Setting Cookies along with Sessions..help?

[LostKID]

Okay i need help..

 

Basic setup i have is..

 

1. you log in

2. gets information from database via posted email

3. assigns values from database to temp variables

4. assigns temp variables to sessions to use through out the site when needed

 

I need Sessions and so it is called at the top of the page before anything is processed, although im wanting to use cookies to set an 'Authentication' variable that can be checked on each private page. I tried to assign it like so:

 

5. setcookie("auth", "yes", time()+3600);

 

But now i cant set the cookie because it must be displayed before everything is processed like sessions.. im struggling big time. basically here is my error:

 

Warning: Cannot modify header information - headers already sent by (output started at /home/www/brokenbo/98/process.php:6) in /home/www/brokenbo/98/process.php on line 220

 

and here is the code that is on process.php ( EDIT: i have boldend the code that i am having troubles with..but i see that cant be done.. urm, its in the ' if login' function bit. )

<?
session_start();
include("connect.php");
?>
<div align="center">
<?
if($_GET['action'] == "logout"){
session_start();
session_destroy();
print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?status=loggedout\">";
}
if($_GET['action'] == "login"){

$pass = md5($_POST['password']);

// GET INFO
$sql4 = "SELECT * FROM josh_users WHERE email='$_POST[email]'";
$result4 = mysql_query($sql4) or die("couldnt confirm email");
while ($row4 = mysql_fetch_array($result4)){
extract($row4);

$vid = $id;
$vname = $firstname;
$vemail = $email;

// CHECK IF EMAIL EXISTS
$sql = "SELECT * FROM josh_users WHERE email='$_POST[email]'";
$result = mysql_query($sql) or die("couldnt confirm email");
$num = mysql_num_rows($result);
if($num == 1){
$sql2 = "SELECT * FROM josh_users WHERE email='$_POST[email]' AND password='$pass'";
$result2 = mysql_query($sql2) or die("couldnt confirm password");
$num2 = mysql_num_rows($result2);
if($num2 > 0 ){
	[b]$vemail = $_POST['email'];
	setcookie("auth", "yes", time()+3600);
	$_SESSION['ses_id'] = $vid;
	$_SESSION['ses_email'] = $vemail;
	$_SESSION['ses_name'] = $vname;
	//print "<meta http-equiv=\"refresh\" content=\"0;URL=main.php\">";[/b]

	echo("
	<div id='introd'></div>
	<div id='header3'>
	<div id='headerInner3'>
	<div id='headerCol3'>
	You are now logged in as: $_SESSION[ses_name] | <a href='index.php'>Continue</a>
	</div> 
	</div>
	</div>
	");

}
else{
	echo("
	<div id='introd'></div>
	<div id='header3'>
	<div id='headerInner3'>
	<div id='headerCol3'>
	Oops, Wrong password apparently :S | <a href='index.php'>Go back</a>
	</div> 
	</div>
	</div>
	");
}
}
else{
echo("
	<div id='introd'></div>
	<div id='header3'>
	<div id='headerInner3'>
	<div id='headerCol3'>
	Oops, that account doesn't exist in the database. | <a href='index.php'>Go back</a>
	</div> 
	</div>
	</div>
	");
}
}
}

if($_GET['action'] == "register"){

// DESTROY SESSIONS
session_destroy();

// GET THE VARIABLES
$email = strip_tags(mysql_real_escape_string($_POST['email']));
$_SESSION['ses_email'] = $email;

// CHECK EMAIL ENTERED
if($email == ""){
	echo("
	<div id='introd'></div>
	<div id='header3'>
	<div id='headerInner3'>
	<div id='headerCol3'>
	Oops, You didnt even type anything in then! Lol silly you. Go back and try again | <a href='index.php'>Go back</a>
	</div> 
	</div>
	</div>
	");
	exit();
}
if(!ereg("^.+@.+\\..+$", $email)){
	echo("
	<div id='introd'></div>
	<div id='header3'>
	<div id='headerInner3'>
	<div id='headerCol3'>
	Now that email was weird have you been drinking or is that really an email? Try again please | <a href='index.php'>Go back</a>
	</div>
	</div>
	</div>
	");
	exit();
}
// CHECK IF EMAIL EXISTS
$sql = "SELECT email FROM josh_users WHERE email='$_POST[email]'";
$result = mysql_query($sql) or die('couldnt execute query'.mysql_error());
$num = mysql_num_rows($result);
if($num > 0){
	echo("
	<div id='introd'></div>
	<div id='header3'>
	<div id='headerInner3'>
	<div id='headerCol3'>
	Oops, looks like someone already has the email account in use, is this you [ $email ] ? | <a href='index.php'>Go back</a>
	</div>
	</div>
	</div>
	");
	exit();
}

// SEND EMAIL
$special = rand();
$id = rand(1, 99);
$_SESSION['ses_code'] = $special;

$subject = "Activation from Josh McCrystal Website needed";
$body = "This is an automated email from Josh memories R.I.P Website \nThis Email ID is: $id\nActivation code: $special";
if (mail($email, $subject, $body)) {
	 	echo("
	<div id='introd'></div>
	<div id='header3'>
	<div id='headerInner3'>
	<div id='headerCol3'>
	Message was Successfully sent, please check your emails and find the Activation code and enter it in here please: \n

	<form name='form1' method='post' action='process.php?action=continue'>
		  <label>
		  Email ID should be [$id]: <input type='text' name='active'>
		  <input name='activation' type='hidden' value='$special'>
		  <input name='email' type='hidden' value='$email'>
		  </label>
		  <label>
		  <input type='submit' name='Submit' value='Submit'>
		  </label>
	</form>

	</div>
	</div>
	</div>

	<div id='header'>
		<div id='headerInner'>
		<div id='headerCol1'>
		<p><span class='style1'>Tips for Registering..</span><br />  
		<br />
		Email ID is a number ranging from 1 - 99, if you are having problems getting the correct activation code from your email address and not sure if your using the correct Code you can check to make sure 
		you are reading the right email by looking up the Email ID.
		<br /><br />
		Closing this window or going to any other page will cause any code you get via email not to work in the future, make sure you use the right CODE for the right Email ID.
		</p>
		</div>
		<div id='headerCol22'>
		<p><span class='style1'>Problems?..</span><br />  
		<br />
		If you having problems getting the correct code please dont hesitate to contact the admin stating the problem you are having: <a href='<a href='mailto:[email protected]'>here.</a>
		</p>
		</div>
		</div>
	</div>

	");
	} 
else {
  		echo("
	<div id='introd'></div>
	<div id='header3'>
	<div id='headerInner3'>
	<div id='headerCol3'>
	Message did not delivery, did you put your right email address: $email ? | <a href='index.php'>Go back</a>
	</div>
	</div>
	</div>
	");
	}
}
if($_GET['action'] == "continue"){
$code = $_POST['active'];
$compare = $_POST['activation'];
$email = $_POST['email'];

if($code == ""){
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		You have skipped a section please go back and start from the beginning.. | <a href='index.php'>Go back</a>
		</div>
		</div>
		</div>
		");
		exit();
}
if($code == $compare){
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
			<form id='form1' name='form1' method='post' action='process.php?action=finish'>
				<span class='formName'>Email:</span> <span class='formInput'>$email</span>
				<span class='formName'>Password:</span><input name='fpassword' type='password' class='formInput' id='fpassword' />
				<span class='formName'>First Name:</span><input name='ffname' type='text' class='formInput' id='ffname' />
				<span class='formName'>Last Name:</span><input name='flname' type='text' class='formInput' id='flname' />
				<span class='formName'>Hometown:</span><input name='fhometown' type='text' class='formInput' id='fhometown' />
				<span class='formName'>Gender:</span>
				<select name='gender' class='formInput' id='gender'>
				<option>Male</option>
				<option>Female</option>
				</select>
				<input name='email' type='hidden' value='$email'>
				<input name='active' type='hidden' value='$code'>
				<input name='activation' type='hidden' value='$compare'>
				<input name='Submit' type='submit' class='button' value='Submit' />
			</form>
		</div>
		</div>
		</div>
		");
		exit();
}
else{
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		Activation code was incorrect!
		<br/>
		<a href='index.php'>Go back</a>
		</div>
		</div>
		</div>

		<div id='header'>
		<div id='headerInner'>
		<div id='headerCol1'>
		<p><span class='style1'>Tips for Registering..</span><br />  
		<br />
		Sometimes our servers arn't as quick as Email servers or vice versa, please wait a while and also make sure you are using the correct Code, if you have tried to register
		multiple times with an email address but havent been successful you may find your using an old Code and the new one hasn't been sent to you yet.<br/><br />
		Double check the ID number on email to ensure you are trying with the right code.<br/><br/>

		Going back means you will have to start again from scratch, new codes are issued to insure security, sorry for any inconvenience.
		</p>
		</div>
		<div id='headerCol22'>
		<p><span class='style1'>Problems?..</span><br />  
		<br />
		If you having problems getting the correct code please dont hesitate to contact the admin stating the problem you are having: <a href='mailto:[email protected]'>here.</a>
		</p>
		</div>
		</div>
		</div>
		");
		exit();
}
}
if($_GET['action'] == "redo"){
$code = $_SESSION['ses_code'];;
$compare = $_SESSION['ses_code'];
$email = $_SESSION['ses_email'];

if($code == ""){
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		You have skipped a section please go back and start from the beginning.. | <a href='index.php'>Go back</a>
		</div>
		</div>
		</div>
		");
		exit();
}
if($code == $compare){
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
			<form id='form1' name='form1' method='post' action='process.php?action=finish'>
				<span class='formName'>Email:</span> <span class='formInput'>$email</span>
				<span class='formName'>Password:</span><input name='fpassword' type='password' class='formInput' id='fpassword' />
				<span class='formName'>First Name:</span><input name='ffname' type='text' class='formInput' id='ffname' />
				<span class='formName'>Last Name:</span><input name='flname' type='text' class='formInput' id='flname' />
				<span class='formName'>Hometown:</span><input name='fhometown' type='text' class='formInput' id='fhometown' />
				<span class='formName'>Gender:</span>
				<select name='gender' class='formInput' id='gender'>
				<option>Male</option>
				<option>Female</option>
				</select>
				<input name='email' type='hidden' value='$email'>
				<input name='active' type='hidden' value='$code'>
				<input name='activation' type='hidden' value='$compare'>
				<input name='Submit' type='submit' class='button' value='Submit' />
			</form>
		</div>
		</div>
		</div>
		");
		exit();
}
else{
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		Activation code was incorrect!
		<br/>
		<a href='index.php'>Go back</a>
		</div>
		</div>
		</div>

		<div id='header'>
		<div id='headerInner'>
		<div id='headerCol1'>
		<p><span class='style1'>Tips for Registering..</span><br />  
		<br />
		Sometimes our servers arn't as quick as Email servers or vice versa, please wait a while and also make sure you are using the correct Code, if you have tried to register
		multiple times with an email address but havent been successful you may find your using an old Code and the new one hasn't been sent to you yet.<br/><br />
		Double check the ID number on email to ensure you are trying with the right code.<br/><br/>

		Going back means you will have to start again from scratch, new codes are issued to insure security, sorry for any inconvenience.
		</p>
		</div>
		<div id='headerCol22'>
		<p><span class='style1'>Problems?..</span><br />  
		<br />
		If you having problems getting the correct code please dont hesitate to contact the admin stating the problem you are having: <a href='mailto:[email protected]'>here.</a>
		</p>
		</div>
		</div>
		</div>
		");
		exit();
}
}
if($_GET['action'] == "finish"){

// GET VARIABLES
$firstname = strip_tags(mysql_real_escape_string($_POST['ffname']));
$lastname = strip_tags(mysql_real_escape_string($_POST['flname']));
$hometown = strip_tags(mysql_real_escape_string($_POST['fhometown']));
$password = md5($_POST['fpassword']);
$code = $_SESSION['ses_code'];
$email = $_POST['email'];
$gender = $_POST['gender'];

// VALIDATE
if($firstname == ""){
		echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		Oops! You didnt fill in your first name..
		<br/>
		<a href='process.php?action=redo'>Go back</a>
		</div>
		</div>
		</div>
		");
		exit();
}
if($lastname == ""){
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		Oops! You didnt fill in your last name..
		<br/>
		<a href='process.php?action=redo'>Go back</a>
		</div>
		</div>
		</div>
		");
		exit();
}
if($hometown == ""){
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		Oops! You didnt fill in your hometown..
		<br/>
		<a href='process.php?action=redo'>Go back</a>
		</div>
		</div>
		</div>
		");
		exit();
}
if($password == ""){
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		Oops! You didnt fill in your password..
		<br/>
		<a href='process.php?action=redo'>Go back</a>
		</div>
		</div>
		</div>
		");
		exit();
}

//UPLOAD INFORMATION
$query = "INSERT INTO josh_users (firstname,lastname,email,gender,password,hometown) VALUES ('$firstname','$lastname','$email','$gender','$password','$hometown')";
$results = mysql_query($query) or die ('Error updating database'.mysql_error());

if($results){
	echo("
		<div id='introd'></div>
		<div id='header3'>
		<div id='headerInner3'>
		<div id='headerCol3'>
		Congratulations, you have just created a new account and can now log in..| <a href='index.php'>Go home</a>
		</div>
		</div>
		</div>
	");
}
}
?>
</div>

 

 

here is the site: http://www.brokenbox.co.uk/98

 

Any help is much appreciated. thanks.