Says header info can't be modified, but I am calling my function before any of the html on the page.
function login($username,$password)
{
mysql_select_db('vbulletin') or die(mysql_error());
$scan = mysql_query("SELECT * FROM `vb3_user` WHERE `username` = '$username'") or die(mysql_error());
$row = mysql_fetch_array($scan) or die(mysql_error());
$p = $row['password'];
$salt = $row['salt'];
$password = md5(md5($password) . $salt);
$userid = $row['userid'];
if($p == $password)
{
$password = md5($password);
@setcookie('bbuserid',$userid,time()+60*60*24*365);
@setcookie('bbpassword',$password,time()+60*60*24*365);
echo 'Logged In!';
}else{
echo 'Username or Password incorrect.';
}
}
and the page it is called on
<?
ERROR_REPORTING(E_ALL);
include('funcs.php');
$port = new funcs();
$port -> connect();
$port -> checkCookie();
if(isset($_POST['login']))
{
$port -> login($_POST['username'], $_POST['password']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Well, I don't see any call to the header function in your login function so this must mean that either connect or checkCookie must modify some header information. It's also possible that you have a problem somewhere within funcs.php.
Also, I highly suggest returning true if both setcookie calls return successfully, or false if they dont instead of disabling error reporting on the most crucial function within a cookie-based login routine as well as echo'ing something.
If you include whitespace anywhere before/between the PHP blocks, the headers are sent. What I do to fix this in some of my websites is to call ob_start() (http://php.net/ob_start) (after setting error_reporting, etc...) and then after all code is done with, I call ob_flush() (http://php.net/ob_flush) and then ob_end_clean() (http://php.net/ob_end_clean).
Or turn on output buffering in php.ini :)