login form Error 500 after clicking on submit Hi everyone, We have a group assignment in our php course and we are supposed to design a login system in PHP and MySQL. We wrote the form, the PHP script, created the database and everything is supposed to work except that when we enter the username and passwords specified on the database when you press the submit button, it brings us to a 500 internal error page. The code is in a file called index.php in the /login folder and it should grant access to a file located in the parent folder. Here is it:
<?php
// Initialize the session
session_start();
// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
header("location:../accessgranted.php");
exit;
}
// Include config file
require_once "db.php";
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
$username_ph = "Enter Username";
$password_ph = "Enter password";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if username is empty quoted th trim function because it caused the same 500 error when trying to run the login page
if(empty/*(trim*/($_POST["username"]/*)*/)){
$username_err = "Entrez votre nom d'utilisateur";
} else{
$username = trim($_POST["username"]);
}
// Check if password is empty
if(empty/*(trim*/($_POST["password"]/*)*/)){
$password_err = "Entrez votre mot de passe";
} else{
$password = trim($_POST["password"]);
}
// Validate credentials
if(!empty($username) && !empty($password)){
// Prepare a select statement
$sql = "SELECT id, username, password FROM Users WHERE username = ?";
if($stmt = mysqli_prepare($con, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
// Redirect user to welcome page
header("location: ../accessgranted.php");
} else{
// Display an error message if password is not valid
$password_err = "The password you entered was not valid.";
}
}//added
} else{
// Display an error message if username doesn't exist
$username_err = "No account found with that username.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($con);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ width: 350px; padding: 20px; }
</style>
</head>
<body>
<center>
<h1>Connection</h1>
<h2>Login Assignment</h2>
<div class="wrapper">
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<p align="left">Username</p>
<input type="text" name="username" class="form-control" value="<?php echo $username; ?>" placeholder="<?= $username_ph?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<p align="left">Password</p>
<input type="password" name="password" class="form-control" placeholder="<?= $password_ph?>" align="left">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
<p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
</form>
</div> </center>
</body>
</html>
We have to hand it before Sunday so your help would be much appreciated
