Hi, I don't know if I can help but please be more specific about what isn't working: ie is the cookie not being set, do you get an error msg, etc.

I means it ask me user name and passward agin when i come back to the website next time.

please go to the my website "<snip>", and type the user name with aaa, and the passward with 123. Then you will log in. but the website does not let me automatically log in next time after i close the website and come back to the website again( i didn't log out the page, i just close the website and leave away and come back).

Like the webmasterworld, i just type the url into the browser, then it let me automatically log into the page, and it does not ask me user name and passawrd.

[edited by: engine at 2:47 pm (utc) on Dec. 7, 2006]
[edit reason] See TOS [webmasterworld.com] [/edit]

OK. Try to disable redirecting for a moment - there are errors on the page.

You are sending something before setting the cookie (cookie has to be set before you send anything!).

Check if you don't echo anything, you can't even have one space or line before <?php sign.

Then it should work fine

Regards
Michal

i take off the following from the bottom code of the login.php,

<code>
/* Quick self-redirect to avoid resending data on refresh */
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
return;
"

</code>

and it also give me massage as following, you can check my page <removed> which i take off the redirect code already.

Warning: Cannot modify header information - headers already sent by (output started at /home/wbusines/public_html/login.php:5) in /home/wbusines/public_html/login.php on line 155

Warning: Cannot modify header information - headers already sent by (output started at /home/wbusines/public_html/login.php:5) in /home/wbusines/public_html/login.php on line 156

[edited by: jatar_k at 4:44 pm (utc) on Dec. 7, 2006]
[edit reason] no urls thanks [/edit]

>You are sending something before setting the cookie (cookie has to be set before you send anything!).

Sorry, i could not understand it.
for instance, if i call the function of the confirmUser, i need to set the cookies before it?

In login.php on line 155 you are printing something to the browser. Maybe:
<html> or echo "Correct login" I don't know. But it's before the setcookie.

See this line, or try to post the lines from 150 to 160 and we'll try to figure out something

Michal

ok here is the code start from 150 line

/* Username and password correct, register session variables */
$_POST['user'] = stripslashes($_POST['user']);
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;

/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}

Do you have any echo , print, or print_r before that?

Could you also show me the beginning of the file?

ok, the following is the whole file;

<code>

<?
session_start();
?>

<?

/**
* Checks whether or not the given username is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn't exist or if the passwords don't
* match up, it returns an error code (1 or 2).
* On success it returns 0.
*/
function confirmUser($username, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}

/* Verify that user is in database */
$q = "select password from users where username = '$username'";
$result = mysql_query($q,$conn);
if(!$result ¦¦ (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}

/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);

/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}

/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}

/* Username and password have been set */
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['username'], $_SESSION['password'])!= 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}

/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLogin(){
global $logged_in;
if($logged_in){
echo "<h1>Logged In!</h1>";
echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
}
else{
?>
<html>
<center>
<h1>Login</h1>
</center>
<body>
<center>
<form action="" method="post" >
<table align="center" border="0" cellspacing="0" cellpadding="3">
<tr><td align="center">Username:</td><td align="center"><input type="text" name="user" maxlength="30"></td></tr>
<tr><td align="center">Password:</td><td align="center"><input type="password" name="pass" maxlength="30"></td></tr>
<tr><td align="center" colspan="2" ><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td align="center" colspan="2" ><a href="register.php">Join</a></td></tr>
</table>
</form>
</center>
</body>
</html>

<?
}
}

/**
* Checks to see if the user has submitted his
* username and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['sublogin'])){
/* Check that all fields were typed in */
if(!$_POST['user'] ¦¦!$_POST['pass']){
die('You didn\'t fill in a required field.');
}
/* Spruce up username, check length */
$_POST['user'] = trim($_POST['user']);
if(strlen($_POST['user']) > 30){
die("Sorry, the username is longer than 30 characters, please shorten it.");
}

/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['pass']);
$result = confirmUser($_POST['user'], $md5pass);

/* Check error codes */
if($result == 1){
die('That username doesn\'t exist in our database.');
}
else if($result == 2){
die('Incorrect password, please try again.');
}

/* Username and password correct, register session variables */
$_POST['user'] = stripslashes($_POST['user']);
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;

/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}

}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>

</code>

OK. I found the problem

<?
session_start();
?>

<?
You write new line between?> and <?

if you correct beginning of the file to:

<?
session_start();

/**
* Checks whether or not the given username is in the
* d...

it should work.

Michal

PS. If not, I will try to find sth else

I am very appreciate for your help, It does work very well now.

But i got some question from you

1)> You are sending something before setting the cookie (cookie has to be set before you send anything!).

Does the following code sending the url aways, and that why you disable it?

/* Quick self-redirect to avoid resending data on refresh */
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
return;
"

2)>Check if you don't echo anything, you can't even have one space or line before

give me some example, please

and also before set cookies, it called another function as well, like

$result = confirmUser($_POST['user'], $md5pass);

In the above case, does it send somthing before set cookies?

depends, what you are doing in that function... So it's not working?

>OK. Try to disable redirecting for a moment - there are errors on >the page.
>You are sending something before setting the cookie (cookie has to >be set before you send anything!).

> depends, what you are doing in that function... So it's not >working?

It works fine, I just wonder why it can let me log in automaticaly after i take off the "/* Quick self-redirect to avoid resending data on refresh */
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
return; ". And you say the cookies have to set up befoer anything.
but in here, the redirect is placed after the cookies set up, That's why i am so confuse with the word you said. Could you explain agian,
why it work now after i disable the redirect? Thanks

>depends, what you are doing in that function...

and the fuction does the job of checking of the user name and passward exist in the database or not.

confirmUser($_POST['user'], $md5pass);

the whole code as following

/**
* Checks whether or not the given username is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn't exist or if the passwords don't
* match up, it returns an error code (1 or 2).
* On success it returns 0.
*/
function confirmUser($username, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}

/* Verify that user is in database */
$q = "select password from users where username = '$username'";
$result = mysql_query($q,$conn);
if(!$result ¦¦ (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}

/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);

/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}

1. The headers have to be set before sending any data.

Headers consist of:
1. setting cookies (setcookie)
2. information about server
3. information about opened file
4. redirecting (header("Location: http://www.example.com");

However if you use the meta, then html is responsible for redirection, not the header. Therefore it will work after setcookie

2.
examples of wrong setcookie:
- character before <?

<?php
setcookie("name", "value", time()+60*60*24*100, "/");
?>

- character after <?

<?php
session_start();
?>
<?php
setcookie("name", "value", time()+60*60*24*100, "/");
?>

- echoing sth before cookie

<?php
echo "This is test page. ";
setcookie("name", "value", time()+60*60*24*100, "/");
?>

- writing html before setting the cookie

<html>
<head>
<?php
setcookie("name", "value", time()+60*60*24*100, "/");
?>

The above examples are all wrong - headers are already sent. I hope this cleares things for you.

Michal

So from your wrong example, can i conclude as following;

The setcookie() function must appear BEFORE the <html> tag.

<?php
setcookie("user", "Alex", time()+3600);
?>

<html>
<body></body>
</html>

Yes.

It must appear before that.

Michal