Setting Cookies AJAX/PHP

Question

I have an AJAX login system - all the form data is validated using PHP and if there is a match for the username and password it sets certain cookies.

I am aware that cookies need to be set before ANYTHING else, but how is this possible with the model I am using. I want to keep the whole login refresh-less.

I am getting the error: "Cannot modify header information - headers already sent by....."

Does anyone have any advice?

Thanks

EDIT: the form is validated using an IF statement then if the conditions are met the cookies are set in there

The code: alllll of it

<?php
session_start(); 
include "connect.php";
if ($_POST) {   
    $loginuser = mysql_escape_string($_POST['loginuser']);
    $loginpass = mysql_escape_string($_POST['loginpass']);
    $rememberme = mysql_escape_string($_POST['rememberme']);

    if ($rememberme = 1) {
        $time = time()+60*60*24*365;
    } else {
        $time = time()+3600;
    }

    $salt = changedsalt";
    $hashed_password = sha1($loginpass).sha1($salt);

    $getUser_sql = "SELECT * FROM acts WHERE username = '$loginuser' AND hashed_password = '$hashed_password'";
    $getUser = mysql_query($getUser_sql);
    $getUser_RecordCount = mysql_num_rows($getUser);        

    if($getUser_RecordCount == 1) {
        $rowLogin = mysql_fetch_array($getUser);
        $user_id = $rowLogin['id'];
        $emailad = $rowLogin['email'];
        $activated = $rowLogin['activated'];            
        if ($activated == 1) {
            $hash = "changedthistoo";
            $randstring = rand(5, 10);
            $code = sha1($hash . $randstring);
            mysql_query("UPDATE `acts` SET `key` = '$code' WHERE `id` = '$user_id' AND `email` = '$emailad'");
            setcookie('AHkey', $code, $time, '/');
            setcookie('AHid', $user_id, $time,  '/');
            setcookie('AHem', $emailad, $time, '/');
            setcookie('AHty', 'acts', $time, '/');
            setcookie('AHtr', 1, time()+3600, '/');
            $data['success'] = true;
            $data['message'] = "Act Login - Activated";
            $data['message'] = $code;
            echo json_encode($data);
            exit;               
        } else {
            $data['success'] = false;
            $data['message'] = "Act Login - Not Activated";
            echo json_encode($data);
            exit;
        }       
    } elseif ($getUser_RecordCount == 0) {
        $getUser_sqlp = "SELECT * FROM promoter WHERE username = '$loginuser' AND hashed_password = '$hashed_password'";
        $getUserp = mysql_query($getUser_sqlp);
        $getUser_RecordCountp = mysql_num_rows($getUserp);
        $rowLogin = mysql_fetch_array($getUserp);
        $user_id = $rowLogin['id'];
        $emailad = $rowLogin['email'];
        $activated = $rowLogin['activated'];
        if($getUser_RecordCountp == 1) {
            if ($activated == 1) {
                //generate random string
                $hash = "49ebva09afbh";
                $randstring = rand(5, 10);
                $code = sha1($hash . $randstring);
                mysql_query("UPDATE `promter` SET `key` = '$code' WHERE `id` = '$user_id' AND `email` = '$emailad'");
                setcookie('AHkey', $code, $time, '/');
                setcookie('AHid', $user_id, $time, '/');
                setcookie('AHem', $emailad, $time, '/');
                setcookie('AHty', 'promoter', $time, '/');
                setcookie('AHtr', 1, time()+3600, '/');
                $data['success'] = true;
                $data['message'] = "Act Login - Activated";
                $data['message'] = $code;
                echo json_encode($data);
                exit;                           
            } else {
                $data['success'] = false;
                $data['message'] = "Promoter Login - Not Activated";
                echo json_encode($data);
                exit;
            }
        } else {
            $data['success'] = false;
            $data['message'] = "Wrong Username or Password";
        }       
    }   
    echo json_encode($data);
}
?>

I've added the code that is ran by the AJAX - I know i can't do it before header, but I just don't know how to do it, as in how to make this work how I'd like it, or for that matter, if its even possible.EDIT: Excuse the crap code, i'm in the process of changing it but want to solve these errors first — Steve_M, Apr 09 '13 at 09:08
You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). — Quentin, Apr 09 '13 at 09:09
Which one should I be using? I've seen the PDO stuff before but thought to myself "this works..." well, not in this case — Steve_M, Apr 09 '13 at 09:11
I couldn't recommend one over the other (DBI is lovely, especially if you wrap it with DBIx::Class, but you'd have to be willing to switch languages to use that :D). Your choice of database API is highly unlikely to be causing a "headers already sent" problem though. — Quentin, Apr 09 '13 at 09:17

score 0 · Answer 1 · answered Apr 09 '13 at 09:13

0

please use ob_start(); before the redirect using the header();

before any use of header() there should not be any output to the screen. for more use of ob_start please go through http://php.net/manual/en/function.ob-start.php

answered Apr 09 '13 at 09:13

Kumar Saurabh Sinha

880
8
23

score 0 · Answer 2 · answered Apr 09 '13 at 09:21

0

You can keep session_start() in the main index page on the top. Then use Ajax to send data to this url or page.

answered Apr 09 '13 at 09:21

Harry Bomrah

1,658
1
11
14

So would I still set the cookies in this PHP? (Called using AJAX) or would I have to do something else? – Steve_M Apr 09 '13 at 09:48
u cant set cookie if u use ajax. u should return the data in json and set cookies at client side using js. headers already send usually comes when u try to start a session when a session is already started. u can use `if(!headers_sent())session_start();` to check. let me know if u need help with making cookies using js. – Harry Bomrah Apr 10 '13 at 11:46

Setting Cookies AJAX/PHP

2 Answers2