0
<?php
$user = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string(sha1($_POST['password']));
$query = mysql_query("SELECT * FROM  `users` WHERE name =  '$user' AND pass =  '$password' AND privileges = 'superuser'");
$num_rows = mysql_num_rows($query);

if($num_rows == '1') {
$expire = time()*60*60*60*60;
setcookie("user","$user",$expire);
$_SESSION['user'] = $user;
include '/views/admin/admin.php';
}
else {
echo "Username and Password are incorrect! (Maybe you don't have permission!)";
}
?>

It says

Warning: Cannot modify header information - headers already sent by (output started at Z:\home\test1.ru\www\views\admin\validate.php:1) in Z:\home\test1.ru\www\views\admin\validate.php on line 9

line 9 is - setcookie("user","$user",$expire);

4 Answers4

2

cookies in HTTP will be transferred using the headers. setcookie() therefore is just a wrapper around header() and cannot being used if there were already output in that script.

I guess that the output is an error message triggered by the mysql_* functions or whitespace|content before the opening <?php tag

hek2mgl
  • 152,036
  • 28
  • 249
  • 266
1

i had similar problem.the reason for this is that you may have a white space before the php tag.Remove the space and you are good to go.

Raz Mahato
  • 875
  • 1
  • 7
  • 11
0

use ob_start(); after php tag

$user = mysql_real_escape_string($_POST['login']);

to

ob_start();

$user = mysql_real_escape_string($_POST['login']);

Goutam Pal
  • 1,763
  • 1
  • 10
  • 14
  • `ob_start()` is a well known way to prevent php from outputting the body too *early*, that's true. But note that using `ob_*` type of functions will not prevent content that is outside the ` – hek2mgl Jun 10 '13 at 06:42
0

you have to check for few things.however i think your php script is ok.

  • 1.you have some html in this page before php begins. 2.you are using template for this site and template first sending header 3.you have some white space before php tag

check and be happy

Mahanaga
  • 1