System error on login failure

[onjegolders]

Am seeing an error when failing with a login which I've never seen before.

"Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Error has been logged."

 

If login succeeds the page redirects fine but when I input an incorrect combination, rather than an else statement I get the above error.

 

The code I'm using is:

 

<?php

$out = "<h6>Please login below</h6>";

if($input->post->username && $input->post->pass) {

    $user = $sanitizer->username($input->post->username);
    $pass = $input->post->pass; 

    if ($session->login($user, $pass)) {
        $session->redirect("/");
    } else {
    	$out = "<h6>Sorry, your login credentials were not correct.</h6>";
    }
}

?>

<?php include("./header.inc"); ?>

<div id="login" class="content">
	<div class="row">
		<div class="large-5 columns">
			
			<?php echo $out; ?>

			<form action="./" method="post">
				<label for="username">Username</label>
				<input type="text" name="username" autofocus>
				<label for="pass">Password</label>
				<input type="password" name="pass">
				<input type="submit" value="Login" class="btn grey">
			</form>
		</div> <!-- /.large-5 columns -->
	</div> <!-- /.row -->
</div> <!-- /#login.content -->

<?php include("./footer.inc"); ?>

EDIT: Just to say there are no errors in errors.txt

[onjegolders]

I've temporarily got around this problem by using Pete's excellent Maintenance Mode module which essentially does exactly the same thing. Whole site is unattainable unless logged in.

[horst]

unsanitized pass ?

    $pass = $input->post->pass; 
    if ($session->login($user, $pass)) {

or does $session->login keep care?

[onjegolders]

Hiya Horst thanks, it gets sanitized further up.

[ryan]

Whenever you get that error message, go and enable debug mode in /site/config.php, just so that you can get some more details as to what is happening. Double check that your homepage template has the guest role enabled. No need to sanitize the password btw. 

[onjegolders]

Thanks Ryan will double check.

[onjegolders]

Hi Ryan

I've just checked and am getting "Fatal Error: Call to a function isSuperuser on a non-object. That object appears to be $user.

Is $user not always present even if not logged in?

[Wanze]

You're overwriting the $user variable here:

$user = $sanitizer->username($input->post->username);

Use a different name, e.g. $u

Btw happens to me too sometimes with $page or $pages

[onjegolders]

Ah you're right thanks Wanze, if I was more than half-awake I might have noticed that!

Thanks buddy