I have this code...



<?

include "config.php";

$username = $_POST['username'];
$password = md5($_POST[password]);

$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);

if($data[password] != $password) {

echo "<META http-equiv=\"refresh\" content=\"3;URL=invalid.php\">";

}else{

$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$user = mysql_fetch_array($query);

setcookie("id", $user[id],time()+(60*60*24*5), "/", "");
setcookie("pass", $user[password],time()+(60*60*24*5), "/", "");

echo ("<META http-equiv=\"refresh\" content=\"3;URL=index.php\">");

}

?>


When the login is invalid it goes to invalid page as it should but when the login is correct i get this error:

Warning: Cannot modify header information - headers already sent by (output started at /home/pkskape/public_html/processlogin.php:9) in /home/pkskape/public_html/processlogin.php on line 46

Warning: Cannot modify header information - headers already sent by (output started at /home/pkskape/public_html/processlogin.php:9) in /home/pkskape/public_html/processlogin.php on line 47
Processing Login... If this page appears for more than 5 seconds click here (http://www.pkscape.net/index.php)...

Moved by Mattps22004 (Forum Moderator) from Website Designing & Development: Please post in the correct forum next time, thanks :).

I think you posted the wrong code try posting invalid.php or index.php (i think the one above it index.php?)

<?
ob_start();

include "config.php";

$username = $_POST['username'];
$password = md5($_POST[password]);

$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);

if($data[password] != $password) {

echo "<META http-equiv=\"refresh\" content=\"3;URL=invalid.php\">";

}else{

$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$user = mysql_fetch_array($query);

setcookie("id", $user[id],time()+(60*60*24*5), "/", "");
setcookie("pass", $user[password],time()+(60*60*24*5), "/", "");

echo ("<META http-equiv=\"refresh\" content=\"3;URL=index.php\">");

}

?>


U forgot the ob_start(); up the top mate. Have fun

You really ought to put some form of security on there..

Just try a few simple things like addslashes() on your inputs.

*stipslashes()

mysql_real_escape_string and stripslashes is what I always use. Write a function to clean the strings.

also use sessions rather than cookies.. much more secure

Oh everyones talking bout protection. Well to stop html and everything else u wanna set up a function with stripslashes(); etc.

*stipslashes()

Surely you want to add slashes before every single quote, BEFORE it goes into the database? And strip them when you're displaying the HTML?