[Resolved] Problem with cookies

Drebin

I'm having trouble setting cookies. I've searched these forums to try to find the solution but I haven't been able to figure out where I'm going wrong.

I have created a login script and I want to assign a cookie to users who login correctly. Every time I test it out and sign in with a correct username/password, I get an error indicating that headers were sent out before the cookie.

I realize that cookies have to be sent out before headers but I'm still not sure where I'm going wrong. This is the first time I've tried to code cookies so the error is probably something obvious.

Here's my code (I get the same error with or without line 2). If anyone can see where the error is please let me know. Thanks.

<?php
setcookie("LoggedIn", "false");
require_once("connect.php");
?>
<html>
<head>
<title>HTML Form</title>
</head>
<body>

<form name="login" method="post" action="login.php">
Name: <input type="text" name="Name"><br>
Password: <input type="password" name="Password"><br>
<input type="submit" value="login">
<br>
<input type="hidden" name="submit" value="true">
</form>
<?php
$TableName = "z_forum_users";
if($_POST['submit']==true) // This means the form HAS been submitted:
{
if($Name!='' and $Password!='')
{
$check=mysql("forum", "select * from z_forum_users where z_users_Name='$Name' and z_users_Password='$Password'");
$count=mysql_numrows($check); // check the rows returned.
if($count==1) // if the number of rows returned = 1 then do this
{

setcookie("LoggedIn", "true");

$logged = $true;
echo "<br><a href='form.php'>Go back</a>";
}
else
{
echo "You did not enter a valid username";
}
}

}

mysql_close($connect);

</table>
</body>

</html>

Merve

What exactly is not working? [man]setcookie[/man]

Drebin

Yes, the setcookie line is producing errors. When the form is submitted and the login/password matches the data in my database, a cookie is supposed to be passed but I get the error message that tells me that a cookie can't be sent after headers were already sent. I just can't figure out where the headers were sent before the cookie.

mogster

You have to move the content below the cookie-treatment:

<?php 
$errmsg1 = urlencode("No valid login - try again!");
## No point in setting the cookie to false
//setcookie("LoggedIn", "false"); 
require_once("connect.php"); 
$TableName = "z_forum_users"; 

if($_POST['submit']==true) // This means the form HAS been submitted: 
{ 
if($Name!='' and $Password!='') 
{ 
$check=mysql("forum", "select * from z_forum_users where z_users_Name='$Name' and z_users_Password='$Password'"); 
$count=mysql_numrows($check); // check the rows returned. 
if($count==1) // if the number of rows returned = 1 then do this 
{ 
setcookie("LoggedIn", "true"); 
$logged = $true; 
mysql_close($connect);
header("Location:".$_SERVER['PHP_SELF']."") ;
} 
else 
{ 
header("Location:".$_SERVER['PHP_SELF']."?errmsg=$errmsg1") ;
} 
} 
} 
if($_COOKIE['LoggedIn'] == "true") {
?>
<html> 
<head> 
<title>Forum!</title> 
</head> 
<body>
<table width="425" align="center" border="1" bordercolor="black" cellspacing="0" cellpadding="4"> 
<!--do the forum stuff-->
</table> 
</body> 
</html>
<?PHP
} else {
## Include the login form
?>
<html> 
<head> 
<title>Forum!</title> 
</head> 
<body>
<?PHP
echo "<h1>".urldecode($errmsg)."</h1>";
?>
<table width="425" align="center" border="1" bordercolor="black" cellspacing="0" cellpadding="4"> 
<!-- no table rows/cells? -->
<form name="login" method="post" action="login.php"> 
Name: <input type="text" name="Name"><br> 
Password: <input type="password" name="Password"><br> 
<input type="submit" value="login"> 
<br> 
<input type="hidden" name="submit" value="true"> 
</form> 
</table> 
</body> 
</html>
<?PHP
}
?>

Well, this is quick and dirty 😉

knutm :-)

mogster

Or, the echoed error should be:

<?PHP 
echo "<h1>".urldecode($_GET['errmsg'])."</h1>"; 
?>

knutm :-)

Drebin

Thanks. I'm not sure what the line
header("Location:".$_SERVER['PHP_SELF']."") ; means but I think I understand what you're saying. I'll test this out.

Merve

Drebin, that just redirects the page to itself.

mogster

Yes, the cookie is in control of the page:
if not present, or if not set, relocate the user to page.
If set, also relocate user to page :p

If the cookievalue LoggedIn is true, show content, else show login.

Drebin: remember that a cookie-value set on pageload is never visible in page. You have to reload the page again for the value to be evaluated.

Like:

server----------------------------------------client

setcookie() -------------------------> cookie accepted
$content ----------------------------> content displayed

on next pageload:

$_COOKIE['value'] <--------------- cookie value sent
$content ---------------------------> display with cookie values

knutm :-)

Drebin

Thanks a lot, your code worked. I coded the script in a much more basic way so I couldn't figure out why the page had to be redirected. I get it now.

Thanks for the explanation about how cookies work. I'm still a bit sketchy about certain things but now I see why it wasn't working before. I had the IF statement after the <head</head> tags.