cookie monster: problems generating cookies

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
munkifisht
Forum Newbie
Posts: 14
Joined: Wed Oct 11, 2006 9:15 am

cookie monster: problems generating cookies

Post by munkifisht »

I have a small problem coming to creating cookies with PHP, hoping someone could help. I am getting the following error

Code: Select all

Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 113

Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 114

Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 115
and the PHP code I am using is as folows

Code: Select all

<?php

	//Open Active Sessions
	session_start();
	$authuser = false;
	//check for session start
	
	if ($_SESSION["sessionon"] == TRUE)
	{
		echo "session on<br>";
		$sessionon_check = true;
		$authcode_check = $_SESSION["authcode"];
		$login_check = $_SESSION["user"];
		$authuser = true;
	}
	//check for cookie start
	else if ($_COOKIE["cookieon"] == TRUE)
	{
		echo "cookie on<br>";
		$cookieon_check = true;
		$authcode_check = $_COOKIE["authcode"];
		$login_check = $_COOKIE["user"];
		$authuser = true;
	}
	/*
	if we have either cookie or session start then check the stored
	value for the auth code aginst the sotred one oin the database and
	if they don't match then kill active cookies or sessions
	*/
	
	//firstly open the database
	
	$query = "
	SELECT
	`users`.`authcode`,
	users.admin_level
	FROM
	`users`
	WHERE
	ucase(`users`.`login`) =  'STRTOUPPER($login_check)'
	";
	$openquery = mysql_query($query, $connection) or die("error opening user database 1");
	if (mysql_num_rows($openquery) > 0)
	{
		$db_authcode = mysql_result($openquery, 0, "authcode");
	}
	/*
	***********************************************************************
	***********************************************************************
	***********************************************************************
	******************** VERY IMPORTANT IF STATMENT ***********************
	***********************************************************************
	***********************************************************************
	***********************************************************************		
	if the $authuser is false then the form will be used.
	If the form is filled in and submitted then set the variables and 
	check the stuff
	*/
	/*
	if ($authuser == false)
	{
	*/
		$login = STRTOUPPER($_POST["txt_name"]);
		$loginlen = strlen($login);
		$password = $_POST["txt_password"];
		$password_error = true;
		echo "variables on";
			
		//check for stay logged in box, if ticked use cookies not sessions
		if ( $_POST["bake_cookie"] == STRTOUPPER("BAKE_AT_100") )
		{
			$bake_cookie = true;
			echo "<br>cookies on";
		}
		else
		{
			$bake_cookie = false;
			echo "<br>cookies off";
		}
		//find the user name for lenght and that if it exists
		if ($loginlen > 0)
		{
			echo "<br>database on";
			$query = "
			SELECT
			`users`.`password`,
			`users`.`authcode`
			FROM
			`users`
			WHERE
			ucase(`users`.`login`) =  '$login'
			";
			$openquery = mysql_query($query, $connection) or die("error opening user database 1");
			if (mysql_num_rows($openquery) > 0)
			{
				echo "<br>opendatabase on";
				$db_authcode = mysql_result($openquery, 0, "authcode");
				$password_check = mysql_result($openquery, 0, "password");
				echo  "<br>$login $password_check $password $db_authcode";
				if (!strcmp(trim($password_check), trim($password)))
				{
					echo "<br>password Correct";
					$password_error = FALSE;
				}

				if ($password_error == FALSE)
				{
					//create cookies to allow login
					if ($bake_cookie == true)
					{
						echo "<br>cookies on $password_error";
						echo "<br>on--".$_POST["bake_cookie"];
//TOUUBLE LINES HERE:::						
                                                      setcookie("authcode", $db_authcode, 0);
						setcookie("cookieon", TRUE, 0);
						header ("Location: http://" . $domain  . $directory . $SERVER[PHP_SELF]);
					}
					//if bake_cookie is not on then create sessions for login
					//this should be more secure
					else
					{
						$_SESSION["authcode"] = $db_authcode;
						$_SESSION["sessionon"] = TRUE;
					}
				}
			}
		}	
		echo
	//include common files
	include("login_form.php");

	//}
	//else if ($authuser == true )
	//{
		echo '
			<form action="'.$SERVER[PHP_SELF].'" method="post">
				<font face="Arial, Helvetica, sans-serif" size="1">
					<input type="submit" value="Logout" />
				</font>
			</form>';
	//}
?>
mcog_esteban
Forum Contributor
Posts: 127
Joined: Tue Dec 30, 2003 3:28 pm

Post by mcog_esteban »

You need to process any cookie related stuff before sending anything to the browser.
See you don't have any blank space before "<?php" too.
GeXus
Forum Regular
Posts: 631
Joined: Sat Mar 11, 2006 8:59 am

Post by GeXus »

Try removing the following, or moving it to the bottom of their if conditions.

Code: Select all

echo "session on<br>"; 

echo "cookie on<br>";
munkifisht
Forum Newbie
Posts: 14
Joined: Wed Oct 11, 2006 9:15 am

Post by munkifisht »

oh right, the echo is prob the problem. Thanks.
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Post by kaszu »

Add

Code: Select all

ob_start()
at the begining of the page, that will help while you are testing.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

First things first... search the boards for your answer before posting the question, please. This question is literally asked around here three time a week. There is even a tutorial on the 'Headers already sent' message.

Second, do not use output buffering to quiet your error messages. That is as bad as using the error suppression operator. Make your header based function calls before sending output to the browser and you never have to worry about using output buffering as a quieting factor.
Post Reply