Login redirect problem

Hello, I am trying to redirect people back to the index if they've already logged in. The session start works just fine, but the header redirect I have if the cookies are set wont work. Please help?

<?php session_start(); ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>RnR E Cigarettes</title>
<link rel="stylesheet" type="text/css" href="styles/mainstyle.css" />
</head>
<body>

<div id="container">

<div id="header">

</div>

<div id="login">

<?php

if (!$_SESSION['user']) {

$logout = "";
echo $logout;
$login = "<a href=\"login.php\">Log in</a>";
echo $login;

}

if ($_SESSION['user']) {

echo "<a href=\"homepage.php\">Home</a>";
$logout = "<a href=\"logout.php\">Log out</a>";
echo $logout;
$login = "";
echo $login;

}

?>

</div>

<div id="content">

<?php

if ($_COOKIE['user'] && $_COOKIE['pass']) {

header("Location: index.php");

}

else {

if (!$_SESSION['user']) {

if ($_POST['submitted']) {

$user = $_POST['username'];
$userl = strtolower($user);

$pass = $_POST['password'];
$passl = strtolower($pass);

$abc = mysqli_connect('localhost','***','***');
mysqli_select_db($abc,'***');

$query = mysqli_query($abc,"SELECT * FROM MEMBERS WHERE USERNAME = '" . $userl . "'") or die ("There was an error with the database!");

$query2 = mysqli_num_rows($query);

if ($query2 == 0) {

echo "<form action=\"login.php\" method=\"POST\">

Username does not exist! <input type=\"username\" size=\"18\" value=\"username\" id=\"username\" name=\"username\" />
<input type=\"password\" size=\"18\" value=\"password\" id=\"password\" name=\"password\" />

<input type=\"submit\" value=\"Login\" id=\"submitted\" name=\"submitted\" />

</form>";

}

else {

while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {

if ($row['USERNAME'] != $userl || $row['PASSWORD'] != $passl) {

echo "<form action=\"login.php\" method=\"POST\">

Username or password was wrong. <input type=\"username\" size=\"18\" value=\"username\" id=\"username\" name=\"username\" />
<input type=\"password\" size=\"18\" value=\"password\" id=\"password\" name=\"password\" />

<input type=\"submit\" value=\"Login\" id=\"submitted\" name=\"submitted\" />

</form>";

}


else {

session_start();
$_SESSION['user'] = $user;
setcookie('user',$user,time()+3600);
setcookie('user',$user,time()+3600);
header("Location: index.php?{$_SESSION['user']}");

}
}
}
}

else {

?>

<div style="border: 1px solid #000000; background: #a8afa8; margin-left: auto; margin-right: auto; margin-top: 10%; padding: 50px; width: 300px;">

<p>Log in here:</p>

<form action="login.php" method="POST">

<input type="username" size="18" value="username" id="username" name="username" />
<input type="password" size="18" value="password" id="password" name="password" />

<input type="submit" value="Login" id="submitted" name="submitted" />

</form>

</div>

<?php

}

}

}

?>

hi,

something simple i think,

just a quick scan through the code and i noticed


setcookie('user',$user,time()+3600);
setcookie('user',$user,time()+3600);


but u are checking for

if ($_COOKIE['user'] && $_COOKIE['pass']) {

header("Location: index.php");

}


i couldn't find in that piece of code where it actually set the $_COOKIE['pass']

i hope that helps :D

Im not sure your where the problem is but i just wondered if you could do this

$user1 = strtolower($_POST['username']);


instead of

$user = $_POST['username'];
$userl = strtolower($user);

Would save you a few unneeded lines of code :P

Where in your code is header() placed? It only works if placed before your html. Actually I think it just has to be before the <head>

In my experience it has to be before anything at all is output to the browser.