I found some errors in your code, all coming down to the same point: You cannot send any custom headers after you have began outputting other data.
Where have you done this?
Here:
echo "<script>alert(' FOUND!')</script>";
session_start();//session_start() sends a cookie to the clients machine.
//How are cookies sent to clients browsers? Through headers.
And here:
setcookie("login_email", $_SESSION['login_email'], time()+60*60*24);
setcookie("login_pwd", $_SESSION['login_pwd'], time()+60*60*24);
header('Location:index.php');
Personally, I think your code is a complete mess. Because I have nothing better to do, I'll re-write it for you, explaining each step as I go along.
Let's begin:
So the first thing you want to work on is your text file, which stores all the user details.
Instead of using plain lines or whatever, we should use JSON to split users details, from user to user.
So here's what the text file will look like with two users in it:
{"navnav":{"username":"navnav","pass":"deb1536f480475f7d593219aa1afd74c"},"user2":{"username":"user2","pass":"deb1536f480475f7d593219aa1afd74c"}}
Notice how I've also used the username as keys too and how I've hashed the password. So we call this file user.txt and store it somewhere safe.
Now, for the login page, we shall simply get the data through the POST method, compare it, set sessions and tell the user to go somewhere else (redirect them).
session_start();//need to start our session first, of course
//check if any login data has been posted our way
if ( isset($_POST['login']) && !empty($_POST['username']) && !empty($_POST['password']) )
{
//assign input data to temp vars
$username = $_POST['username'];
$password = md5($_POST['password']);//notice how I hash the password
// get the data fro the text file
$userData = file_get_contents('path to your text file');
//decode the json data to an assoc array
$userData = json_decode( $userData , true );
//check if the user exists
if ( array_key_exists( $username , $userData ) === false )
{
echo 'the username '.$username.' is invalid.';//notify the user
exit();//bye bye
}//end of user does not exist
//so now we know the user name exists (because we've got to this line)
//we shall compare with the password
if ( $userData['$username']['password'] !== $password )
{
echo 'Your password is incorrect';//notify the user
exit();//bye bye
}//end of incorrect password
else
{
//time to set sessions and stuff
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
//send the redirect header
header('Location: index.php');
exit();
}//end of password is correct
}//end of login data has been sent
That's all your login code, but you need your html form setup correctly for the right things to be posted with the right names. So use this html form:
<form action="login.php" method="post" name="login" target="_self" id="login">
<p>
<label for="username">Username</label>
<input type="text" name="username" id="username" />
</p>
<p>
<label for="password">Password</label>
<input type="text" name="password" id="password" />
</p>
</form>
That's your login page completely sorted.
Now for your index.php:
As you did before, check if the user is logged in and throw the status is in a var:
session_start();//resume your session (if there is one) or start a new one
//set default user status
$userStatus = false;
if ( isset($_SESSION['username']) && isset($_SESSION['password']) )
{
$userStatus = true;
}//end of user is logged in
For your HTML login/logout:
<li><a href="index.php">Home</a></li>
<li><a href="register.php">Register</a></li>
<?php
if ($userStatus === true){
echo "<li><a href='logout.php'>Logout</a></li>";
}
else{
echo "<li><a href='login.php'>Login</a></li>";
}
?>
<li><a href="#"> Link 4</a></li>
And there you have it.
Let me know if you have any problems.
One more thing:
This is far from secure. Why? You're using text files, you're using text files and you're using text files.
EDIT:
To separate the JSON data by user, simply edit the text file manually (see my comment).
Or you could just paste this into your text file:
{"navnav":{"username":"navnav","pass":"deb1536f480475f7d593219aa1afd74c"},
"user2":{"username":"user2","pass":"deb1536f480475f7d593219aa1afd74c"}}
Do you see how there is no \n in the above? Because I just created a new line manually (by just hitting enter). \n will make the JSON code invalid, so that's why you should avoid it. This method just means if you have to create new users, and you need a new line for each user, then you will have to do it manually.