I have written a page that allows users to sign in. But it returns error 500. It will at least pass a specified error message if I comment out the $resultCheck variable. What is wrong with my $resultCheck? I'm using $conn for the signup page so I know that works. I also know $sql is correct because I ran the same command through MariaDB and it worked. I have a signup form that works properly so there is no issue with PHP interacting with MariaDB. I also have 0 syntax errors. Why on earth would it be giving me an error 500?
<?php
session_start();
if (isset($_POST['submit']))
{
include 'serv.db.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//check if inputs are empty
if (empty($uid) || empty($pwd))
{
header("Location: signin.php?login=empty");
exit();
}
else
{
$sql = "SELECT * FROM users WHERE user_uid='$uid';";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1)
{
header("Location: signin.php?login=error");
exit();
}
else
{
if ($row = mysql_fetch_assoc($result))
{
//echo $row['user_uid'];
//de-hash password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false)
{
header("Location: signin.php?login=error");
exit();
}
elseif ($hashedPwdCheck == true)
{
//Sucessfully create user here.
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_iid'];
header("Location: signin.php?login=success");
exit();
}
}
}
}
}
else
{
header("Location: signin.php?");
exit();
}
Aucun commentaire:
Enregistrer un commentaire