PHP 500 Internal Server Error when calling Volley

Question

I have a recurring problem in my Android application.

Basically I am using PHP and a MYSQL database to register and login users into my app.

Registration works fine. I am able to connect to the database and insert the new user into the table without any problems.

The issue I am facing is when logging into the app. Whenever I call the login url, I am getting the following error:

BasicNetwork.performRequest: Unexpected response code 500 for URL.

I tried using other tools to access this url and posting the parameters manually to eliminate the issue that the error might be coming from my app code. In fact I got a Generic 500 Internal Server Error . Tested the register URL with this tool too and it worked perfectly.

My PHP classes all call the same script to get the connection details, so there is no problem with that either since registration works.

Here is my code below:

Login class:

<?php
require_once 'UserFunctions.php';
$db = new UserFunctions();

$response = array("error" => FALSE);

if (isset($_POST['email']) && isset($_POST['password'])) {

    $email = $_POST['email'];
    $password = $_POST['password'];

    $user = $db->getUserByEmailAndPassword($email, $password);
    $count = $db->getUserCount(); 

    if ($user != false) {
        $response["error"] = FALSE;
        $response["uid"] = $user["unique_id"];
        $response["user"]["name"] = $user["name"];
        $response["user"]["email"] = $user["email"];
        echo json_encode($response);
    } else {
        $response["error"] = TRUE;
        $response["error_msg"] = "Login credentials are wrong. Please try again!";
        echo json_encode($response);
    }
} else {
    $response["error"] = TRUE;
    $response["error_msg"] = "One of the required parameters is missing!";
    echo json_encode($response);
}
?>

UserFunctions class:

<?php

class UserFunctions {

    private $conn;

    function __construct() {
        require_once  'include/DbConnect.php';        
        $db = new DbConnect();
        $this->conn = $db->connect();
    }

    function __destruct() {

    }

    public function storeUser($name, $email, $password) {
        $uuid = uniqid('', true);
        $hash = $this->hashSSHA($password);
        $password = $hash["encrypted"];
        $salt = $hash["salt"];

        $stmt = $this->conn->prepare("INSERT INTO users(unique_id, UserName, UserEmail, UserPassword, salt) VALUES(?, ?, ?, ?, ?)");
        $stmt->bind_param("sssss", $uuid, $name, $email, $password, $salt);
        $result = $stmt->execute();
        $stmt->close();

        if ($result) {
            $stmt = $this->conn->prepare("SELECT * FROM users WHERE UserEmail = ?");
            $stmt->bind_param("s", $email);
            $stmt->execute();
            $user = $stmt->get_result()->fetch_assoc();
            $stmt->close();

            return $user;
        } else {
            return false;
        }
    }

    public function getUserByEmailAndPassword($email, $password) {

        $stmt = $this->conn->prepare("SELECT * FROM users WHERE UserEmail = ?");  
        $stmt->bind_param("s", $email);

        if ($stmt->execute()) {
            $user = $stmt->get_result()->fetch_assoc();
            $stmt->close();
            return $user;
        } else {
            return NULL;
        }
    }

    public function isUserExisted($email) {
        $stmt = $this->conn->prepare("SELECT UserEmail FROM users WHERE UserEmail = ?");
        $stmt->bind_param("s", $email);
        $stmt->execute();
        $stmt->store_result();

        if ($stmt->num_rows > 0) {
            $stmt->close();
            return true;
        } else {
            $stmt->close();
            return false;
        }
    }

    public function hashSSHA($password) {

        $salt = sha1(rand());
        $salt = substr($salt, 0, 10);
        $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
        $hash = array("salt" => $salt, "encrypted" => $encrypted);
        return $hash;
    }

    public function checkhashSSHA($salt, $password) {
        $hash = base64_encode(sha1($password . $salt, true) . $salt);
        return $hash;
    }
}
?>

Answer 1

I found where my problem was. For all those who encounter the very nasty error 500, check your logs. Occured to me that once I checked the logs, I found that the method checkhashSSHA() was never being used, and this was causing the following error:

PHP Fatal error:  Call to undefined function checkHashSSA() in /xxx/xxx/xxx/xxx/UserFunctions.php on line 54

Hence I added the following code to decrypt the password:

public function getUserByEmailAndPassword($email, $password) {

    $stmt = $this->conn->prepare("SELECT * FROM users WHERE UserEmail = ?");

    $stmt->bind_param("s", $email);

    if ($stmt->execute()) {
        $user = $stmt->get_result()->fetch_assoc();
        $salt = $user['salt'];
        $userPassword = $user['UserPassword'];
        $hash = $this->checkhashSSHA($salt, $password);

        if ($userPassword == $hash) {
            return $user;
        }
        $stmt->close();
    } else {
        return NULL;
    }
}

This solved my error.

Just for the record, logs for such errors are usually found in the following location: var/log/apache2/error.log You may need to make some change to the php.ini file to log these errors.

Hope this helps anyone with the 500 error ;)