how can I fix this?

craigtaylor74

I know the mistake is about the headers and cookies but how do I fix this? I want to login the user here and collect the cookies so that on the next page I can refer to the user by name and also use cookies to check the database and see if they have voted. If you need to see more of my code I can include that next time.
Also, instead of using echo, I plan to use includes. Is that a problem?
I know my name is popping up a lot on this forum so I apologise for being a pain - but I really need the help.
<?
include 'configuration.php';

$username=$HTTP_POST_VARS['username'];
$password=$HTTP_POST_VARS['password'];

if ((!$username)||(!$password))
{
echo 'no filled in';
exit;
}
else
{
$db = mysql_connect("$dbhostname","$dbuser","$dbpass") or die ("error connecting to database.");
mysql_select_db("$dbdatabase",$db) or die ("could not select the databse");
$sql_login_check = mysql_query("SELECT * FROM user WHERE username='$username' AND password= '$password'") or die ("$query_username". mysql_error());

if (mysql_num_rows($sql_login_check) == 0)
{
echo 'you are not';
exit;
}
else
{
while ($users_array = mysql_fetch_array($sql_login_check))
{
//
$first_name = $users_array['first_name'];
$second_name = $users_array['second_name'];
$username = $users_array['username'];
$email = $users_array['email'];
$vote_completed = $users_array['vote_completed'];

setcookie("first_name", "$first_name");
setcookie("second_name", "$second_name");
setcookie("username", "$username");
setcookie("email", "$email");
setcookie("vote_completed", "$vote_completed"); 
	}

include('place_vote.php');

}
}
?>

goa103

Hi,

Don't worry, we're here to help 🙂

if ((!$username)||(!$password))

Compare $username to an empty string in order to know if the field was filled in.

exit;

exit ();
exit is a function

username='$username' AND password= '$password'") or die

ALWAYS crypt your passwords with md5 before inserting them in the DB.

("$query_username". mysql_error());

$query_username is undefined. Where does it come from ?

if (mysql_num_rows($sql_login_check) == 0)

The ONLY valid value is 1, so compare it to 1... else echo and exit.

echo 'you are not'; exit;

You could use a die you know 🙂. It's equivalent to echo + exit
And shorter to write

$first_name = $users_array['first_name'];

Don't use temp variables, you only use them once!

setcookie("first_name", "$first_name");

I always set the expiration value for a cookie. This way I know when it's deleted from the client. I remember having troubles with cookies before I forgot to set it...

setcookie ("first_name", $users_array['first_name'], time()+3600); // expire in 1 hour

Then to get the cookie value, simply use: $_COOKIE ['firs_name']. And voilà 😃

Hope it helps,
JM