Use a proper password hashing process. 3. Isn't the email address unique for all users? If not, how would you know which user is logging in. If it is unique, then why is there a while() loop when running a query for records matching the email address? while($row = $result->fetch_assoc()) { 4. Since the query is only returning record matching the email address, why is there a need to do another check on the email of the results? if($email_sent == $row["email"] AND $password_sent == $row["password"]) { 1 Quote Link to comment Share on other sites More sharing options...
00stuff Posted December 6, 2017 Author Share Posted December 6, 2017 (edited) Create a page - ie my_error_find.php and include the file you are testing to see if you can generate a useful error. <?php ######### ERROR FINDING PAGE ######### ini_set('display_errors', 1); ini_set('display_startup_errors', 1); ini_set('error_reporting', E_ALL); error_reporting(E_ALL); error_reporting(-1); include("Your_file_name.php"); // <<== PATH TO FILE WITH ERRORS include("Your_file_name.php"); // <<== PATH TO FILE WITH ERRORS ?> Thanks for the advice. I created the error page and it showed me exactly what was wrong. It was a small typo on the include(file) line. I fixed it and now it works fine. Thanks. Edited December 6, 2017 by 00stuff 1 Quote Link to comment Share on other sites More sharing options...
BigB Posted December 6, 2017 Share Posted December 6, 2017 Your welcome, happy coding :-) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.