How to send headers (cookies) for authorization from a generated page?

A

Alexander2017-03-18 17:54:36

HTTP headers

Alexander, 2017-03-18 17:54:36

Good afternoon! I do authorization, it is necessary to send cookies.
There is a user authorization page.
In the body of the site, pages are dynamically loaded, I get the address through:

if(!isset($_GET['page'])){
    $content = 'main';
}else{
    $content = addslashes(strip_tags(trim($_GET['page'])));
}

<body>
    <div id="wrapper">
        <div class="container">
            <?
            include "../templates/header.php";
            include "../templates/menu.php";
            if(isset($_GET['page'])){
                include "../templates/breadcrumbs.php";
            }
            ?>
            <div id="content" class="mainCont">
                <?include '../pages/'.$content.'.php';?>
            </div>
        </div>
        <? include "../templates/footer.php";?>
    </div>
</body>

The login page looks like this:

<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
    $login = $_POST['login'];
    $pass = $_POST['pass'];
    $query = mysqli_query($conn, "SELECT * FROM users WHERE login = '{$login}'");
    $user = mysqli_fetch_assoc($query) or die ("Ошибка БД" . mysqli_error($conn));
    if ($user['password'] == md5($pass)){
        echo 'Вы авторизованы';
        setcookie('users', $user['login'], time() + 1800);
        exit ;
    }
}
?>
<div align="center">
    <h3>Вход в личный кабинет</h3>
    <form action="" method="post" class="auth" >
        <input type="text" name="login" placeholder="Логин" required="required"><br>
        <input type="password" name="pass" placeholder="Пароль" required="required"><br>
        <label for="rememberMe">Запомнить меня</label>
        <input id="rememberMe" type="checkbox" name="rememberMe">
        <button type="submit" name="submit">Войти</button>
    </form>
</div>

The authorization itself works.
Headers are naturally not sent, tk. already sent.
Can you please tell me what I need to do to solve this problem?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexander, 2017-03-18
@Klapanasos

Thanks for the advice on md5, Dmitry, I will definitely implement it!
Changing places does not help, does not work even if you completely remove echo.
Here the matter is a little different. Everything works for me through index.php, respectively, first its headers leave, and the login.php page, loaded via include, no longer allows them to be sent.
I'm still just gaining experience and don't know what to do in this situation.
UPD: well, as usual, the stupidity of the mod is detected. I put the authorization handler in the index header and everything fell into place.

D

Dmitry Dart, 2017-03-18
@gobananas

Headers must be sent before the first output on the page, judging by your code, just in a block

if ($user['password'] == md5($pass)){
        echo 'Вы авторизованы';
        setcookie('users', $user['login'], time() + 1800);
        exit ;
    }

Swap the lines echo and setcookie and everything should be fine
And remember that md5 without salt is not safe