1

What I'm Trying To Do

I'm creating a single-page members' area with a login form.

When logged in, the only thing the user should see (at this stage) is a button to logout.

What's going wrong

Whenever there is a match in the database (e.g. the username is correct, or both username and password are correct) there is a 500 Server Error.

Refreshing the page, regardless of if the password is a match, the user gets logged in.

When the user clicks the Logout link, there is also a 500 Server Error.

The Code

<?php 
session_start();

if(isset($_GET['logout'])&&$_GET['logout']==='true'){
    logout();
    header('location: ./');
}

if(isset($_POST['submit'])) {
    $email = $_POST['email'];
    $password = $_POST['password'];

    $hostname = 'REDACTED';
    $username = 'REDACTED';
    $password = 'REDACTED';
    $dbname   = 'REDACTED';

    try {
        $dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password);
    }

    catch(PDOException $e){
        echo($e->getMessage());
    }


    $stmt=$dbh->prepare('SELECT `password`, `id` FROM `tap_users` WHERE `email`=?');
    $stmt->execute(array($email));

    if($stmt->rowCount()==0){
        //incorrect username
        header('location: ./?error=user');
        exit();
    }
    $userData = $stmt->fetch(PDO::FETCH_ASSOC);

    if($password != $userData['password']) {
        //incorrect password
        header('location: ./?error=pass');
        exit();
    } else {
        validateUser($userData['id']);
        header('location: ./');
    }
}

?>

<head></head>

<body>

<?php
if(!isLoggedIn()) {
    show_login();
    exit();
}
?>

<a href="?logout=true">Logout</a>

</body>

</html>

<?php
//Show login form
function show_login(){
    echo    '<form method="post">
                <input type="text" name="email" placeholder="Email Address" />
                <input type="password" name="password" placeholder="Password" />
                <input type="submit" value="Submit" name="submit" />
            </form>

            </body>

            </html>';
}

//Check if a user is logged in
function isLoggedIn(){
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        return true;
    return false;
}

//validate the user
function validateUser($userid){
    //this is a security measure
    session_regenerate_id();
    $_SESSION['valid'] = 1;
    $_SESSION['userid'] = $userid;
}

//logout the user
function logout(){
    //destroy all of the session variables
    $_SESSION = array();
    session_destroy();
}
?>
Ben
  • 8,696
  • 7
  • 37
  • 72
  • 4
    Have you looked in the PHP error log? I'd also remove the Database Username and Password from your code snippet above.. – ajtrichards Jan 15 '15 at 16:43
  • 2
    Do you know how to use the `Network` tab on your browsers Development Tools? There should be a `Response` tab if you click one of the requests, and it should tell you the error. In Firefox or Chrome: `F12->Network->500 Request->Response` (Note may require a page reload before anything shows up in the `Network` tab) – Tim Lewis Jan 15 '15 at 16:44
  • @ajtrichards My hosting provider doesn't provide access to the PHP error log. There are no errors when I turn ono PHP Error Reporting. – Ben Jan 15 '15 at 16:45
  • @TimLewis I can't find a `Response` tab but under the `Network` tab there is no information provided. The console says `Failed to load resource: the server responded with a status of 500 (Internal Server Error)` and provides a link to the directory. – Ben Jan 15 '15 at 16:48
  • why do you have `return true;` than `return false;` in your `isLoggedIn()` function ? – Alex Jan 15 '15 at 16:48
  • 1
    @Alex That's a single line `if else` statement, they don't need the `{}` braces in that situation. – Tim Lewis Jan 15 '15 at 16:49
  • @BenPearlKahan Without details on the 500 Server Error, it will be hard to solve this issue... Follow these steps: Open the Developer Tools, Go to the Network Tab, Reload/Resend your Data, Click on the List Item that has a 500 Error, Press the Response Tab that appears to the right. If you still can't find it, I have no idea. Also, if you're using Internet Explorer, stop. – Tim Lewis Jan 15 '15 at 16:52
  • 1
    @TimLewis after reading your edit I refreshed the page and found the `Response` tab - it says that there was an error with the redirect; changing the `header` function from `location: ./xxxx` to `location: index.php?xxxxx` did the trick, thank you - although now it's logging on correctly regardless of whether the password is correct. One problem at a time! – Ben Jan 15 '15 at 16:54
  • @BenPearlKahan No problem! Those tools are a life saver, once you learn how to use them :P – Tim Lewis Jan 15 '15 at 16:56

2 Answers2

1

what you are doing is if user login is correct then you are redirecting to header('location: ./'); Maybe either you dont have index.php or directory index is off in your apache configuration.

do one thing change it to

header('location:index.php');

it will work.

this is not related to php or mysql, it is server configuration error.

vivex
  • 2,429
  • 1
  • 21
  • 30
  • This is along the right lines... changing from `location: ./?xxx` to `location: index.php?xxx` and it now works. – Ben Jan 15 '15 at 16:55
0

I ran your code through: online php code validator There doesn't seem to be any issues with syntax. The issue could be coming from a permission error on the file. Does the file have execution permissions for the user. in your ftp make sure that the permissions are set to 755. This should allow everyone to read and execute the php code. If that is not the issue then contact your host and ask for the errors, they should be able to give you that information. Another option is to create your own error logging in PHP. You can look at this old stack overflow post on this to continue on making all of your errors visible to a seperate file.

Community
  • 1
  • 1
Asheliahut
  • 841
  • 6
  • 11