Set Cookies isnt working

Question

yesterday my cookies were setting just fine, but today, by cookies wont set at all, I haven't changed anything, NOTE: i am using a custom version of sql thingy.

<?php
include($_SERVER['DOCUMENT_ROOT'].'/phpAlphaDB/core.php');
 include('../config.php');
 error_reporting(0);
 db_create('xenozweb-users');

session_start();
 if (isset($_POST['login'])) {
  //write post data in variables
  $username = $_POST['username'];
  $password = md5($_POST['password']);
  $results = db_read('xenozweb-users', 'username='.$username, 'username password ');
  foreach ($results as $result) {
   $data_username = db_column($result, 0);
   $data_password = db_column($result, 1);
   $data_role = db_column($result, 2);
   if ($data_password !== "") { break; }
  }
  if ($data_username == $username && $data_password == $password) {
            setcookie('xenozweb_id1', $data_username, time() + (40000 * 3), "/");
            setcookie('xenozweb_id2', $data_password, time() + (40000 * 3), "/");
            header("Location: https://xenozweb.tk/loggedin.php");
  } else {
   echo '<script>alert("Invalid username or password.");</script>';
  }
 }
?>

I am getting the following warnings:

Warning: strpos(): Empty needle in /var/www/html/phpAlphaDB/core.php on line 181

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/phpAlphaDB/core.php:181) in /var/www/html/login/index.php on line 19

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/phpAlphaDB/core.php:181) in /var/www/html/login/index.php on line 20

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/phpAlphaDB/core.php:181) in /var/www/html/login/index.php on line 21

Don't use MD5 for passwords. Instead use PHP's [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) functions. — Alex Howansky, Apr 11 '17 at 14:34
This seems to be a live site; you shouldn't use that code, it's totally unsafe. — Funk Forty Niner, Apr 11 '17 at 14:35
It's hard to tell without seeing the definition of the db_read() function, but your code is likely vulnerable to SQL injection attacks. You should use [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](http://php.net/manual/en/pdo.prepared-statements.php) prepared statements as described in [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, Apr 11 '17 at 14:36
`error_reporting(0);` did not help you here, should there have been php errors. Set it to catch and display during testing. — Funk Forty Niner, Apr 11 '17 at 14:36
@Fred-ii- I dont get what u mean, im a bit of a noob, @ Alex Howansky I have used it before and worked — n0b0dy, Apr 11 '17 at 14:36
It's not a matter of it working, it's a matter of it being insecure. — Alex Howansky, Apr 11 '17 at 14:36
You should be using a prepared statement (if it's related to a db login) and the functions that Alex popped in there. MD5 is very old and no longer safe to be used. So this is a text file based login, yes? `db_read()` contains "db", am a bit confused. — Funk Forty Niner, Apr 11 '17 at 14:37
its not a text based log in i dont think, but i turned on error reporting, just warnings, — n0b0dy, Apr 11 '17 at 14:39
.... you don't think? I don't understand. and "just warnings", being what? — Funk Forty Niner, Apr 11 '17 at 14:40
there you go; you're outputting before header. Consult http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php to which the question may get closed with. This was caused by `strpos()`, most likely and isn't in your code. — Funk Forty Niner, Apr 11 '17 at 14:40
it's in the link I gave you. Start the session first and use `ob_start();` if you have to, and make sure there is no output whatsoever; even a cookie will do this and a byte order mark. The answers are all in that link I gave you. — Funk Forty Niner, Apr 11 '17 at 14:44

Set Cookies isnt working

0 Answers0