I have an AJAX login system - all the form data is validated using PHP and if there is a match for the username and password it sets certain cookies.
I am aware that cookies need to be set before ANYTHING else, but how is this possible with the model I am using. I want to keep the whole login refresh-less.
I am getting the error: "Cannot modify header information - headers already sent by....."
Does anyone have any advice?
Thanks
EDIT: the form is validated using an IF statement then if the conditions are met the cookies are set in there
The code: alllll of it
<?php
session_start();
include "connect.php";
if ($_POST) {
$loginuser = mysql_escape_string($_POST['loginuser']);
$loginpass = mysql_escape_string($_POST['loginpass']);
$rememberme = mysql_escape_string($_POST['rememberme']);
if ($rememberme = 1) {
$time = time()+60*60*24*365;
} else {
$time = time()+3600;
}
$salt = changedsalt";
$hashed_password = sha1($loginpass).sha1($salt);
$getUser_sql = "SELECT * FROM acts WHERE username = '$loginuser' AND hashed_password = '$hashed_password'";
$getUser = mysql_query($getUser_sql);
$getUser_RecordCount = mysql_num_rows($getUser);
if($getUser_RecordCount == 1) {
$rowLogin = mysql_fetch_array($getUser);
$user_id = $rowLogin['id'];
$emailad = $rowLogin['email'];
$activated = $rowLogin['activated'];
if ($activated == 1) {
$hash = "changedthistoo";
$randstring = rand(5, 10);
$code = sha1($hash . $randstring);
mysql_query("UPDATE `acts` SET `key` = '$code' WHERE `id` = '$user_id' AND `email` = '$emailad'");
setcookie('AHkey', $code, $time, '/');
setcookie('AHid', $user_id, $time, '/');
setcookie('AHem', $emailad, $time, '/');
setcookie('AHty', 'acts', $time, '/');
setcookie('AHtr', 1, time()+3600, '/');
$data['success'] = true;
$data['message'] = "Act Login - Activated";
$data['message'] = $code;
echo json_encode($data);
exit;
} else {
$data['success'] = false;
$data['message'] = "Act Login - Not Activated";
echo json_encode($data);
exit;
}
} elseif ($getUser_RecordCount == 0) {
$getUser_sqlp = "SELECT * FROM promoter WHERE username = '$loginuser' AND hashed_password = '$hashed_password'";
$getUserp = mysql_query($getUser_sqlp);
$getUser_RecordCountp = mysql_num_rows($getUserp);
$rowLogin = mysql_fetch_array($getUserp);
$user_id = $rowLogin['id'];
$emailad = $rowLogin['email'];
$activated = $rowLogin['activated'];
if($getUser_RecordCountp == 1) {
if ($activated == 1) {
//generate random string
$hash = "49ebva09afbh";
$randstring = rand(5, 10);
$code = sha1($hash . $randstring);
mysql_query("UPDATE `promter` SET `key` = '$code' WHERE `id` = '$user_id' AND `email` = '$emailad'");
setcookie('AHkey', $code, $time, '/');
setcookie('AHid', $user_id, $time, '/');
setcookie('AHem', $emailad, $time, '/');
setcookie('AHty', 'promoter', $time, '/');
setcookie('AHtr', 1, time()+3600, '/');
$data['success'] = true;
$data['message'] = "Act Login - Activated";
$data['message'] = $code;
echo json_encode($data);
exit;
} else {
$data['success'] = false;
$data['message'] = "Promoter Login - Not Activated";
echo json_encode($data);
exit;
}
} else {
$data['success'] = false;
$data['message'] = "Wrong Username or Password";
}
}
echo json_encode($data);
}
?>
please use ob_start(); before the redirect using the header();
before any use of header() there should not be any output to the screen. for more use of ob_start please go through http://php.net/manual/en/function.ob-start.php
You can keep session_start() in the main index page on the top. Then use Ajax to send data to this url or page.