Yeah, it's not a global variable. Here is the whole script: [code]<? function confirmUser($username, $password){ global $conn; if(!get_magic_quotes_gpc()) { $username = addslashes($username); } $sql = "SELECT name FROM users WHERE username = '$username'"; $result2 = mysql_query($sql) or die (mysql_error()); $r = mysql_fetch_array($result2); $testvalue = $r['name']; echo $testvalue; return $testvalue; /* Verify that user is in database */ $q = "select password from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } function checkLogin(){ /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['realname'] = $_COOKIE['cookrealname']; $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /* Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /* Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['realname']); unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /* User not logged in */ else{ return false; } } function displayLogin(){ global $logged_in; if($logged_in){ $testvalue = confirmUser($username, $password); echo $testvalue; echo "<h1>Welcome, <b>$testvalue</b>.</h1>"; ?> <p> Click "Browse" to select the file you wish to upload, then click "Upload" to proceed. </p> <p> <form name="upload" id="upload" action="upload.php" ENCTYPE="multipart/form-data" method="post"> <input type="file" id="userfile" name="userfile" src="template_files/but_browse.gif" border="0"> </p> <p> <input name="upload" src="template_files/but_upload.gif" alt="upload button" border="0" type="image" value="Upload"> </form> </p> <? echo "<br /><p><a href=\"logout.php\"><img src=\"template_files/but_logout.gif\" alt=\"logout\" border=\"0\"></a></p>"; ?><center> <font color=red><?=$_REQUEST[message]?></font> <br> <? } else{ ?> <form action="" method="post"> <table border="0" cellpadding="0" cellspacing="5" width="100%"> <tbody><tr> <td class="textB" align="left" valign="top">Username:</td> </tr> <tr> <td class="text" align="left" valign="top"><input type="text" name="user" maxlength="30"></td> </tr> <tr><td><img src="template_files/spacer.gif" alt="" border="0" height="10" width="10"></td></tr> <tr> <td class="textB" align="left" valign="top">Password:</td> </tr> <tr> <td class="text" align="left" valign="top"><input type="password" name="pass" maxlength="30"></td> </tr> <tr><td><img src="template_files/spacer.gif" alt="" border="0" height="10" width="10"></td></tr> <tr> <td class="textLogin" align="left" valign="top"><input type="checkbox" name="remember"> <font size="2">Remember me next time</td> </tr> <tr><td><img src="template_files/spacer.gif" alt="" border="0" height="20" width="10"></td></tr> <tr><td align="left"><input name="sublogin" src="template_files/but_login.gif" alt="'login' button" border="0" type="image" value="Login"> </td></tr> <tr><td><img src="template_files/spacer.gif" alt="" border="0" height="10" width="10"></td></tr> </tbody></table> </form> <? } } if(isset($_POST['sublogin'])){ /* Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ die('You didn\'t fill in a required field.'); } /* Spruce up username, check length */ $_POST['user'] = trim($_POST['user']); if(strlen($_POST['user']) > 30){ die("Sorry, the username is longer than 30 characters, please shorten it."); } /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /* Check error codes */ if($result == 1){ die('That username doesn\'t exist in our database.'); } else if($result == 2){ die('Incorrect password, please try again.'); } /* Username and password correct, register session variables */ $_POST['user'] = stripslashes($_POST['user']); $_SESSION['realname'] = $rname; $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; if(isset($_POST['remember'])){ setcookie("cookrealname", $_SESSION['realname'], time()+60*60*24*100, "/"); setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } /* Quick self-redirect to avoid resending data on refresh */ echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; return; } /* Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); ?>[/code]