can you help me , i want to know any thing

[Diegar]

login.php

<html><head><title>Untitled Document</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head><body bgcolor="#FFFFFF" text="#000000"><form name="login" method="POST" action="login_do.php">  <div align="center">  <table>	<tr>		<td colspan="2" align="center">			<font face="Arial, Helvetica, sans-serif">Login to the site</font>		</td>	</tr>	<tr>		<td>			<font face="Arial, Helvetica, sans-serif">Username:</font>		</td>		<td>			<input type="TEXT" name="user">		</td>	</tr>	<tr>		<td>			<font face="Arial, Helvetica, sans-serif">Password:</font>		</td>		<td>			<input type="password" name="pass">		</td>	</tr>	<tr>		<td colspan="2" align="center">			<input type="submit" name="log" value="Submit">		</td>	</tr></table></div></form></body></html>

login_do.php

<script type="text/javascript">function DispWronguserOrpass(){alert("The username or password is incorrect. Pleace try again")}</script><?phprequire("dbconfig.php");?><table>	<tr>		<td>			<font>Step 1</font>		</td>	</tr></table><?if(isset($_POST['login'])){?><table>	<tr>		<td>			<font>Step 2</font>		</td>	</tr></table><?$user=$_POST['user'];$pass=$_POST['pass'];?><table>	<tr>		<td>			<font>Step 3</font>		</td>	</tr></table><?$test="SELECT user FROM users WHERE user='$user'";$seluser=mysql_query($test,$msa); //check user$check=mysql_num_rows($seluser);//check userif(!$check > 0){	echo"<script type=\"text/javascript\">history.back(); DispWronguserOrpass();</script>";//Display a message if user dont exist	}$selpass=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE user='$user'")); //check passif($selpass!=$pass){ //checkpassecho"<script type=\"text/javascript\">history.back(); DispWronguserOrpass();</script>"; //Display a message if password is wrong}else //if everything is right{setcookie(user,$user,time()+3600);  //he/she will now be online for 1hour$deltime=time()+3500;mysql_query("UPDATE users SET online='Yes' WHERE user='$user'"); //set user onlinemysql_query("UPDATE users SET delonline='$deltime' WHERE user='$user'"); //set the time when we will make the user to be automaticly logget out and set offlineheader("Location: RegPage.php"); //get the user to your site}} //login = done....?>

I put a few visual markers in the login_do.php so that i could see how far it gets. So far, it only gets to "Step 1"

[Diegar]

Okay.. when i change both the form name and the submit button name to "login" it gets past the isset line. But now it only tells me that my username and/or password is wrong.

[Diegar]

I took the function at the top and divided it into 2 different script functions. One for wrong user and one for wrong pass. The alert i am now getting is wrong password.

$selpass=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE user='$user'")); //check passif($selpass!=$pass){

Something there isn't seeing my password. I feel like i can see it being wrong, but the more i mess with it, the less things change.EDIT: Forgive me if i am wrong, but wouldn't that statement grab all the info in the line and verify password against all fields within the row containing user? What i mean is, if that code worked, wouldn't it allow someone to use their email address as their password, if there is an email field on that row in the table?

[justsomeguy]

mysql_fetch_object is returning an object containing the results from the query. $pass is a string, so you are comparing an object with a string. That's why it's coming out as false, an object is never equal to a string. Check the reference for mysql_fetch_object to see how to reference a field in the object:http://www.php.net/manual/en/function.mysql-fetch-object.php

[Diegar]

mysql_fetch_object is returning an object containing the results from the query. $pass is a string, so you are comparing an object with a string. That's why it's coming out as false, an object is never equal to a string. Check the reference for mysql_fetch_object to see how to reference a field in the object:http://www.php.net/manual/en/function.mysql-fetch-object.php

Yeah, i didn't think so, but i didn't write it. I copied it from the first page of this postI will try to figure it out

[Diegar]

Yeah, i didn't think so, but i didn't write it. I copied it from the first page of this postI will try to figure it out

Okay.. by modifying if($selpass!=$pass) to if($selpass->pass!=$pass), it worked with the mysql_fetch_object..Now it seems to get through checking the username and the password, but errors out on the header, while trying to set the cookie?

setcookie(user,$user,time()+3600);$deltime=time()+3500;mysql_query("UPDATE users SET online='Yes' WHERE user='$user'");mysql_query("UPDATE users SET delonline='$deltime' WHERE user='$user'");header("Location: RegPage.php");}}

setcookie is line 34. The error i get when it gets to there is:Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\TGFB\Test1\login_do.php:1) in C:\xampp\htdocs\TGFB\Test1\login_do.php on line 34Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\TGFB\Test1\login_do.php:1) in C:\xampp\htdocs\TGFB\Test1\login_do.php on line 38How is setting a cookie considered to be output?EDIT: Is it considered output, because the cookie is outputting to the browser, and not the page?

[justsomeguy]

The cookie is not considered output, the cookie is a header also. The output is before that. The error says the output is line 1, the error happens on line 34 but the output is on line 1 (that's what :1 after the filename means), so you probably have a blank line before you start the PHP tag. The blank line counts as output (because it's not part of the PHP code). But, it's not good to send a cookie and a location header at the same time. The cookie won't get set, the browser will see the location header and ignore everything and just redirect. Instead of sending a location header send a small HTML page to redirect using a meta refresh. That will make sure the browser will set the cookie.<html><head><title>Thank you</title><meta http-equiv="refresh" content="1;url=RegPage.php"></head><body>Thank you</body></html></html>

[Diegar]

Okay, i did that, and the cookie is still getting the same error pointing at line 1. There are no spaces at the top of the page, before the PHP code, so would the script at the top be considered output?

<script type="text/javascript">function DispWronguser(){alert("The username is incorrect. Please try again")}function DispWrongpass(){alert("The password is incorrect. Please try again")}</script><?php

[justsomeguy]

Yes, anything that is not inside the <?php ?> tags is considered output. PHP only looks inside the PHP tags, everything else gets passed to the browser as output.

[Diegar]

Yes, anything that is not inside the <?php ?> tags is considered output. PHP only looks inside the PHP tags, everything else gets passed to the browser as output.

You guys all ROCK!Okay, so i removed the <script> from the top and instead, used a simple script within the IF statement, like so:

if(!$check > 0){	echo"<script type=\"text/javascript\">window.location='wronguser.php';</script>";//Display a message if user dont exist	}

Created a new page with a separate login form, so they know they messed something up and can attempt to log in again. It works beautifully. Thank you all for your help!