HTTP 500 error

General PHP Help
#1

PHP:

<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = '';
$DATABASE_USER = '';
$DATABASE_PASS = '';
$DATABASE_NAME = '';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
	// If there is an error with the connection, stop the script and display the error.
	die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['email'] , $_POST['password'], $_POST['repassword'], $_POST['code']) ) {
	// Could not get the data that should have been sent.
	die ('Please fill in all fields!');
}
else if (!filter_var($_POST['email']), FILTER_VALIDATE_EMAIL){
    die ('Invalid email!');
}
else if (!preg_match("/^[a-zA-Z0-9]*$/", $_POST['username'])) {
    die ('Invalid username!');
}
else if ($_POST['password'] !== $_POST['repassword']) {
    die ('Passwords do not match!');
}
else {
    $sql = "SELECT username FROM accounts WHERE username = ?";
    $stmt = mysqli_stmt_init($con);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        die ('SQL Error!');
    }
    else {
        mysqli_stmt_bind_param($stmt, "s", $_POST['username']);
        mysqli_stmt_execute($stmt);
        mysqli_store_result($stmt);
        $resultCheck = mysqli_stmt_num_rows();
        if ($resultCheck > 0) {
            die ("Username already taken!");
        }
        mysqli_stmt_bind_param($stmt, "s", $_POST['email']);
        mysqli_stmt_execute($stmt);
        mysqli_store_result($stmt);
        $resultCheck = mysqli_stmt_num_rows();
        if ($resultCheck > 0) {
            die ("Email already in use!");
        }
        
        $sql = "SELECT regcode FROM codes WHERE regcode = ?";
        $maxid = 0;
        $stmt = mysqli_stmt_init($con);
        if (!mysqli_stmt_prepare($stmt, $sql)) {
            die ('SQL Error!');
        }
        else {
            mysqli_stmt_bind_param($stmt, "s", $_POST['code']);            
            mysqli_stmt_execute($stmt);
            mysqli_store_result($maxid);
            $resultCheck = mysqli_stmt_num_rows();
            if ($resultCheck > 0) {
                die ("Username already taken!");
            }
            else {
                $sql = "SELECT MAX(id) FROM accounts";
                $maxid = 0;
                $stmt = mysqli_stmt_init($con);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    die ('SQL Error!');
                }
                else {
                    mysqli_stmt_execute($stmt);
                    mysqli_store_result($maxid);
                }
                
                $sql = "INSERT INTO accounts (id, username, password, email, customer) VALUES (?, ?, ?, ?, ?)";
                $stmt = mysqli_stmt_init($con);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    die ('SQL Error!');
                }
                else {
                    $hashedpass = password_hash($_POST['password'], PASSWORD_DEFAULT);
                    mysqli_stmt_bind_param($stmt, "isssi", ($maxid + 1), $_POST['email'], $hashedpass, $_POST['email'], 1);
                    mysqli_stmt_execute($stmt);
                }
                
                $sql = "DELETE FROM codes WHERE regcode = ?";
                $stmt = mysqli_stmt_init($con);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    die ('SQL Error!');
                }
                else {
                    mysqli_stmt_bind_param($stmt, "s", $_POST['code']);
                    mysqli_stmt_execute($stmt);
                }
                
                echo "Registration complete!";
            }
        }
    }
    mysqli_stmt_close($stmt);
    mysqli_close($con);
}
?>

HTML:

<!DOCTYPE html>
<html>
	<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
		
		<title>Register</title>
		<link href="style.css" rel="stylesheet" type="text/css">
	</head>
	<body>
	    <div class="wrapper">
    	    <div id="vantajs"></div>
        	<script src="three.r92.min.js"></script>
            <script src="vanta.net.min.js"></script>
            <script>
            VANTA.NET({
              el: "#vantajs",
              color: 0xff993f,
              backgroundColor: 0x201f22,
              points: 13.00,
              maxDistance: 17.00,
              spacing: 13.00
            })
            </script>
        </div>
		<div>
    		<div class="login">
    		    <h1>A</h1>
    			<form action="register.php" method="post">
    			    <h4>
    			        Register to gain access to a user panel
    			    </h4>
    				<input type="text" name="username" placeholder="Username" id="username" required>
    				<input type="text" name="email" placeholder="Email" id="email" required>
    				<input type="password" name="password" placeholder="Password" id="password" required>
    				<input type="password" name="repassword" placeholder="Repeat Password" id="password" required>
    				<input type="text" name="code" placeholder="Registration Code" id="code" required>
    				<input type="submit" value="Register">
                    <a href="https://pleasedont.live/phplogin/index.html">Already have an account? Login here!</a>    				
    			</form>
    		</div>
    		<div class = "login">
    		    <form>
    		        <a href="https://pleasedont.live/">Back To Landing Page</a>
    		    </form>  
    		</div>
		</div>
	</body>
</html>

for some reason making a login form like this keeps giving a http 500 error.
any help would be appreciated, thanks alot!

#2

Please edit your post above and add bbcode [code]...[/code] tags around the code so that it is readable.

A http 500 error for a php page is usually caused by either a php syntax error or a fatal runtime error. The most immediate problem for the posted code is a php syntax error.

To get php to help you find problems that it can detect, set error_reporting to E_ALL and display_errors to ON, in the php.ini on your system.

#3

sorry i tried the tags and messed them up xD ill look into that, thank you.

#4

i loaded this into a text editor for php and fixed an error in the syntax. its not highlighting anymore and still crashing so i have absolutely no idea.

#5

That’s because there are a number of other problems in the code, some of which are producing fatal errors. Until you actually set the error_reporting/display_errors settings as was suggested, php won’t help you find the things that it detects.

A laundry list of issues -

  1. Don’t output raw database errors on a web page. This is useless information for a legitimate visitor and it gives hackers information they want (a connection error contains the database username and the database hostname.) Instead, use exceptions for database errors and in most cases let php catch and handle the exception, where it will use its error related settings to control what happens with the actual error information (database errors will ‘automatically’ get displayed/logged the same as php errors.)
  2. “// Now we check if the data from the login form was submitted, isset() will check if the data exists.” This is incorrect. When a form has been submitted, except for un-checked check-box and radio-buttons, all form fields will be set, even if they are empty.
  3. External data can be anything and must be validated on the server before using it. You should trim and then validate all independent inputs at one time, storing validation error messages in an array.
  4. ‘Required’ fields must be validated to insure they are not empty.
  5. The username permitted characters should include some non-alphanumeric characters like a space, an under_score, …
  6. The password permitted characters should include all printable, non-white-space, characters.
  7. After the end of the validation logic, if there are no errors (the array holding the error messages will be empty), use the submitted data.
  8. Don’t SELECT data in order to determine if you are gong to insert it. Define the column(s) in your database table to be unique index(es), then just insert the data and detect if there was a duplicate key error number. If you have more than one unique index, you would execute the SELECT query only if there is a duplicate error to find which column(s) contain duplicates.
  9. Switch to the much simpler and more consistent PDO database extension. More than half of the database statements you have will go-away.
  10. You have a logic mistake in the code testing if the email address already exists (this problem will go-away when you just insert the data and test for a duplicate error.)
  11. All the mysqli_stmt_num_rows() calls are incorrect. They ‘require’ the mysqli stmt object as a parameter. Most of these will go-away and for the case where you are testing if the regcode exists, just fetch the data from the query and test if there is fetched data.
  12. The user message when the regcode doesn’t exist is not worded correctly.
  13. “SELECT MAX(id) FROM accounts” Don’t do this. A race condition exists where concurrent instances of your script will all get the same starting value and attempt to use it, resulting in duplicates. The id column should be defined as an auto-increment integer primary index.
  14. You are also not properly fetching ALL the data from the SELECT query(ies), which will cause an ‘out of sync’ error with prepared queries.
  15. The INSERT INTO accounts … and the DELETE FROM codes … queries must be part of a transaction, so that they will either both succeed or they will both be rolled back. If the INSERT query fails for some reason, you don’t want to delete the regcode.
  16. There’s no good reason to bind literal values to a query (the customer = 1 value). Just put them directly into the sql query statement (or define them as the default value in the database table definition.) And in fact, with a mysqli prepared query, supplying a non-variable to the bind statement is a fatal error (both the $maxid + 1 expression and the literal 1 are problems.) This is another reason to switch to the much better designed PDO extension.
  17. There are two places where you are using mysqli_store_result() incorrectly (these will go-away when you switch to the PDO extension.)
#6

thank you, much appreciated :slight_smile:

Sponsor our Newsletter | Privacy Policy | Terms of Service