# Beginner's help with Apache web server and PHP



## techkid (Sep 2, 2004)

Hi all.

I am looking to learn website design at home, and so set up a web server on Virtual PC (running Windows XP). I have installed the Bitnami WAMPstack kit (http://bitnami.org/stack/wampstack) and everything seems to run seamlessly, and my databases seem to be alright, but when it comes to connecting between MySQL, PHP and Apache, and my HTML, I run into an Internal Server Error.

I'm sort of certain that my PHP is sound, and my HTML should be OK. But if anyone wishes to look, I will attach what I've got (at least the PHP and HTML) to check over. But if someone can help with the 500 error (I just run the standard installation and configuration), I would appreciate it.

Thank you in advanced.

Additional information: running the PHP Info script works perfectly, so got me stumped...


----------



## BourneID (Aug 28, 2012)

Hi There, 

Whilst I haven't used the WAMPStack before, I have used all the containing parts so hopefully I can help. When a server produces a 500 error, it is likely to put what caused the error into the server log files. According to the documentation, the WAMPStack default error log location is:

C:\Program Files\BitNami WAMP Stack\apache2\logs\error_log 

Can you produce the error again and check this file for an error message, and either attach or post the error? 

Additional: There may also be a second log file called "apache_error.log" which might be worth checking.


----------



## techkid (Sep 2, 2004)

Well, I have to thank you, BourneID. When I read tested my web page out this time around, and read the error logs, it turned out to be a simple syntax error (when integrating HTML script into PHP, be careful how you place and use single- and double-quotes...)

But thanks for the tip. I wouldn't have worked that out on my own (I spent two weeks going through my scriping and I didn't even see it).

Thanks again.


----------



## techkid (Sep 2, 2004)

New update. I am trying to create a login page with an administrative and standard user login capabilities. I know the passwords I am typing are correct, and checking the Apache error logs shows this:

[Wed Sep 12 13:30:53 2012] [error] [client 127.0.0.1] PHP Notice: Undefined variable: UserName in E:\\Program Files\\BitNami WAMPStack\\apache2\\htdocs\\videos\\login.php on line 7, referer: http://localhost/videos/login.htm

This time I know that my PHP is incorrect, so I will attach the HTML and PHP files for you to peruse. Any help is greatly appreciated.


----------



## Ent (Apr 11, 2009)

The problem is $UserName.
You first set it on line 13 with 

```
$UserName=$_POST["HUserName"];
```
But you've already tried to use it on line 7

```
$result=mysql_query("SELECT * FROM users WHERE Username='$UserName'",$dbconnect);
```
You'll also need to think again about the security of this login. 
It may do a perfectly good job of letting people in with the password, but it doesn't look great at keeping them out without it. What stops them going straight to admin.php?


----------



## techkid (Sep 2, 2004)

It is a bit of a mix-up, sure. I will check it out and see how to fix it when I have the chance (this is only a side project at this point).

Site security... I know I should work on that as well, since there is nothing to stop direct access (well, there is the limiting factor of the page not existing yet...) to other pages. When this goes beyond "proof of concept", I will definitely need to work out my security.

I will check it out when I can, and post the results (for good or bad).


----------



## techkid (Sep 2, 2004)

I've been doing a bit of reading on creating a login page (including some notes on MySQL Injection prevention and password encryption, which I have incorporated into my script and database), and I _think_ I might have a viable login page... if it should actually work.

I have attached my updated login page for you to peruse, but suffice it to say, when I attempt to login (either with correct login details or not) I recieve this message:


```
[Wed Sep 19 13:46:40 2012] [error] [client 127.0.0.1] PHP Warning:  mysql_fetch_row() expects parameter 1 to be resource, string given in E:\\Program Files\\BitNami WAMPStack\\apache2\\htdocs\\videos\\login.php on line 22, referer: http://localhost/videos/login.htm
```
This is becoming a pain (for me, and probably for you as well). Thank you again for your help.


----------



## Ent (Apr 11, 2009)

The problem you're hitting here is that you're trying to run mysql_fetch_row against the *text *of the query and not against the *result* of the query.


```
$authquery="SELECT * FROM Users WHERE Username='$Username' and Password='$PassAuth'";
    $result=mysql_query(authquery);
    $login=mysql_fetch_row($result);
```


----------



## BourneID (Aug 28, 2012)

Ent is correct, and you may want to note that from the PHP manual for mysql_fetch_row:


> Returns an *numerical array* of strings that corresponds to the fetched row, or FALSE if there are no more rows.


So some of your code (at lines 24 and 26 for example) won't work as you're calling the array with string keys. Have a look at mysql_fetch_array function which will give you an associated array and will work using your code.

Finally, also check the mysql_num_rows function as your query may return 0 results. If this happens (IE the username and password don't match a record in the database) then the mysql_fetch_[whatever] functions will return FALSE, and you'll get warnings when it attempts to treat FALSE as an array.


----------



## colinsp (Sep 5, 2007)

It is worth having a look at this tutorial on creating a secure login system.


----------



## techkid (Sep 2, 2004)

I can see I'm getting very quickly out of my depth (the fact that I haven't had much sleep doesn't help, either). I have tried and read through the suggestions offered, and still getting nowhere fast. I never expected this to be easy, but I didn't think it would be this hard!

I will attach my latest results for you to check. My apologies for being such a pain, but I am not at 100% today. Thank you again for your help.


----------



## Ent (Apr 11, 2009)

Your logon as it stands won't work because you expect both the password and the hash of the password to match the password field. By way of example, suppose that the password is "Cleopatra", the MD5 of that password would be "f8cbe5a99675fff11ed4d83fc16e2071"!

You shouldn't store the user's password in your database at all. There's no extra security to be had by storing a hash and the plaintext version; if someone can get to the plaintext they have the hash automatically. Only store the hash.

I'm not sure why you're doing this; the results of that query should all have the correct username etc.

```
$login=mysql_query("SELECT * FROM Users WHERE Username='$Username' and Password='$Password'",$dbconnect);
    while($row=mysql_fetch_array($login));
    {
    if($Username==$row["Username"])
        {
        if($PassAuth==$row["Password"])
        {
```


----------



## Ent (Apr 11, 2009)

Also, it's normally considered better form to use Boolean values (True or False) or at least integers to represent discreet states such as $continue or $UserRights. That wouldn't stop the script from working, but it's worth getting in a better habit.


----------



## techkid (Sep 2, 2004)

Well, thanks to your help I was able to make a functioning login page which separates admin and user accounts (I rectified the password problem as well (the password was encrypted in MySQL, but not using MD5 (PHPMyAdmin has an option to encrypt the password in the drop-down menu, with one of the selections being "PASSWORD". No idea what sort of encryption this actually is, though). This has been changed to MD5).

However, the next part of my problem is user creation. When I go to create a user account, I receive this error message:


```
[Mon Oct 01 14:49:08 2012] [error] [client 127.0.0.1] PHP Notice:  Undefined index: HUsername in E:\\Program Files\\BitNami WAMPStack\\apache2\\htdocs\\videos\\adduser.php on line 13, referer: http://localhost/videos/adduser.htm
```
This one has got me, since my fields match up between my PHP and my HTML script. Once again, I ask for your help...


----------



## techkid (Sep 2, 2004)

Another one for the books...

I was testing out my login page (which, as above, seemingly worked), with a created admin user account, standard user account, and invalid user account (one which does not exist). The "admin" and "user" account worked just fine, but the one which should come up with an error... doesn't do anything.

I went to experiment with user authentication, as well, so that if a person does put in a blank or invalid username or password for the login, it would generate an error alert. But I am now getting the error message when the details are correct, and nothing when the details are not (or blank).

I have attached my scripts for you to check. Thank you again.


----------

