MySqli query returning PHP error 500 when executed

Question

I'm writing a simple log-in form using PHP and a MySql DB. I had this log-in form which was working fine:

<form action="login.php" method="post" enctype="multipart/form-data" name="frmAddEntry" id="frmAddEntry">
  <table width="100%" border="0" align="center" cellpadding="5" cellspacing="1" class="entryTable">
  <tr><td colspan="2" id="entryTableHeader">Login to C-Cur</td></tr>
  <tr> 
   <td width="150" class="label">User ID</td>
   <td class="content"> <input name="txtUID" type="text" class="box" id="txtUID" size="50" maxlength="100"></td>
  </tr>
  <tr> 
   <td width="150" class="label">Password</td>
   <td class="content"> <input name="txtPwd" type="password" class="box" id="txtPwd" size="50" maxlength="100"></td>
  </tr>
 </table>
 <p align="center"> 
  <input name="btnAddEntry" type="submit" id="btnAddEntry" value="Login" class="box">
  &nbsp;&nbsp;<input name="btnCancel" type="button" id="btnCancel" value="Cancel" onClick="window.location.href='index.php';" class="box">  
 </p>
</form>

As you can see, the information was then processed by the login.php file which reads :

<?php

include('../library/functions.php');
dbConnect();

    $pass1   = mysqli_real_escape_string($conn,$_POST['txtPwd']);
    $userid  = mysqli_real_escape_string($conn,$_POST['txtUID']);


$sql = "SELECT *
    FROM ccureaccounts
    WHERE userid = '$userid'"; 


if ($result = $conn->query($sql)) {
while($row = $result->fetch_assoc()){
if (password_verify($pass1, $row['password'])) {
    echo "User ID: ".$row['userid'] . '<br />';
    echo "Balance: ".$row['balance'] . ' $ <br />';
}else { echo "Wrong user ID or Password";}
}

    $result->close();

   }


dbConnect(false);



?>

This use the dbConnect function which is in the file functions.php and this function reads:

function dbConnect($close=true){
    global $conn;

    if (!$close) {
        mysqli_close($conn);
        return true;
    }
    $conn = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
    if (!$conn) {
         die("Connection failed: " . mysqli_connect_error());
    }
}

I now want to switch my index.php (the one with the login form) from the previous one to the following one, in order to not use any more the file login.php, but use a function to perform the login instead. So the new index.php reads:

<?php
require_once '../library/functions.php';


$errorMessage = '&nbsp;';

if (isset($_POST['txtUserName'])) {
    $result = doLogin();

    if ($result != '') {
        $errorMessage = $result;
    }
}

?>
<html>
<head>
<title>C-Cure Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body class="schema">
<div id="container">
  <div id="header"><!-- end #header --></div>
  <div class="arrotcen">
    <h1 align="center" class="Stile1">C-CURE LOGIN</h1>
   <div class="errorMessage" align="center"><?php echo $errorMessage; ?></div>
    <p align="center">&nbsp;</p>
     <form method="post" name="frmLogin" id="frmLogin">
      <table width="271" height="77" border="0" align="center" cellpadding="0" cellspacing="1">
        <tr>
          <td colspan="2" bgcolor="#000000"><div align="center" class="Stile1"></div></td>
        </tr>
        <tr>
          <td >User ID</td>
          <td ><label>
            <input type="text" name="txtUserName" id="txtUserName" />
          </label></td>
        </tr>
        <tr>
          <td> Password</td>
          <td><label>
            <input type="password" name="txtPassword" id="txtPassword" />
          </label></td>
        </tr>
        <tr>
          <td colspan="2" bgcolor="#333333"><label> </label>
              <div align="center">
                <input type="submit" name="button" id="button" value="Login" />
            </div></td>
        </tr>
      </table>
      <input name="action" type="hidden" id="action" value="login" />
    </form>
    <p align="center" class="Stile1">&nbsp;</p>
    <p align="center" class="Stile41"></p>
    <p>
      <!-- end #mainContent --> 
    </p>
    </div>
<!-- end #container --></div>
</body>

</html>

In the functions.php file i then created the doLogin() function which is the following one:

function doLogin()
{
    // if we found an error save the error message in this variable
    $errorMessage = '';
    dbConnect();



    $password  = mysqli_real_escape_string($conn,$_POST['txtPassword']); 
    $userName = mysqli_real_escape_string($conn,$_POST['txtUserName']);



    $sql = "SELECT *
    FROM ccureaccounts
    WHERE userid = '$userName'"; 



    if ($result = $conn->query($sql)) { 
    $errorMessage = '4';

    while($row = $result->fetch_assoc()){
    if (password_verify($password, $row['password'])) {
      header('Location: '.DOMAIN);
      exit;

    //echo "User ID: ".$row['userid'] . '<br />';
    //echo "Balance: ".$row['balance'] . ' $ <br />';

    }else { $errorMessage = "Wrong user ID or Password";}
    }

      $result->close();


    } 

    return $errorMessage;
    dbConnect(false);

}

And this is where the issue is. When this code runs, after the username and password are submitted, the page returns a PHP error 500 without many details to work with. I tried to do an echo of the variables $userName and weirdly it doesn't return any value when the variable is set to:

$userName = mysqli_real_escape_string($conn,$_POST['txtUserName']);

if I change it to:

$userName = $_POST['txtUserName'];

instead the echo returns the value. Still this change doesn't make the rest of the code work. Anyone has any clue about what's going wrong? I suspect this being an issue with the MySqli query but any additional insights is appreciated to fix this new code.

Answer 1

修复了在函数doLogin（）中包含全局$ conn的问题