0

Getting 500 Error when redirecting to this php file.

everything pretty much ive tried.

Not sure if it has anything to do with my hosting provider, which I HIGHLY doubt. i've checked through the sql and php and everything seems to be fine, been stuck on it for a good while.

include("GlobalVariables.php");

$conn=mysqli_connect('this info is correct');
$email=$_POST["EMAIL"];
$username=$_POST["USERNAME"];
$password=$_POST["PASSWORD"];
$ip=$_SERVER['REMOTE_ADDR'];
$date = date('Y-m-d');

if (check_username_valid($conn,$username)==false){
    $check1 = inject_sql($conn,"SELECT * FROM `userdata` WHERE `ip` = '$ip'");
    $check2 = inject_sql($conn,"SELECT * FROM `userdata` WHERE `username`='$username'");
    if (mysqli_row_count($check)==$max_accounts&&$check2["username"]==null){
        inject_sql($conn,"INSERT INTO `userdata`(`ip`, `username`, `password`, `email`, `reg_date`, `verified`) VALUES ('$ip','$username','$password','$email','$date',false");
        echo "0";
        $check3 = inject_sql($conn,"SELECT * FROM `userdata` WHERE `reg_date` = '$date' AND `username` = '$username");
        echo "1";
        if ($check3["username"] == "$username"){
            echo "2";
            header('Location:../index.html');
        }
    }
    else{
        header('Location:../index.html');
    }
}
else{

}
Black Vein Beats
  • 1
  • 1
    500=check site error log(s) `$check` is never defined, i gues sit should be `$check1` the code is dangerously open to SQL injection attacks –  May 22 '19 at 01:25
  • What is `inject_sql()`? One of your functions? The only other obvious thing I see is that you have echos before `header('Location:../index.html');`, which will not work as the headers are already sent. This should only trigger a warning and skip execution of the `header()` functions though. – tshimkus May 22 '19 at 01:31
  • Please read about **[SQL injection](https://en.wikipedia.org/wiki/SQL_injection)**. Instead of building queries with string concatenation, use **[prepared statements](https://secure.php.net/manual/en/pdo.prepare.php)** with **[bound parameters](https://secure.php.net/manual/en/pdostatement.bindparam.php)**. See **[this page](https://phptherightway.com/#databases)** and **[this post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)** for some good examples. – John Conde May 22 '19 at 01:32
  • **Never store plain text passwords!** Please use **[PHP's built-in functions](//php.net/manual/en/function.password-hash.php)** to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)** (and you should consider upgrading to a supported version of PHP). Make sure you **[don't escape passwords](//stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. – John Conde May 22 '19 at 01:32
  • Always call `exit;` after using `header()` to perform a redirect otherwise the script execution is not terminated and you may get unexpected results. – John Conde May 22 '19 at 01:33
  • It could also be something in `GlobalVariables.php`, but rather than asking the Stack Overflow community to combo through your code looking for a mismatched quote (which I actually found - hint: `$check3`) please check your error log – tshimkus May 22 '19 at 01:33

0 Answers0