0

For some reason unknown to myself I am receiving a 500 error when I try to load a page with this login script. I know it is something to do with the IF statement but im not sure what

<?php  //Start the Session
session_start();
require('connect.php');
if (isset($_POST) & !empty($_POST)){
  $username = $_POST['username'];
  $password = $_POST['password'];

   $sql = $connection->prepare("SELECT * FROM login WHERE username=username");
   $sql->bindParam('username', $username);
   $sql->execute();
    if(($row = $sql->fetch()) && (password_verify($$password,$row['password']))){

              echo "hurray, you authenticated.<br/>";
          }
          else {
              //header("Location:../../login/login.p
  echo "invalid login<br/>";
}

?>

This is the registration script for reference

<?php
require_once('connect.php');
if(isset($_POST) && !empty($_POST)){
    $username = mysqli_real_escape_string($connection, $_POST['username']);
    $email = mysqli_real_escape_string($connection, $_POST['email']);
    $password =$_POST['password'];
    $password = password_hash($password,PASSWORD_BCRYPT);


    $sql = $connection->prepare("INSERT INTO `login` (username, email, password) VALUES (?, ?, ?)");
    $sql->bind_param("sss", $username, $email, $password);
    $sql->execute();
    if($sql){
        echo "User Rego Secussefull";
    }else{
        echo "User rego failed";
    }
 }

?>
Zach Newton
  • 47
  • 5
  • Your if statement short of a & ... And in your prepare statement username=username should change to username = :username and in your bind parameter use :username and in your registration script u use bind_param instead of bindparam. I'm sorry but your php is full of errors. Also you did not show your password verify function – Someone Special Dec 11 '16 at 04:28
  • In the login script, you should have `$password` not `$$password` as it is not a variable variable. Also check your prepare statement. It maybe reaplacing the wrong thing. Usually bound params are prefixed with a colon like so, `username=:username`. – meun5 Dec 11 '16 at 04:29

1 Answers1

1

you can change you prepare statment to username=:usernameand review you line if $$password this return the name of variable password. see more here (https://secure.php.net/manual/pt_BR/language.variables.variable.php)

You change to simplify your first if, to:

if (isset($_POST['username']) && isset($_POST['password']) {

or

if (empty($_POST) { // $_POST is global setted by default, but empty/null
wallacesilva09
  • 80
  • 4