[!--quoteo(post=350482:date=Feb 28 2006, 09:50 PM:name=XenoPhage)--][div class=\'quotetop\']QUOTE(XenoPhage @ Feb 28 2006, 09:50 PM) [snapback]350482[/snapback][/div][div class=\'quotemain\'][!--quotec--] <shameless plug> If you take a look at the security code I wrote for [a href=\"http://sf.net/projects/phptodo\" target=\"_blank\"]phpTodo[/a], you can see how I handled this. Basically, you use php sessions. If the user has a session, and the parameters match what you have in the database, you let them in. Using the sec_check.php file from phpTodo, you can check authentication on each page using the following code : [code] // If the user is not authenticated, jump them to the login page if (! $user_obj = authenticate()) { login_redirect(); exit; } [/code] $user_obj is an object that can contain anything you need to know about a user. [/quote] Xeno - What is the link to your security code? I couldn't find it on that site.