MySQL Login system: Logged in page errors

cool.rf.gd

I have a couple of php files

Index.html
home.php
authenticate.php

After logging in through Index.html and having the credentials checked in authenticate.php, home.html spits a HTTP: 500 error

Authenticate.php

<?php

session_start();

// Change this to your connection info.

$DATABASE_HOST = 'sql212.epizy.com';

$DATABASE_USER = "epiz_27187798";

$DATABASE_PASS = 'deO********S7';

$DATABASE_NAME = 'epiz_27187798_phplogin';

// Try and connect using the info above.

$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);

if ( mysqli_connect_errno() ) {

// If there is an error with the connection, stop the script and display the error.

exit('Failed to connect to MySQL: ' . mysqli_connect_error());

}

// Now we check if the data from the login form was submitted, isset() will check if the data exists.

if ( !isset($_POST['username'], $_POST['password']) ) {

// Could not get the data that should have been sent.

exit('Please fill both the username and password fields!');

}

// Prepare our SQL, preparing the SQL statement will prevent SQL injection.

if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {

// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"

$stmt->bind_param('s', $_POST['username']);

$stmt->execute();

// Store the result so we can check if the account exists in the database.

$stmt->store_result();

if ($stmt->num_rows > 0) {

$stmt->bind_result($id, $password);

$stmt->fetch();

// Account exists, now we verify the password.

// Note: remember to use password_hash in your registration file to store the hashed passwords.

if (password_verify($_POST['password'], $password)) {

// Verification success! User has loggedin!

// Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.

session_regenerate_id();

$_SESSION['loggedin'] = TRUE;

$_SESSION['name'] = $_POST['username'];

$_SESSION['id'] = $id;

header('Location: home.php');

} else {

// Incorrect password

echo 'Incorrect username and/or password!';

}

} else {

// Incorrect username

echo 'Incorrect username and/or password!';

}

$stmt->close();

}

?>

Home.php

 <?php
    session_start();
    // Change this to your connection info.
    $DATABASE_HOST = 'sql212.epizy.com';
    $DATABASE_USER = "epiz_27187798";
    $DATABASE_PASS = 'de*********************7';
    $DATABASE_NAME = 'epiz_27187798_phplogin'
    // Try and connect using the info above.
    $con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
    if ( mysqli_connect_errno() ) {
    	// If there is an error with the connection, stop the script and display the error.
    	exit('Failed to connect to MySQL: ' . mysqli_connect_error());
    }
    // Now we check if the data from the login form was submitted, isset() will check if the data exists.
    if ( !isset($_POST['username'], $_POST['password']) ) {
    	// Could not get the data that should have been sent.
    	exit('Please fill both the username and password fields!');
    }
    // Prepare our SQL, preparing the SQL statement will prevent SQL injection.
    if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
    	// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
    	$stmt->bind_param('s', $_POST['username']);
    	$stmt->execute();
    	// Store the result so we can check if the account exists in the database.
    	$stmt->store_result();
    if ($stmt->num_rows > 0) {
    	$stmt->bind_result($id, $password);
    	$stmt->fetch();
    	// Account exists, now we verify the password.
    	// Note: remember to use password_hash in your registration file to store the hashed passwords.
    	if (password_verify($_POST['password'], $password)) {
    		// Verification success! User has loggedin!
    		// Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
    		session_regenerate_id();
    		$_SESSION['loggedin'] = TRUE;
    		$_SESSION['name'] = $_POST['username'];
    		$_SESSION['id'] = $id;
    		echo 'Welcome ' . $_SESSION['name'] . '!';
    	} else {
    		// Incorrect password
    		echo 'Incorrect username and/or password!';
    	}
    } else {
    	// Incorrect username
    	echo 'Incorrect username and/or password!';
    }

    	$stmt->close();
    }
    ?>

And (see below, is html, cos the form runs the html…)
html.txt (639 Bytes)

2 posts were merged into an existing topic: MySQL: Doesn’t connect