cookie monster: problems generating cookies
Posted: Fri Nov 03, 2006 9:29 am
I have a small problem coming to creating cookies with PHP, hoping someone could help. I am getting the following error
and the PHP code I am using is as folows
Code: Select all
Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 113
Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 114
Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 115Code: Select all
<?php
//Open Active Sessions
session_start();
$authuser = false;
//check for session start
if ($_SESSION["sessionon"] == TRUE)
{
echo "session on<br>";
$sessionon_check = true;
$authcode_check = $_SESSION["authcode"];
$login_check = $_SESSION["user"];
$authuser = true;
}
//check for cookie start
else if ($_COOKIE["cookieon"] == TRUE)
{
echo "cookie on<br>";
$cookieon_check = true;
$authcode_check = $_COOKIE["authcode"];
$login_check = $_COOKIE["user"];
$authuser = true;
}
/*
if we have either cookie or session start then check the stored
value for the auth code aginst the sotred one oin the database and
if they don't match then kill active cookies or sessions
*/
//firstly open the database
$query = "
SELECT
`users`.`authcode`,
users.admin_level
FROM
`users`
WHERE
ucase(`users`.`login`) = 'STRTOUPPER($login_check)'
";
$openquery = mysql_query($query, $connection) or die("error opening user database 1");
if (mysql_num_rows($openquery) > 0)
{
$db_authcode = mysql_result($openquery, 0, "authcode");
}
/*
***********************************************************************
***********************************************************************
***********************************************************************
******************** VERY IMPORTANT IF STATMENT ***********************
***********************************************************************
***********************************************************************
***********************************************************************
if the $authuser is false then the form will be used.
If the form is filled in and submitted then set the variables and
check the stuff
*/
/*
if ($authuser == false)
{
*/
$login = STRTOUPPER($_POST["txt_name"]);
$loginlen = strlen($login);
$password = $_POST["txt_password"];
$password_error = true;
echo "variables on";
//check for stay logged in box, if ticked use cookies not sessions
if ( $_POST["bake_cookie"] == STRTOUPPER("BAKE_AT_100") )
{
$bake_cookie = true;
echo "<br>cookies on";
}
else
{
$bake_cookie = false;
echo "<br>cookies off";
}
//find the user name for lenght and that if it exists
if ($loginlen > 0)
{
echo "<br>database on";
$query = "
SELECT
`users`.`password`,
`users`.`authcode`
FROM
`users`
WHERE
ucase(`users`.`login`) = '$login'
";
$openquery = mysql_query($query, $connection) or die("error opening user database 1");
if (mysql_num_rows($openquery) > 0)
{
echo "<br>opendatabase on";
$db_authcode = mysql_result($openquery, 0, "authcode");
$password_check = mysql_result($openquery, 0, "password");
echo "<br>$login $password_check $password $db_authcode";
if (!strcmp(trim($password_check), trim($password)))
{
echo "<br>password Correct";
$password_error = FALSE;
}
if ($password_error == FALSE)
{
//create cookies to allow login
if ($bake_cookie == true)
{
echo "<br>cookies on $password_error";
echo "<br>on--".$_POST["bake_cookie"];
//TOUUBLE LINES HERE:::
setcookie("authcode", $db_authcode, 0);
setcookie("cookieon", TRUE, 0);
header ("Location: http://" . $domain . $directory . $SERVER[PHP_SELF]);
}
//if bake_cookie is not on then create sessions for login
//this should be more secure
else
{
$_SESSION["authcode"] = $db_authcode;
$_SESSION["sessionon"] = TRUE;
}
}
}
}
echo
//include common files
include("login_form.php");
//}
//else if ($authuser == true )
//{
echo '
<form action="'.$SERVER[PHP_SELF].'" method="post">
<font face="Arial, Helvetica, sans-serif" size="1">
<input type="submit" value="Logout" />
</font>
</form>';
//}
?>