User Account System: HTTP Error 500 (Internal Server Error)

Post here is you are having problems with any of the tutorials.
Post Reply
User avatar
jaspermuc
Posts: 8
Joined: Tue Mar 26, 2013 12:07 am

User Account System: HTTP Error 500 (Internal Server Error)

Post by jaspermuc »

Hi

thank you so much for the tutorial! It is exactly what I have been looking for and it was a breeze following you through the 5 parts. Unfortunately it seems as if my php/connection to database isn't really working.

At first it was displaying the html just plain - meaning if I typed in something and hit enter it didn't do anything but loading a white page.

Then I must have changed something in the init.inc.php because now it doesn't do anything except displaying a plain white page when I open one of the documents (in firefox and safari). In Chrome I get the following:

Image

It would be great if you guys could help me!
Than you so much again,

Jasper

//edited: replaced ' with `
//edited: Includes error reporting and few less minor code improvements

Login.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username / Password incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content=text/html; charset=utf-8" /">
		<link rel="stylesheet" type"text/css" href="ext/css/style.css" />
		<title></title>
	</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false){
				?>
				<ul>
					<?php
					
					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
			<?php
				
			}else{
				echo 'Need an account ? <a href="register.php">Register here</a>';
			}
			
			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<input type="submit" value="Login" />
			</p>
		</form>
	</body>
</html>
Logout.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

session_start();

$_SESSION = array();

session_destroy();

header('Location: protected.php');

?>
Register.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'The password verification failed.';
	}
	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken.';
	}
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content=text/html; charset=utf-8" /">
		<link rel="stylesheet" type"text/css" href="ext/css/style.css" />
		<title></title>
	</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false){
				?>
				<ul>
					<?php
					
					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
				<?php
			}
			
			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<label for="repeat_password">Repeat Password:</label>
				<input type="password" name="repeat_password" id="repeat_password" />
			</p>
			<p>
				<input type="submit" value="Register" />
			</p>
		</form>
	</body>
</html>
init.inc.php
<?php
ob_start();
session_start();
error_reporting(E_ALL);
ini_set('display_errors', '1');


$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'root', 'root');
mysql_select_db('user_system');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>
user.inc.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

//checks if the given username exists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == `1`) ? true : false;
}

//checks if the given username and password combination is valid.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = shal($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == `1`) ? true : false;
}

//adds a user to the database.
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = shal($pass);
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
} 

?>
protected.php
<?php 
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<title></title>
	</head>
	<body>
		<p>
			You are logged in as <?php echo $_SESSION['username']; ?>
		</p>
		<p>
			<a href="logout.php">Logout?</a>
		</p>
	</body>
</html>
Last edited by jaspermuc on Wed Mar 27, 2013 1:40 pm, edited 4 times in total.
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by ExtremeGaming »

The SQL highlighting makes it sort of hard to read but I'll try...

First, you want to remove connection details from your first code block.

In your second code block, all those apostrophes in your sql statements around column names and table names from your database are going to cause errors. Change them to backticks: `` and leave the variables alone, they're fine.

With all that, there really is no reason for a 500 error. You may want to check your .htaccess file (if applies) and see if there are any errors. It would help to know which code block is for which page.
<?php while(!$succeed = try()); ?>
User avatar
jaspermuc
Posts: 8
Joined: Tue Mar 26, 2013 12:07 am

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by jaspermuc »

Thanks a lot for the answer! My browser does show me the single pages the php still doesn't work - the html shows but there is no functionality.

Those are the connection details from my local mamp host. I don't know what you mean by removing them?
Do you mean from the internet, so that nobody can see them? In this case I don't really care because they are the standard user and password for every mamp user - so they are not particularly secret.
Or do you mean for some troubleshooting?


I replaced some (//:edited)
'
with
`
in the init.inc.php file. I also did it everywhere in this file (because I used the 'replace all function') - should I change that back or is it fine to use the same?

Here are all new code blocks with the file names:

Login.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username / Password incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content=text/html; charset=utf-8" /">
		<link rel="stylesheet" type"text/css" href="ext/css/style.css" />
		<title></title>
	</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false){
				?>
				<ul>
					<?php
					
					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
			<?php
				
			}else{
				echo 'Need an account ? <a href="register.php">Register here</a>';
			}
			
			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<input type="submit" value="Login" />
			</p>
		</form>
	</body>
</html>
Logout.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

session_start();

$_SESSION = array();

session_destroy();

header('Location: protected.php');

?>
Register.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'The password verification failed.';
	}
	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken.';
	}
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content=text/html; charset=utf-8" /">
		<link rel="stylesheet" type"text/css" href="ext/css/style.css" />
		<title></title>
	</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false){
				?>
				<ul>
					<?php
					
					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
				<?php
			}
			
			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<label for="repeat_password">Repeat Password:</label>
				<input type="password" name="repeat_password" id="repeat_password" />
			</p>
			<p>
				<input type="submit" value="Register" />
			</p>
		</form>
	</body>
</html>
init.inc.php
<?php
ob_start();
session_start();

error_reporting(E_ALL);
ini_set('display_errors', '1');

$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'root', 'root');
mysql_select_db('user_system');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>
user.inc.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

//checks if the given username exists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == `1`) ? true : false;
}

//checks if the given username and password combination is valid.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = shal($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == `1`) ? true : false;
}

//adds a user to the database.
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = shal($pass);
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
} 

?>
protected.php
<?php 
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<title></title>
	</head>
	<body>
		<p>
			You are logged in as <?php echo $_SESSION['username']; ?>
		</p>
		<p>
			<a href="logout.php">Logout?</a>
		</p>
	</body>
</html>
Last edited by jaspermuc on Wed Mar 27, 2013 1:40 pm, edited 4 times in total.
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by ExtremeGaming »

You completely mistook that unfortunately, and now quite clear you don't have error reporting on. Put this snippet at the top of your php on each page:
error_reporting(E_ALL);
ini_set('display_errors', '1');
Also undo all the backticks: ` except on column names and tables names in your SQL statements. You changed every apostrophe to backtick in all files, when only SQL will matter.
<?php while(!$succeed = try()); ?>
User avatar
jaspermuc
Posts: 8
Joined: Tue Mar 26, 2013 12:07 am

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by jaspermuc »

First of all, thank you so much for helping me out again!

The error reporting really is brilliant :D I completely coded along the tutorial and I still can't believe how many mistakes I made! :twisted: I guess most of it is because I didn't quite understand what I was actually writing. For that reason I am also completing the courses at codeacademy now. :)

Thanks to the error reporting I undid a few errors but the following I have no idea how to deal with them and it would be fantastic if you could help me out.

Register.php
Image

Protected.php/logout.php
Image

Login.php
Image

Thank you so much for your help! :mrgreen:

PS: I edited all the code snippets above so I don't have to repost them - that way I try to keep this post a little tidier :)
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by Helx »

If I can remember correctly, session_start() should be at the very top of the page, before any text is output.
User avatar
jaspermuc
Posts: 8
Joined: Tue Mar 26, 2013 12:07 am

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by jaspermuc »

I put session_start to the beginning right after the "php-opening-tag" and above the error reporting code. It changed the error to the following:
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/wild/core/init.inc.php:2) in /Applications/MAMP/htdocs/wild/core/init.inc.php on line 3
All the other errors remain.
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by Temor »

try adding
ob_start();
at the very top, before session_start.
User avatar
jaspermuc
Posts: 8
Joined: Tue Mar 26, 2013 12:07 am

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by jaspermuc »

Temor wrote:try adding
ob_start();
at the very top, before session_start.
I did that, but I still get an error:

Image
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by Temor »

could you post the updated version of init.inc.php?
User avatar
jaspermuc
Posts: 8
Joined: Tue Mar 26, 2013 12:07 am

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by jaspermuc »

Temor wrote:could you post the updated version of init.inc.php?
<?php
ob_start();
session_start();
error_reporting(E_ALL);
ini_set('display_errors', '1');


$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'root', 'root');
mysql_select_db('user_system');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>
PS: I also edited the post above to be an updated version.

//Thank you so much for your help! :)
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by Temor »

I noticed you're using backticks around variables in user.inc.php.
Those should be semi-quotes ( ' ).

For example, this:
 $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = `{$user}`");
Should be this:
 $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
I also don't think you need to include the error_reporting function in every page. Just having it in init.inc.php should be enough.

I will keep staring at your code until I find what's wrong :)
User avatar
jaspermuc
Posts: 8
Joined: Tue Mar 26, 2013 12:07 am

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by jaspermuc »

I did change the backticks but I still get the errors - has the staring proven successful, yet? Thanks so much for the help again!
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by ExtremeGaming »

Tough one. It's most likely some small detail.

1. Make sure there are no spaces before the opening <?php tag.
2. You can remove the error reporting on any page already including init.inc.php
3. You still have backticks around the numbers in user.inc.php. You can leave them as numbers. No need for quotes or apostrophes around them
<?php while(!$succeed = try()); ?>
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: User Account System: HTTP Error 500 (Internal Server Err

Post by Temor »

I have to say I'm stumped. It's probably a typo somewhere that is the cause.
Post Reply