PHp - submit page returns Internal Server Error

StackOverflow https://stackoverflow.com/questions/13597925

Question

I'm making a flat file login system and when I click the submit the button on the login.php page it goes to protected.php and returns Internal Server Error, but when I just load the protected.php page without using the form everything turns out fine.

login.php

<html>
    <link rel="stylesheet" type="text/css" href="style.css">
    <body>
        <center><img src="logo.png"></center>
        <div id="login">
            <form action="protected.php" method="post">
            </br>
            Username  <input type="text" name="user" class="text"/>
            <p></p>
            Password <input type="password"" name="pass" class="text" />
            <p></p>
                <input type="submit" value="Login" class="button">
            </form>
        </div>
    </body>
</html>

protected.php

<?php
$usr = "admin";
$pass = "admin";

$iusr = $_POST["user"];
$ipass = $_POST["pass"];

if ($iuser !== $usr || $ipass !== $ipass) {
?>
<html>
<script type="text/javascript">
<!--
window.location = "login.php"
//-->
</script>
</html>
<?php
}
?>
<html>
    <link rel="stylesheet" type="text/css" href="style.css">
    <body>

    </body>
</html>

Please help! Thanks in advance!

Was it helpful?

Solution

The "Internal Server Error" could mean several things, but most likely means an error in your PHP code. This will require setting the display_errors property to "1" in your php.ini. The problem might also be a startup error, so you may wish to also consider the display_startup_errors property.

http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors

Two comments about the code, unrelated to your question: 1) the expression $ipass !== $ipass seems like a typo, as it will always return FALSE, and 2) this "security" is easily bypassed by turning javascript off. Consider using header() for redirects instead.

http://us2.php.net/manual/en/function.header.php

EDIT: ... in this specific case, the error is use of the variable $iuser, which is undefined. You'd previously declared it as $iusr. Turning on error reporting or looking at the log will present you with good error messages to find these sorts of problems easily.

OTHER TIPS

login.php

<html>
<link rel="stylesheet" type="text/css" href="style.css">
<body>
    <center><img src="logo.png"></center>
    <div id="login">
        <form action="protected.php" method="POST">
        </br>
        Username  <input type="text" name="user" class="text"/>
        <p></p>
        Password <input type="password"" name="password" class="text" />
        <p></p>
            <input type="submit" name="submit" value="Login" class="button">
        </form>
    </div>
</body>

protected.php

<?php
$usr = "admin";
$pass = "admin";

$iusr = $_POST["user"];
$ipass = $_POST["password"];
if(isset($_POST["submit"])){
if ($iusr != $usr || $ipass != $pass) {
?>
<html>
<script type="text/javascript">

window.location = "login.php"

</script>
</html>
<?php
}}
?>
<html>
<link rel="stylesheet" type="text/css" href="style.css">
<body>

</body>

The problem is in your protected.php file you have written a wrong condition your code has ($iuser !== $usr it should be if ($iusr !== $usr || $ipass !== $pass) { also condition $ipass !== $ipass should be like $ipass !== $pass below is the updated protected.php file

<?php
$usr = "admin";
$pass = "admin";

$iusr = $_POST["user"];
$ipass = $_POST["pass"];

if ($iusr !== $usr || $ipass !== $pass) {
    ?>
    <html>
        <script type="text/javascript">
            window.location = "login.php"
        </script>
    </html>
    <?php
}
?>
<html>
    <link rel="stylesheet" type="text/css" href="style.css">
    <body>
        Login success
    </body>
</html>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top