I've got several notes to point out:
1. You can't do neither a header(), nor a SetCookie() after any echo on the
page. The out-of-php pieces of the page included.
2. Don't, please please don't store raw passwords in the database! Hash them,
better even adding a salt. The guy who had been writing code of our project
before me stored raw passwords, and I lost an amount of time to encrypt them
live so users wouln't notice anything happening. Please don't repeat this
3. Don't store passwords in the cookies, they can be easily stolen. the
username is quite enough: if it is there and it is not empty, then you can
verify if such a user exists.
With best regards from Ukraine,
My blog: http://oire.org/menelion (mostly in Russian)
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php