1

I have written a page that allows users to sign in. But it returns error 500. It will at least pass a specified error message if I comment out the $resultCheck variable. What is wrong with my $resultCheck? I'm using $conn for the signup page so I know that works. I also know $sql is correct because I ran the same command through MariaDB and it worked. I have a signup form that works properly so there is no issue with PHP interacting with MariaDB. I also have 0 syntax errors. Why on earth would it be giving me an error 500?

<?php

session_start();

if (isset($_POST['submit']))
{

include 'serv.db.php';

$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

//check if inputs are empty
if (empty($uid) || empty($pwd))
    {
    header("Location: signin.php?login=empty");
    exit();
    }   
else
    {

    $sql = "SELECT * FROM users WHERE user_uid='$uid';";
    $result = mysqli_query($conn, $sql);
    $resultCheck = mysqli_num_rows($result);
    if ($resultCheck < 1)
        {
            header("Location: signin.php?login=error");
            exit();     
        }
    else
        {
            if ($row = mysql_fetch_assoc($result))
            {
                //echo $row['user_uid'];
                //de-hash password
                $hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
                if ($hashedPwdCheck == false)
                {
                    header("Location: signin.php?login=error");
                    exit();
                }
                elseif ($hashedPwdCheck == true)
                {
                    //Sucessfully create user here.
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_first'] = $row['user_first'];
                    $_SESSION['u_last'] = $row['user_last'];
                    $_SESSION['u_email'] = $row['user_email'];
                    $_SESSION['u_uid'] = $row['user_iid'];
                    header("Location: signin.php?login=success");
                    exit();
                }
            }
        }
    }
}
else
{
header("Location: signin.php?");
exit();
}
user21303
  • 11
  • 3
  • 4
    Error 500 would suggest that you should check your server error logs for the real error. Or turn on [error display](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display). – Matt Gibson Jun 21 '18 at 17:41
  • I am using httpd with fedora 28. What log should i check? I’m new to this – user21303 Jun 21 '18 at 17:42
  • Depends on what you've set in the site configuration, but assuming your httpd is actually apache, you should probably be looking around somewhere in /var/log/apache, or something along those lines... – Matt Gibson Jun 21 '18 at 17:44
  • 3
    You cannot use `mysql_*` functions with `mysqli` – aynber Jun 21 '18 at 17:44
  • If it's a modern version of PHP, you might not be able to use mysql_* functions at all, let alone mix them with mysqli. I believe they've been removed from PHP version 7, and were marked as deprecated a long time before that... – Matt Gibson Jun 21 '18 at 17:47
  • I will return with a status update 7 hours from now. Thanks for your input – user21303 Jun 21 '18 at 18:01
  • As mentioned before, you used `mysql_fetch_assoc` on a resource returned by `mysqli_query` function call. Those are two different extensions, and as mentioned before, `mysql_*` extensions may no longer be supported – Peter Jun 21 '18 at 18:32
  • I changed the $row = mysql_fetch_assoc($result) in my if statement to $row = mysqli_fetch_assoc($result). It appears like it is working. I looked at the cookie and I have a PHPSESSID. Does this mean everything is working the way one would expect it to? Just checking. – user21303 Jun 22 '18 at 01:33

1 Answers1

1

The 500 Internal Server Error is a very general HTTP status code that means something has gone wrong on the website's server, but the server could not be more specific on what the exact problem is. A Permissions Error. In most cases, a 500 Internal Server Error is due to an incorrect permission on one or more files or folders. In most of those cases, an incorrect permission on a PHP script is to blame A PHP Timeout. If your script connects to external resources and those resources timeout, an HTTP 500 error can occur. Timeout rules, or better error handling in your script, should help if this is the cause of the 500 error. A Coding Error in .htaccess. While not as common, be sure to check that your site's .htaccess file is properly structured.

Ajay Kadoula
  • 316
  • 2
  • 13