Cookies are Not Being Set Properly in PHP Script

Question

Im very new in php and try to use cookie but it is not woking in my site, can anyone guide me please , what is going wrong in my code:

<?php
session_start();
?>
<script>
function Redirect(url)
{
 location.href = url;
}

</script>
<?php 

define('_VALID_ACCESS', true);
include_once "includes/connect.php";
include_once "includes/login.php";


if(empty($_POST['loginname']) || empty($_POST['password']))
{
    $msg = "User or password is empty";
}
else
{
    if(login($_POST['loginname'], $_POST['password']) == true)
    {
        $usern = $_POST['loginname'];
        session_register('loginname');
        $loginname = $usern;        
        sleep(1);
            if(activestatus($_POST['loginname'], $_POST['password']) == true)
            {
            $usern = $_POST['loginname'];
            session_register('loginname');
            $loginname = $usern;        
            sleep(1);

            $hour = time() + 3600;
            setcookie("ID_my_site", $_POST['loginname'], $hour);
            setcookie("Key_my_site", $_POST['password'], $hour); 
            $test = $_COOKIE["ID_my_site"];
            $msg = "<script> Redirect ('home.html?testname=".$test."')</script>"; 
             //header("Location: home.html"); 
            }
            else
            {
            $msg = "<script> Redirect ('valid.php?testname=".$usern."')</script>"; 
            }

    }
    else
    {
        $msg = "<font color=red>User or Password is wrong</font>";
    }
}
echo '<div id="divTarget">' . $msg . '</div>'; 
?>
  <link rel="stylesheet" href="css/blueprint/screen.css" type="text/css" media="screen, projection">
  <link rel="stylesheet" href="css/blueprint/print.css" type="text/css" media="print">
  <link rel="stylesheet" href="css/blueprint/ie.css" type="text/css" media="screen, projection">  
 <body>
 <div class="container" id="login_container">
<form id="login" action="action.php" method="post" name="loginform" >
    <fieldset id="login_screen"  style="width:350px">
        <label id="login_label" for="login">User Login </label> 
        <br><br>
        <label for="login">Email Address</label>
        <input type="text" name="loginname" id="loginname" value="[email protected]">    
        <p id="space"><label for="password">Password</label>
        <input type="password" id="password" name="password"  value="********" ></p>
        <input type="checkbox">Keep me signed in until i signout
        <p id="test"><input type="submit" value="Submit"></p>
        <a href="forgetpassword.html">Forgot
        your password</a>&nbsp;&nbsp;|<span id="free">Not a member?</span><a href="regForm.html">Sign up</a><blink><span id="free">Free</span></blink> 
        </p>
    </fieldset>
</form> </div>
</body>

Answer 1

Turn on display_errors and set your error_reporting to E_ALL and you should see an error message about 'headers already sent' - you have to call setcookie() BEFORE ANY HTML IS SENT. From php.net/setcookie:

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.

In the code block that you posted this bit:

<script>
function Redirect(url)
{
 location.href = url;
}

</script>

Is being output directly to the browser well before you ever attempt to set the cookies.

Your two possibilities would be to use output buffering so that you output everything at the very end or to switch to a method where all of your processing code is executed first in one script and there you set $_SESSION and cookie values and then include a second script at the tail end of the first that contains the code to be output to the browser.