cookies

reub77

I'm having problems with cookies. What i have is a login script, when it comes up affirmative (the user successfully log in) I want to store the username and password in a cookie for later use to check if the user is logged in throughout the site. Here's my code:

<?
if ($userID != "" && $passWord != ""){
function login($userID, $passWord) {
$conn = db_connect();
$result = mysql_query("SELECT * FROM login WHERE username='$userID' and password='$passWord'");
if(!$result)
return("Query could not be executed"); // if query error
if(mysql_num_rows($result)>0) {
// if the values match values in the database
return("true");
} else {
return("Invalid Username or Password");
}
}
}
if ($userID != "" && $passWord != ""){

// now check the values received via the form
$result = login($userID, $passWord);
if($result == "true") {
print("You have been logged in");
setcookie("siteuser",$userID, time()+3600);
setcookie("password",$passWord, time()+3600);
} else {
print($result);
}
}
?>

Now the problem is this. The code works except the cookies don't seem to want to work. The error message

"Warning: Cannot add header information - headers already sent by (output started /home/shabangw/public_html/test/login.php:23) in /home/shabangw/public_html/test/login.php on line 65"

So somethings obviously wrong with where I declared my cookies. How can I get it to input the cookies only if its a valid username and password?

Thanks

MrAlaska

"Headers alread sent..." means that you have already started outputting text before attemptig to send header information. In this case, you are printing the affirmation before you set the cookie. Have the cookie set BEFORE you print anything at all.

Changing this:
if($result == "true") {
print("You have been logged in");
setcookie("siteuser",$userID, time()+3600);
setcookie("password",$passWord, time()+3600);
} else {
print($result);
}

To This:
if($result == "true") {
setcookie("siteuser",$userID, time()+3600);
setcookie("password",$passWord, time()+3600);
print("You have been logged in");
} else {
print($result);
}

just might fix your problem. I haven't looked at it enough to see if there are any more errors.

reub77

I tried the cookies before the print and it doesn't work, same error. I even tried commenting out the print part and it still has that error with the header. What can I try now. If there's a better way to store the current user in a cookie with his password then I hope someon knows because I'm getting errors this way. Why isn't it working?

Thanks

VoiD

What I usually do when working with cookies is making the form submit to another php script that does all the cookie handling, and then send them back using a returnurl (which is also sent by the form). This is especially nice when working with more cookies (for forum, polls, etc).

You should set cookies before EVERYTHING, so you can't have any HTML code or PHP echo's/prints before.

reub77

What's the best way to send these variables to another page?
Can't you use the

header("Location: myurl.html?id=$id&username=$userID&password=$passWord");

If I used this would it work and how would I collect my variables on another page? Anyone care to let me know?

Thanks

mrmufin

Originally posted by reub77

header("Location: myurl.html?id=$id&username=$userID&password=$passWord");

If I used this would it work and how would I collect my variables on another page? Anyone care to let me know?

Just loop through the GET variables:

while(list($k,$v)=each($_GET)) {
	// do shtuff with the URL-appended variables here
}

If you're using a version of PHP prior to 4.1.x, loop through $HTTP_GET_VARS instead of $_GET...

MrAlaska

Originally posted by reub77
I tried the cookies before the print and it doesn't work, same error. I even tried commenting out the print part and it still has that error with the header.

The print still needs to be before the cookies are set. Another thing, printing white space will also trigger the headers being sent error. Check your code and make sure there is no white space before or after the <?php ?> tags.

What can I try now. If there's a better way to store the current user in a cookie with his password then I hope someon knows because I'm getting errors this way. Why isn't it working?

Actually, it is better to not store the user name and password in the cookie, you should generate a unique session ID, store that in the cookie, and keep the user ID and password on the server where it is safe (but that is the topic of another discussion).

Technically, however, it appears you are doing it properly. By enclosing 'true' in quotes you are making it a string instead of a boolean, but it should work the way you have it. Check for the white space I mentioned. If you don't have any, then there must be something printing out preceding the conditional loop you posted here.

Thanks

Don't mention it!

mrmufin

Originally posted by MrAlaska
Actually, it is better to not store the user name and password in the cookie, you should generate a unique session ID, store that in the cookie, and keep the user ID and password on the server

Yup.

Please don't ask me to do anything.
It sucks all the fun of out being an unemployed lowlife.

Yup!