[Resolved] Cookies and PHP Authentication HELP

Nabster

I have this authentication code that won't work. Here is the top of the page, and errors that I get:

gilligan isleI made it past the username checkerI made it past the password checker
Warning: Cannot add header information - headers already sent by (output started at c:\apache\htdocs\sites\nabster\blog\admin.php:2) in c:\apache\htdocs\sites\nabster\blog\admin.php on line 27

Warning: Cannot add header information - headers already sent by (output started at c:\apache\htdocs\sites\nabster\blog\admin.php:2) in c:\apache\htdocs\sites\nabster\blog\admin.php on line 28

Here is the code:

<?

function check_user($username, $pass)
{
require("dbvars.php");
    $table_name = "usersfqh";
    $connectionUP = @mysql_connect($db_host, $db_user, $db_pass) or die("Couldn't connect.");
    $dbUP = @mysql_select_db($db_name, $connectionUP) or die("A. Couldn't select DDD.");

    $sqlUP = "SELECT * FROM $table_name ORDER BY ID desc";
    $resultUP = @mysql_query($sqlUP, $connectionUP) or die("A. Your data couldn't be posted.");
    $username=strtolower($username);
    $pass=strtolower($pass);

echo $username." ".$pass;    
    while ($rowUP = mysql_fetch_array($resultUP))
    {
        if(strtolower($rowUP['username']) == $username)
        {
	echo "I made it past the username checker";
            if($rowUP['pass'] == $pass)
            {
	    echo "I made it past the password checker";
	    if (!isset($_COOKIE['username']) && !isset($_COOKIE['pass']))
	    {
	    setcookie("username",$username, time()+3600);
	    setcookie("pass",$password, time()+3600);
	    }
                return "TRUE";

	}
            else
            {
	    echo "I didn't made it past the password checker";
                return "FALSE";
            }
        }
    }
}
?>

<html>
<head><title>nabster8106 administration</title></head>
<LINK REL=StyleSheet HREF="style_signup.css" TYPE="text/css" MEDIA=screen>
<body>

<?
    /*************AUTHENTICATION ENGINE****************/
    if(!isset($username) or !check_user($username, $pass))
	{
	?>

<h1>You must log in to view this page</h1>
<form action = "

<? echo $PHP_SELF; ?>

" method="post">
<font class="form">
Username:<br>
<input class="sel" type="text" name="username" size="20"><br>
Password:<br>
<input class="sel" type="password" name="pass"><br><br>
</font>
<input class="btn" type="submit" value="Submit">
</form>

	<?
	}
    /********************END***************************/
    else
    /*********AUTHENTICATED USER PROCEEDS**************

Pig

Cookies are a form of header, which means that you must either NOT send anything to the browser - not even a single space (eg: I made it past the username checker), or buffer the output until after the cookies have been sent.

Nabster

The answer is....

ob_start()