PHP Error - Setting Cookies - Please Help!

CodeSeeker · **Joined:** Tue Aug 14, 2007 7:12 pm **Posts:** 595

Hey PHP Programmers,

I really need some help with this error. Im trying to make a login type script that saves your name, and increments by 1 , how many times you vist the site.

For some reason when i set session_start(); and the setcookie(); i get errors.

heres my code...

Code:

<html>
<head>
<title> Login. </title>

<h2> Login Screen.</h2>

<?PHP

session_start();

$_SESSION['count'] = $_SESSION['count'] + 1;

print "You've looked at this page " . $_SESSION['count'] . ' times.';

?>
<p></p>

<img src="login.jpg">

<?php

$browser = get_browser( );

if ($browser->platform == 'WinXP') {

    print '<p></p><b>You are using Microsoft Windows XP Operating System.</b><p></p>';
   
} elseif ($browser->platform == 'MacOSX') {

    print 'You are using the Mac OS X.';

} else {

    print 'You are using a different operating system. this page , may or may not show.';

}

?>

<form method="POST" action="sayhello.php">

Your Name: <input type="text" name="user">

<br/>

<input type="submit" value="Say Hello">

</form>

</head></html>

Error:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at E:\Xampp\htdocs\xampp\aricsphp.php:8) in E:\Xampp\htdocs\xampp\aricsphp.php on line 10

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at E:\Xampp\htdocs\xampp\aricsphp.php:8) in E:\Xampp\htdocs\xampp\aricsphp.php on line 10
You've looked at this page 1 times.

what am i doing wrong?

Once Again,

Thanks for your help, i really appreciate it.

CodeSeeker · **Joined:** Tue Aug 14, 2007 7:12 pm **Posts:** 595

I have consulted the PHP Manual, and i found that i should create the cookies, before browser input is declared.

So should my code Be Like This???

Code:

###############################################
// Modified Code Since Last Error:
<?PHP

session_start();

$_SESSION['count'] = $_SESSION['count'] + 1;

?>

// End Of Modified Code Since Last Error.
###############################################

<html>
<head>
<title> Login. </title>

<h2> Login Screen.</h2>

<?PHP

print "You've looked at this page " . $_SESSION['count'] . ' times.';

?>
<p></p>

<img src="login.jpg">

<?php

$browser = get_browser( );

if ($browser->platform == 'WinXP') {

    print '<p></p><b>You are using Microsoft Windows XP Operating System.</b><p></p>';
   
} elseif ($browser->platform == 'MacOSX') {

    print 'You are using the Mac OS X.';

} else {

    print 'You are using a different operating system. this page , may or may not show.';

}

?>

<form method="POST" action="sayhello.php">

Your Name: <input type="text" name="user">

<br/>

<input type="submit" value="Say Hello">

</form>

</head></html>

Is that the proper way to write a cookie?

ScepticWebAdmin · **Posted:** Tue Sep 04, 2007 11:43 am

This works

Code:

<?PHP

session_start();

$_SESSION['count'] = $_SESSION['count'] + 1;

print "You've looked at this page " . $_SESSION['count'] . ' times.';

?>
<p></p>

<img src="login.jpg">

<?php

$browser = get_browser( );

if ($browser->platform == 'WinXP') {

    print '<p></p><b>You are using Microsoft Windows XP Operating System.</b><p></p>';
   
} elseif ($browser->platform == 'MacOSX') {

    print 'You are using the Mac OS X.';

} else {

    print 'You are using a different operating system. this page , may or may not show.';

}

?>

<form method="POST" action="sayhello.php">

Your Name: <input type="text" name="user">

<br/>

<input type="submit" value="Say Hello">

</form>

Without the <html> and <head> tags it works fine

vbnewb2 · **Posted:** Tue Sep 04, 2007 12:18 pm

If you are using the page as an include make sure you haven't done the session start on the previous pages.

CodeSeeker · **Joined:** Tue Aug 14, 2007 7:12 pm **Posts:** 595

Thank You!

thats what i figured the error was, when i read the official PHP Manual.

i was just making sure,

Thank you for your help, i now learned that cookies must be created , before user output is sent

ScepticWebAdmin · **Posted:** Tue Sep 04, 2007 1:31 pm

its ok

CodeSeeker · **Joined:** Tue Aug 14, 2007 7:12 pm **Posts:** 595

Thanks for the help scepticwebadmin , ive created a user registration system now

its not very secure lol (* can be edited with CookieEdit ^FireFOX Addon * ) but its not bad for a beginner at PHP.

Tides of War Inc · **Joined:** Mon Jun 18, 2007 2:16 am **Posts:** 214

Yeah. Always place session_start() before anything else is declared - you can still use HTML/HEAD tags just as long as they're after the declaration of a session.

Once session_start() is declared, you can start storing whatever in the session. As far as cookies go and them being "secure", like you said - you can edit them.

Never used cookies myself, but if you want automatic logins and saved usernames, go for it. They aren't necessary other than that.

CodeSeeker · **Joined:** Tue Aug 14, 2007 7:12 pm **Posts:** 595

Right, my next step , when im advanced in PHP, will to be to create an encryption for the cookies, so skiddies wont modify the cookies and exploit them with CookieEdit.

thank you for the help everyone!

Tides of War Inc · **Joined:** Mon Jun 18, 2007 2:16 am **Posts:** 214

Code:

cookie['cookieheader']=md5($headername);

php has a md5 library already at it's disposal.

Encrypt the cookie header/name then store the username unencrypted in the cookie.

Ripe · **Joined:** Wed Sep 05, 2007 6:35 am **Posts:** 125

CodeSeeker wrote:

Right, my next step , when im advanced in PHP, will to be to create an encryption for the cookies, so skiddies wont modify the cookies and exploit them with CookieEdit.

thank you for the help everyone!

Best way to prevent this is to create a random id, insert it into the database along with the user id and then create the cookie with the random id. And continually check if the id is the same or not. I like to add the persons IP address in there too

nex666 · **Posted:** Mon Sep 17, 2007 3:49 am

Couldn't they just modify the rest of the cookie. Just like if they had to use their username and modified the rest still? Kind of pointless.

bortix · **Joined:** Thu Apr 26, 2007 5:28 pm **Posts:** 1162

u have to remember that all cookies and sessions have to be called before you do any html tags

Tides of War Inc · **Joined:** Mon Jun 18, 2007 2:16 am **Posts:** 214

Well, that's why I say just use sessions to store everything - unless you want automatic logins and all that which.. to me is pointless.

session names are generated hexidecimal numbers so there's your security - good luck finding and altering a session - I failed miserably.

vbGore Free Online RPG Engine

PHP Error - Setting Cookies - Please Help!