login script error, headers already sent out error

helz

the way i have my site set up is that the index.php includes files on what the variable is set to so:
index.php?module=test would include /module/test.php into the specified cell in the page.

but in the cookieinfo.php below, when it is ran via: index.php?login=cookiestuff, the error comes up saying headers already sent out when setting the cookies, are the cookies sent out within the <head></head> tags?

---------------------Login Files -------------------------------------
i got a login script from a friend, converted it to suite my needs and it works fine for one person, (btw the person has id1 if that means anything) and for all the others it goes fine up to when the cookies are made and then on redirect back to the main page it doesnt detect that the user has logged in,
oh and all the logins when they get to the cookie page they all say failed even though one of the users login successfully.
ok the procedure goes: login.php -> memlogin.php -> cookiestuff.php -> monkey.php

heres the code:

<?php 
echo "<FORM name=\"login\" method=\"POST\" action=\"memlogin.php\">"; 
echo "<table border=0><tr><td>Username: </td><td><input type=\"text\" name=\"username\"></td></tr>"; 
echo "<tr><td>Password: </td><td><input type=\"password\" name=\"password\"></td></tr></table>"; 
echo "<input type=\"submit\" value=\"Login\">"; 
?>

memlogin.php

<html> 
<body onload="document.cookieform.submit()"> 
<?php 
require ("$DOCUMENT_ROOT/cgi-bin/connect.php"); 
$flag=0; 
$result = @mysql_query("SELECT username, password FROM ".$membertable.""); 
    if (!$result) { 
    echo("<p>Error performing query: " . mysql_error() . "</p>"); 
    exit(); 
    } 
$pass=md5($pass); 
while ( $row = mysql_fetch_array($result) ) { 
    $duser = $row["username"]; 
    $dpass = $row["password"]; 
    if ($username==$duser && $password==$dpass) {$flag=1;} 
    else if ($username == $duser) {$flag=2;} 
    } 
if ($flag != 1 && $flag != 2) { 
    die("You entered an incorrect username."); 
    } 

else if ($flag == 2) {die("You entered an incorrect password for this username: ".$username."");} 

else if ($flag == 1) { 
    echo "You were successfully logged on as ".$username."<br>"; 
    echo "<form name=\"cookieform\" method=\"post\" action=\"cookiestuff.php\"> 
        <input type=\"hidden\" name=\"username\" value=\"$username\"> 
        <input type=\"hidden\" name=\"password\" value=\"$password\">"; 
    } 

mysql_close($cid); 
?> 
</body> 
</html>

cookiestuff.php

<?php 
$cookiename = setcookie('membername', $username, time()+315360000, '/', ".hellrazer.net"); 
$cookiepass = setcookie('memberpass', md5($password), time()+315360000, '/', ".hellrazer.net"); 
$username=md5($username); 
$cookieval = "$password$username"; 
$cookielogin = setcookie('memberlogon', $cookieval, time()+315360000, '/', ".hellrazer.net"); 

echo "Enabling cookies...<br>"; 
if ($cookiename == "false") {$ans = "failed";} 
else {$ans = "complete";} 
echo ("membername cookie..." . $ans); 
if ($cookiepass == "false") {$ans = "failed";} 
else {$ans = "complete";} 
echo ("<br>memberpass cookie..." . $ans); 
if ($cookielogin == "false") {$ans = "failed";} 
else {$ans = "complete";} 
echo ("<br>memberlogin cookie..." . $ans); 

echo "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=monkey.php\">"; 
?>

monkey.php

<?php 
require ("".$DOCUMENT_ROOT."/cgi-bin/connect.php"); 
$flag=0; 
$result = @mysql_query("SELECT * FROM ".$membertable.""); 
    if (!$result) { 
    echo("<p>Error performing query: " . mysql_error() . "</p>"); 
    exit(); 
    } 

while ( $row = mysql_fetch_array($result) ) { 
    $dpass = $row["password"]; 
    $duser = md5($HTTP_COOKIE_VARS['membername']); 
    $dtotal = "$dpass$duser"; 

$dcookie = $HTTP_COOKIE_VARS['memberlogon']; 
if ($dtotal==$dcookie) {$flag=1; $temp = "$dpass";} 
} 
if ($flag != 1) { 
    die("You do not have access to this page"); 
    } 
else if ($flag == 1) { 

$result = @mysql_query("SELECT * FROM ".$membertable.""); 
    if (!$result) { 
    echo("<p>Error performing query: " . mysql_error() . "</p>"); 
    exit(); 
    } 
while ( $row = mysql_fetch_array($result) ) { 
    $rname = $row["username"]; 
    } 
echo "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=../index.php\">"; 
} 
mysql_close($cid); 
?>

ty for the help

steadyguy

Cookies must be sent with the headers ... so if you're print/echoing stuff out before you send the cookie, you'll get the Headers already sent. error ...

helz

yea i just found that out from a friend, and thanks for posting, everyone seems to ignore my threads on this login problem i have,
i will continue to have the login page seperate from my site.
i just need to know why it only lets one person login when the other people it goes thru no problem just doesnt create their cookies....

steadyguy

You know ... some people have cookies turned off - relying exclusively on cookies might not be the best idea. Have you thought about using sessions instead? Sessions would allow you to keep track of data, even if cookies are disabled.

Another option might be serialization, which is like a cookie, but the data is stored on the server instead of the client -- or a session that you can 'put to sleep' when the user leaves, then 'wake up' again whenever the user logs in again.

p.s. a lot of code scares most people off - smaller bits, are easier to digest, and easer to debug, too ... you might want to consider posting only the problematic parts, leaving the rest for when someone asks for it.

helz

that might be true, guess people scare easily here, the only thing is, that ive really only just discovered cookies and how simple they are, ive noticed on sites using the session id, would i need to include the session id on all my links?

also ive absolutly no idea where to start on sessions so do you have any pointers or websites that can point me in the right direction?

links pointing to php.net are welcome lol, they about as n00bie orientated as..

well i cant think of anything that is really for experts only 🙂

thanks

steadyguy

php.net is indeed the best place to start ... though a google search ('PHP sessions tutorials') will probably bring up quite a bit of stuff ...

Sessions are actually quite easy ... you won't need to do the link rewriting yourself; PHP will do that for you.

My 3 step guide to sessions would go something like this:
1. Start your session in every script with session_start()
2. Set your variables, then register them (as necessary) with the session, using session_register()
3. Do your stuff.

It is, of course, slightly more complicated than that. But not much. It's not too hard to get the hang of ... and to iron out the wrinkles, there's lots of people here (including myself) who would be willing to help you out.

helz

right.. cheers, ill sort that out tomorrow, need some sleep lol,

so ill post in this thread if i need more help, or maybe a new one and delete this thread....

thanks again