setcookies - Headers already sent

[Fabis94]

I'm using this PHP login script:

 

<?php
include ("xxx.php");
mysql_connect($server, $username, $password) or die('Error 1: Cannot connect to the MYSQL server.');
mysql_select_db($database) or die('Error 2: Cannot select the database.');
if (isset($_COOKIE['us_mech'])) {
$past = time() - 100; //Destroys the cookie
setcookie(us_mech, gone, $past);
setcookie(pa_mech, gone, $past);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<style type="text/css">
<!--
.loginly {
height: 300px;
width: 564px;
margin-left: auto;
margin-right: auto;
margin-top: 150px;
padding: 5px;
}
.loginy2 {
width: 550px;
height: 170px;
padding: 5px;
margin-top: 5px;
border: solid black 2px;
}
-->
</style>
</head>
<body leftmargin="0" topmargin="0">
<div class="loginly"><!-- Login Div -->
<center><img name="" src="" width="500" height="110" alt="" style="background-color: #00FF00" /></center>
  <div class="loginy2">
  <center><font size="+2" face="Verdana, Geneva, sans-serif">Please enter your details.</font><br />
  <br />
  <form action="login.php" method="post">
  Username: <input name="username" type="text" maxlength="10" /><br />
  Password: <input name="password" type="password" maxlength="10" /><br />
  <input name="sub1" type="submit" value="Login" /><br />
  </form>
  <?php
  if (isset($_POST['sub1'])) {//If the POST vars are set'
  	  if (!$_POST['username'] || !$_POST['password']) { //If there are any blank fields
      die('<font color="red">Fill all the fields.</font>');
  }
  $username = $_POST['username'];
  $password = md5($_POST['password']);
  $login_sql = "SELECT * FROM userdb WHERE username = '$username' AND password = '$password'";
  $login_sql2 = mysql_query($login_sql);
  $resultz = mysql_fetch_assoc($login_sql2) or die('Error 5: <font color="red">Incorrect username/password.</font>');
  if ($resultz['username'] == $username && $resultz['password'] == $password) { //Double check
	setcookie(us_mech, $username, $hour);
	setcookie(pa_mech, $password, $hour);
	echo '<script language"text/javascript">alert("Successfully logged in!");</script>';
	echo '<script type="text/javascript">window.location="index.php";</script>';
  } else {
	  echo '<font color="red">Incorrect username/password.</font>';
  }
  }
  ?>
  </center>
  </div>
</div>
<br />
<br />
<!-- Login Div Ends-->
</body>
</html>

 

And i get the headers already sent error. The problem is, i can't think of any other way to set cookies AFTER doing the IF that checks if the username and password is correct.

 

Edit: The cookie part is somewhere at the end and looks like this:

 

    if ($resultz['username'] == $username && $resultz['password'] == $password) { //Double check

      setcookie(us_mech, $username, $hour);

      setcookie(pa_mech, $password, $hour);

    (script continues here...)

[rhodesa]

reorder your code...something like this:

<?php
  include ("xxx.php");
  mysql_connect($server, $username, $password) or die('Error 1: Cannot connect to the MYSQL server.');
  mysql_select_db($database) or die('Error 2: Cannot select the database.');
  if (isset($_COOKIE['us_mech'])) {
    $past = time() - 100; //Destroys the cookie
    setcookie(us_mech, gone, $past);
    setcookie(pa_mech, gone, $past);
  }
  if (isset($_POST['sub1'])) {//If the POST vars are set'
    if (!$_POST['username'] || !$_POST['password']) { //If there are any blank fields
      die('<font color="red">Fill all the fields.</font>');
    }
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $login_sql = "SELECT * FROM userdb WHERE username = '$username' AND password = '$password'";
    $login_sql2 = mysql_query($login_sql);
    $resultz = mysql_fetch_assoc($login_sql2) or die('Error 5: <font color="red">Incorrect username/password.</font>');
    if ($resultz['username'] == $username && $resultz['password'] == $password) { //Double check
      setcookie(us_mech, $username, $hour);
      setcookie(pa_mech, $password, $hour);
      header('Location: index.php');
      exit;
    } else {
      $msg = 'Incorrect username/password.';
    }
  }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<style type="text/css">
<!--
.loginly {
   height: 300px;
   width: 564px;
   margin-left: auto;
   margin-right: auto;
   margin-top: 150px;
   padding: 5px;
}
.loginy2 {
   width: 550px;
   height: 170px;
   padding: 5px;
   margin-top: 5px;
   border: solid black 2px;
}
-->
</style>
</head>
<body leftmargin="0" topmargin="0">
<div class="loginly"><!-- Login Div -->
   <center><img name="" src="" width="500" height="110" alt="" style="background-color: #00FF00" /></center>
  <div class="loginy2">
  <center><font size="+2" face="Verdana, Geneva, sans-serif">Please enter your details.</font><br />
  <br />
  <form action="login.php" method="post">
  Username: <input name="username" type="text" maxlength="10" /><br />
  Password: <input name="password" type="password" maxlength="10" /><br />
  <input name="sub1" type="submit" value="Login" /><br />
  </form>
<?php if($msg) echo '<font color="red">'.$msg.'</font>'; ?>
  </center>
  </div>
</div>
<br />
<br />
<!-- Login Div Ends-->
</body>
</html>

[Fabis94]

I still get headers already sent error...

[PFMaBiSmAd]

Posting the actual error would allow someone to directly help, because the error message states where the output is occurring that is preventing the cookie from working.

[Fabis94]

Oh wait, i fixed up the form (used the wrong php file) and it works now. Thanks