what is exactly the line 163 wich outpust error?
( index.php:163 )

look at index.php line 163, it either echo or print something?

the work around is to place:
<?php
ob_start();
?>
at the very top of index.php

There is no line 163 inside of the index.php page.

<?php
include("config.php");

$usr = $_POST["usr"]; $pwd = $_POST["pwd"];
$username = $_COOKIE["username"]; $password = $_COOKIE["password"];
if($username && $password)
{
$result = mysql_query("select * from $tbmembers where username='$username' and password='$password'") or die("Validate Login: ".mysql_error());
if(mysql_num_rows($result) > 0)
{
while($row = mysql_fetch_array($result)) {
$username1 = $row["username"];
$userid1 = $row["userid"];
$level1 = $row["level"];
$rank1 = $row["rank"];
$points1 = $row["points"];
$email1 = $row["email"];
$aim1 = $row["aim"];
$profile1 = $row["profile"];
$bgcolor1 = $row["bgcolor"];
$bordercolor1 = $row["bordercolor"];
$borderlightcolor1 = $row["borderlightcolor"];
$tablebgcolor11 = $row["tablebgcolor1"];
$tablebgcolor21 = $row["tablebgcolor2"];
$fontcolor1 = $row["fontcolor"];
$linkcolor1 = $row["linkcolor"];
}
echo "<center>welcome back <b>$username(<b>$rank1</b>)</b><br><br></center>$navigation";
echo "<br><b>Admin links:</b><br>";

if($rank1 == "Admin") {
echo "None";
} else {
echo "Not admin.";
}
}
} else {
echo "$login_form";
}
?>

Hrrrm... it looks to me like this could be caused by calling variables in a cookie after printing HTML code.

Try calling the cookie variables before you output ANY HTML code.

-panic

ur true panic

its the same error if u try to do a LOCATION:

if there some html printed out ur dead ;)

So whats the code have to be to place it so it reads it before that? I found this script online without a readme file or anything so i am kinda lost as to how to call the cookies before the HTML. If you could let me know that would be great.

Thanks again for all the input so far. Really means a lot.

If that's the case, then you might want to look into either using another one, or go as far as creating one on your own. Creating your own might take a while, but in the long run, it'll be better for various reasons :

1) You'll know exactly how the code works
2) If it's not released, then no one's going to be able to come up with an exploit for it.

-panic

it is an order of events. working with cookies has to be done before even one char is actually sent to the browser.

the line with setcookie in it just has to occur first. I would look at what is sending output via echo or print that occurs before the setcookie line.

are you echoing something in the config file?

this is in the config file,

<?php
ob_start();
?>
<?php
/***********************************************
create table users (
`userid` int auto_increment primary key,
`username` varchar(32) not null,
`password` varchar(32) not null,
`email` varchar(60) not null,
`aim` varchar(50) not null,
`profile` varchar(255) not null,
`rank` varchar(255) not null,
`points` varchar(255) not null,
`level` varchar(255) not null,

);
***********************************************/

$site_url = "";
$admin_email = "";
$dbhost = "localhost";
$dbuser = "";
$dbpass = "";
$dbname = "";
$tbmembers = "users";
$ck_life = "3198641813";

$connect = mysql_connect($dbhost,$dbuser,$dbpass) or die("MySQL Connection: ".mysql_error());
mysql_select_db($dbname) or die("Database: ".mysql_error());

$navigation = <<< HTML

<a href="?id=sys&Page=editform">Edit Profile</a> <br />
<a href="?id=sys&Page=editpwform">Change Your Password</a><br />
<a href="?id=sys&Page=viewall">View All Members</a><br />
<a href="?id=sys&Page=logout">Logout $username</a><br />
HTML;

$login_form = <<< HTML
<form action="?id=sys&Page=login" method="post">
<b>username:</b><br />
<input type="text" name="usr" size="20"><br />
<b>password:</b><br />
<input type="password" name="pwd" size="20"><br />
<input type="submit" name="submit" value="login"></form>
<a href="index.php?id=sys&Page=viewall">View All Members</a><br />
<a href="index.php?id=sys&Page=regform">Register</a><br />
HTML;
?>
<?php
ob_end_flush();
?>

Thanks again for all the help

Exactly as I suspected... it outputs HTML in the config file.

When you include config.php into index.php, it essentially stuffs the contents of config.php into index.php where you called the include function.

What you should do is take out all that HTML from config.php, and stick that into index.php after these lines :

$usr = $_POST["usr"]; $pwd = $_POST["pwd"];
$username = $_COOKIE["username"]; $password = $_COOKIE["password"];

That should fix your problem.

-panic

it is not reading from the cookie that is the problem it is the setcookie line

your output has to start after
if(setcookie("username",$usr,time()+(86400*7)) && setcookie("password",$pwd,time()+(86400*7)))

No luck panic,

Check the code below,

index.php,
<?php
include("config.php");

$usr = $_POST["usr"]; $pwd = $_POST["pwd"];
$username = $_COOKIE["username"]; $password = $_COOKIE["password"];
$navigation = <<< HTML

<a href="?id=sys&Page=editform">Edit Profile</a> <br />
<a href="?id=sys&Page=editpwform">Change Your Password</a><br />
<a href="?id=sys&Page=viewall">View All Members</a><br />
<a href="?id=sys&Page=logout">Logout $username</a><br />
HTML;

$login_form = <<< HTML
<form action="?id=sys&Page=login" method="post">
<b>username:</b><br />
<input type="text" name="usr" size="20"><br />
<b>password:</b><br />
<input type="password" name="pwd" size="20"><br />
<input type="submit" name="submit" value="login"></form>
<a href="index.php?id=sys&Page=viewall">View All Members</a><br />
<a href="index.php?id=sys&Page=regform">Register</a><br />
HTML;
if($username && $password)
{
$result = mysql_query("select * from $tbmembers where username='$username' and password='$password'") or die("Validate Login: ".mysql_error());
if(mysql_num_rows($result) > 0)
{
while($row = mysql_fetch_array($result)) {
$username1 = $row["username"];
$userid1 = $row["userid"];
$level1 = $row["level"];
$rank1 = $row["rank"];
$points1 = $row["points"];
$email1 = $row["email"];
$aim1 = $row["aim"];
$profile1 = $row["profile"];
$bgcolor1 = $row["bgcolor"];
$bordercolor1 = $row["bordercolor"];
$borderlightcolor1 = $row["borderlightcolor"];
$tablebgcolor11 = $row["tablebgcolor1"];
$tablebgcolor21 = $row["tablebgcolor2"];
$fontcolor1 = $row["fontcolor"];
$linkcolor1 = $row["linkcolor"];
}
echo "<center>welcome back <b>$username(<b>$rank1</b>)</b><br><br></center>$navigation";
echo "<br><b>Admin links:</b><br>";

if($rank1 == "Admin") {
echo "None";
} else {
echo "Not admin.";
}
}
} else {
echo "$login_form";
}
?>

Config file,
<?php
ob_start();
?>
<?php
$site_url = "";
$admin_email = "";
$dbhost = "localhost";
$dbuser = "";
$dbpass = "";
$dbname = "";
$tbmembers = "users";
$ck_life = "3198641813";
$connect = mysql_connect($dbhost,$dbuser,$dbpass) or die("MySQL Connection: ".mysql_error());
mysql_select_db($dbname) or die("Database: ".mysql_error());
?>
<?php
ob_end_flush();
?>

Is that all correct?

What error message are you getting now?

This one,

Warning: Cannot modify header information - headers already sent by (output started at /home/gstorm/public_html/build 2/index.php:163) in /home/gstorm/public_html/build 2/sys/login.php on line 16
Login failed: Could not set cookies to your computer. Please enable cookies in your browser's settings

Its like it was never changed.

see post 12
the script will not be able to set the cookie in the login script so long as setcookie is called after there is output. Reading the cookie data can occur wherever you like.

it is the login script erroring out not the index. I would assume the index is called after the login script.

jatar_k i dont follow as to the output that you mean.

So that would mean that this setcookies would have to be moved to the if($usr && $pwd). If that is not the case then would you kindly place where that should be on this code?. Thanks again
<?php
ob_start();
?>
<?php
include("config.php");

if($usr && $pwd)
{
$usr = trim(strtolower($usr));
$pwd = trim(strtolower($pwd));
// check data
$result = mysql_query("select * from $tbmembers where username='$usr' ".
"and password='$pwd'") or die("Validate Login: ".mysql_error());
if(mysql_num_rows($result) > 0)
{
if(setcookie("username",$usr,time()+(86400*7)) && setcookie("password",$pwd,time()+(86400*7)))
echo "<script language=JavaScript>window.location='http://domain.com'</script>";
else
echo "Login failed: Could not set cookies to your computer. Please enable cookies in your brow$
}
else
{
echo "Login failed: Username/Password could not be found in the database.<br />$login_form";
}
} else { echo "$login_form"; }
?>
<?php
ob_end_flush();
?>

originally your config file was outputting to the browser then you tried to set a cookie after. The config shouldn't have any browser output then once you include it and get down to where the setcookie call is it will be fine.

Just make it so there is no output from the config file and that should sort it.

Thanks for all of the imput on this issue. I contacted the person that made the script and he is working on it.

Thanks again for all of the input.
Mike