Page 1 of 1

cookie monster: problems generating cookies

Posted: Fri Nov 03, 2006 9:29 am
by munkifisht
I have a small problem coming to creating cookies with PHP, hoping someone could help. I am getting the following error

Code: Select all

Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 113

Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 114

Warning: Cannot modify header information - headers already sent by (output started at D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php:67) in D:\Program Files\xampp\htdocs\site\Horticulture\config\login.php on line 115
and the PHP code I am using is as folows

Code: Select all

<?php

	//Open Active Sessions
	session_start();
	$authuser = false;
	//check for session start
	
	if ($_SESSION["sessionon"] == TRUE)
	{
		echo "session on<br>";
		$sessionon_check = true;
		$authcode_check = $_SESSION["authcode"];
		$login_check = $_SESSION["user"];
		$authuser = true;
	}
	//check for cookie start
	else if ($_COOKIE["cookieon"] == TRUE)
	{
		echo "cookie on<br>";
		$cookieon_check = true;
		$authcode_check = $_COOKIE["authcode"];
		$login_check = $_COOKIE["user"];
		$authuser = true;
	}
	/*
	if we have either cookie or session start then check the stored
	value for the auth code aginst the sotred one oin the database and
	if they don't match then kill active cookies or sessions
	*/
	
	//firstly open the database
	
	$query = "
	SELECT
	`users`.`authcode`,
	users.admin_level
	FROM
	`users`
	WHERE
	ucase(`users`.`login`) =  'STRTOUPPER($login_check)'
	";
	$openquery = mysql_query($query, $connection) or die("error opening user database 1");
	if (mysql_num_rows($openquery) > 0)
	{
		$db_authcode = mysql_result($openquery, 0, "authcode");
	}
	/*
	***********************************************************************
	***********************************************************************
	***********************************************************************
	******************** VERY IMPORTANT IF STATMENT ***********************
	***********************************************************************
	***********************************************************************
	***********************************************************************		
	if the $authuser is false then the form will be used.
	If the form is filled in and submitted then set the variables and 
	check the stuff
	*/
	/*
	if ($authuser == false)
	{
	*/
		$login = STRTOUPPER($_POST["txt_name"]);
		$loginlen = strlen($login);
		$password = $_POST["txt_password"];
		$password_error = true;
		echo "variables on";
			
		//check for stay logged in box, if ticked use cookies not sessions
		if ( $_POST["bake_cookie"] == STRTOUPPER("BAKE_AT_100") )
		{
			$bake_cookie = true;
			echo "<br>cookies on";
		}
		else
		{
			$bake_cookie = false;
			echo "<br>cookies off";
		}
		//find the user name for lenght and that if it exists
		if ($loginlen > 0)
		{
			echo "<br>database on";
			$query = "
			SELECT
			`users`.`password`,
			`users`.`authcode`
			FROM
			`users`
			WHERE
			ucase(`users`.`login`) =  '$login'
			";
			$openquery = mysql_query($query, $connection) or die("error opening user database 1");
			if (mysql_num_rows($openquery) > 0)
			{
				echo "<br>opendatabase on";
				$db_authcode = mysql_result($openquery, 0, "authcode");
				$password_check = mysql_result($openquery, 0, "password");
				echo  "<br>$login $password_check $password $db_authcode";
				if (!strcmp(trim($password_check), trim($password)))
				{
					echo "<br>password Correct";
					$password_error = FALSE;
				}

				if ($password_error == FALSE)
				{
					//create cookies to allow login
					if ($bake_cookie == true)
					{
						echo "<br>cookies on $password_error";
						echo "<br>on--".$_POST["bake_cookie"];
//TOUUBLE LINES HERE:::						
                                                      setcookie("authcode", $db_authcode, 0);
						setcookie("cookieon", TRUE, 0);
						header ("Location: http://" . $domain  . $directory . $SERVER[PHP_SELF]);
					}
					//if bake_cookie is not on then create sessions for login
					//this should be more secure
					else
					{
						$_SESSION["authcode"] = $db_authcode;
						$_SESSION["sessionon"] = TRUE;
					}
				}
			}
		}	
		echo
	//include common files
	include("login_form.php");

	//}
	//else if ($authuser == true )
	//{
		echo '
			<form action="'.$SERVER[PHP_SELF].'" method="post">
				<font face="Arial, Helvetica, sans-serif" size="1">
					<input type="submit" value="Logout" />
				</font>
			</form>';
	//}
?>

Posted: Fri Nov 03, 2006 9:39 am
by mcog_esteban
You need to process any cookie related stuff before sending anything to the browser.
See you don't have any blank space before "<?php" too.

Posted: Fri Nov 03, 2006 9:52 am
by GeXus
Try removing the following, or moving it to the bottom of their if conditions.

Code: Select all

echo "session on<br>"; 

echo "cookie on<br>";

Posted: Fri Nov 03, 2006 9:54 am
by munkifisht
oh right, the echo is prob the problem. Thanks.

Posted: Fri Nov 03, 2006 9:56 am
by kaszu
Add

Code: Select all

ob_start()
at the begining of the page, that will help while you are testing.

Posted: Fri Nov 03, 2006 10:35 am
by RobertGonzalez
First things first... search the boards for your answer before posting the question, please. This question is literally asked around here three time a week. There is even a tutorial on the 'Headers already sent' message.

Second, do not use output buffering to quiet your error messages. That is as bad as using the error suppression operator. Make your header based function calls before sending output to the browser and you never have to worry about using output buffering as a quieting factor.