0

I've recently come across this error when trying to log into my website. My PHP script stops when it comes to an if statement that validates the password. My hosting provider says the problem is on my end, however my code works on my testing server, aswell as another host server from a different provider. I'm confused as to why it is stopping. Any help would be amazing! It goes to the login-processing.php page, displays the echo statements up to "binding stmts" and then stops.

Console Error:

Failed to load resource: the server responded with a status of 500 (Internal Server Error)

PHP:

    <?php
    echo "before submit";
if (isset($_POST['submit']))
{
    echo "submitted";
    require_once 'db.php';
    $uid = $_POST['username'];
    $pwd = $_POST['password'];
    echo $uid . "  " . $pwd;
    if (empty($uid) || empty($pwd)) 
    {
        echo "fail1";
        exit();
    }
    else
    {
        echo "<br> <br> in query";
        $sql = "SELECT * FROM users WHERE uid = ?;";
        $stmt = mysqli_stmt_init($connection);
        if (!mysqli_stmt_prepare($stmt, $sql))
        {
            echo "fail2";
            exit();
        }
        else
        {
            echo "<br> <br> in final query";
            mysqli_stmt_bind_param($stmt, "s", $uid);
            mysqli_stmt_execute($stmt);
            echo "<br> <br> binding stmts";
            $result = mysqli_stmt_get_result($stmt);
            if ($row = mysqli_fetch_assoc($result))
            {
                echo "<br> <br> verifying password";
                $pwdCheck = password_verify($pwd, $row['pwd']);
                if ($pwdCheck == false) 
                {
                    echo "fail3";
                    exit();
                }
                elseif ($pwdCheck == true)
                {
                    echo "<br> <br> starting session";
                    session_start();
                    $_SESSION['id'] = $row['id'];
                    $_SESSION['uid'] = $row['uid'];
                    $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
                    $_SESSION['initiate'] = rand(0, 1000000);
                    header("Location: http://blog.com.au/blog.php");
                    exit();
                }
                else
                {
                    echo "fail4";
                    exit();
                }
            }
            else
            {
                echo "failed to verify";
                exit();
            }
        }
    }



}
else
{
    echo "fail5";
    exit();
}

HTML:

<form action="login-processing.php" method="post">
    <label>Username</label>
    <input type="text" name="username" placeholder="Username"><br>
    <label>Password</label>
    <input type="text" name="password" placeholder="Password"><br>
    <input type="submit" value="login!" name="submit">
</form>
M. Eriksson
  • 13,450
  • 4
  • 29
  • 40
akemedis
  • 414
  • 2
  • 6
  • 17
  • Check your web servers error log to see the actual error message. – M. Eriksson Jul 08 '19 at 15:01
  • A 500 error is a generic error message and covers pretty much every single thing that can go wrong with a script. Check your server error logs to find out the exact error message. – aynber Jul 08 '19 at 15:03
  • _Side note:_ `password_verify()` returns a bool (`true` or `false`), nothing else so having `if/elseif/else` (which handles three states) when checking the response seem a bit pointless. – M. Eriksson Jul 08 '19 at 15:07

0 Answers0