I'm making a flat file login system and when I click the submit the button on the login.php page it goes to protected.php and returns Internal Server Error, but when I just load the protected.php page without using the form everything turns out fine.
login.php
<html>
<link rel="stylesheet" type="text/css" href="style.css">
<body>
<center><img src="logo.png"></center>
<div id="login">
<form action="protected.php" method="post">
</br>
Username <input type="text" name="user" class="text"/>
<p></p>
Password <input type="password"" name="pass" class="text" />
<p></p>
<input type="submit" value="Login" class="button">
</form>
</div>
</body>
</html>
protected.php
<?php
$usr = "admin";
$pass = "admin";
$iusr = $_POST["user"];
$ipass = $_POST["pass"];
if ($iuser !== $usr || $ipass !== $ipass) {
?>
<html>
<script type="text/javascript">
<!--
window.location = "login.php"
//-->
</script>
</html>
<?php
}
?>
<html>
<link rel="stylesheet" type="text/css" href="style.css">
<body>
</body>
</html>
Please help! Thanks in advance!
The "Internal Server Error" could mean several things, but most likely means an error in your PHP code. This will require setting the display_errors property to "1" in your php.ini. The problem might also be a startup error, so you may wish to also consider the display_startup_errors property.
http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors
Two comments about the code, unrelated to your question: 1) the expression $ipass !== $ipass seems like a typo, as it will always return FALSE, and 2) this "security" is easily bypassed by turning javascript off. Consider using header() for redirects instead.
https://www.php.net/manual/en/function.header.php
EDIT: ... in this specific case, the error is use of the variable $iuser, which is undefined. You'd previously declared it as $iusr. Turning on error reporting or looking at the log will present you with good error messages to find these sorts of problems easily.