I'm working on a Login script in which I'm trying to add a Remember Me check box. The form uses 'login' and the session uses 'login'.
The login is working just fine, but I can't seem to get the Remember Me feature to work.
The login form and login exe script are separate files. The login exe is added to the login script using an include.
I've tried adding the code for setting the cookies to both the login form, and the login exe script, without luck.
I'm not getting any error messages, it just doesn't set the cookies.
When I close the browser and come back, I have to login again.
I realize there isn't a header location, but that's intentional.
This is a private message app that displays in a popup window, and I've added some code to the login page that queries the db to see if the user has new messages. That's why no header location. I want it to stay on the login page for the new message alert and link. Then they click on the New Messages link and it takes them to their inbox. That works fine as well until I close the browser. When I come back and open the login page, the new message link is gone, so that means cookies haven't been set, other wise it would recognize the user and display the new message link. (I think)
I'm not much of a coder, so there may be something else here that I'm just not aware of.
I'm adding the code I used to try to set the cookie. If some one can see the error, if there is one, I'd appreciate some pointers.
The login form is a table, so maybe there's something I have to add to the remember me check box code as well. I'm at a loss.
Thanks.

<?php
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['login'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}

/* Username and password have been set */
if(isset($_SESSION['login']) && isset($_SESSION['password'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['login'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['login']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
if(isset($_POST['rememberme'])){
setcookie("cookname", $_SESSION['login'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}

/* Quick self-redirect to avoid resending data on refresh
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
return;*/
}

/* Sets the value of the logged_in variable, which can be used in your code*/
$logged_in = checkLogin();

?>
If you spot the error, please explain, as I'm trying to learn as well as make the script function. I do have session start at the top of the page.
Kraven1

I've added the set cookie code to the login file. The form is a separate file.
This login works great until I try to set cookies.... then, no matter what I put in the header location, I get a blank page after login.... no error message, just blank and the status bar says 'Done'. If I block out the set cookie code, and the 2 closing brackets at the bottom, everything works fine.
Since I'm not getting an error, there must be something fairly simple that I'm missing. I've tried so many combos of things, I don't know what else to try.
Hopefully, someone will see where I'm going wrong and be able to point me in the right direction.
Here's the code:

<?php
//Start session
session_start();
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['login'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
header("Location: ". $_SERVER['PHP_SELF']); /* no matter what header location I use, I end up with a blank screen after login*/
exit;

if(isset($_POST['rememberme'])){
setcookie("cookname", $_SESSION['login'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");

//Include database connection details
require_once('dbdetails.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$_SESSION['login'] = $login;/*added to work with PM script*/
$_SESSION['password'] = $password;
$_SESSION['rememberme'] = $rememberme;
session_write_close();
header("location: mail.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
} /*remove both blocks if leaving in cookie info at top*/
}
?>

I must have read 50 tutorials on setting cookies, and I'm still stuck on this thing.... frustrating.

Kraven