Hi, I've recently started on php after html couldnt bear what I needed. I need to know how to do some things. Here's a small explanation of my problems. [b]Problem #1 - Sessions, Session IDs and Logins[/b] Ok, I have a login page and a php script that processes it against the variables, and then confirms/declines the login onto a preview page. Only problem is, when you click the link on the "login success/process!" screen i put in, I had it so you clicked a link to view the "Game overview.php". However, it doesnt show your variables, like username, planet etc. (I am coding an online game). I need a basic description on how to store the login information into a session/session id, and send it across the other pages, so I can select specific variables on the database that are with the login information. All I know at the moment is that you start a session with session_start() and end it with session_destroy(), and you do something with $_Session['Username/whatever']. Putting it simple, I want a focused description on how to properly "login" and then pick up the users variables that exists in the database. I also want to store all this in a "Random Session Id" that can be shown in the URL. Here are my two scripts at the moment: The login form (login.php) [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<body bgcolor='#000033' text='#CCFFFF'> <h1>Server 1 Login Page</h1> <i>Notice: Logins are currently bugged and unfinished. A "Session Id" is still to be created to enable full dynamic use of your account.</br> Thank you, and enjoy our login</i> <form name="authenticate" method="post" action="loginprocess.php"> Username: <input name="Username" type="text" value="Username" size="20"/><br> Password: <input name="Password" type="text" value="Password" size="20"/><br> <input type="submit" name="submit" value="submit"/> <input type="reset" name="reset" value="reset"/> </form>[/quote] The login process + preview page (loginprocess.php) [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<body bgcolor='#000033' text='#CCFFFF'> <? $username="Server1Main"; $password="nobodyloses"; $database="Server1"; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query="SELECT * FROM Users"; $result=mysql_query($query); $Status=mysql_result($result,"Status"); $sql="SELECT * FROM Users WHERE Username='$Username' and Password='$Password'"; $r = mysql_query($sql); if(!$r) { $err=mysql_error(); print $err; exit(); } if(mysql_affected_rows()==0){ print "Invalid Username/Password, Please try again."; exit(); } else{ print "Thank you for logging on, ".$Username.". "; } if($Status=="Banned"){ print "<br>You have been banned from the server for ".$BannedFor." by ".$BannedBy.".<br>"; print "Your ban will expire on ".$BannedUntil."."; } else{ print "Welcome to Adastra Extritium!"; } ?>[/quote] (Also, it doesnt like the ban check) [b]Problem #2 - SQL Injections[/b] I am aware of major security holes with both Cookies and Sessions, but I chose to use sessions, for compatibility reasons. Is there any way of closing the security hole to prevent people from Sql Injecting members Session Ids? Thanks for any help here. [b]Problem #3 - Server Updating and Times[/b] With this game, you need timers. I want to know how to set it so that when you click a "Build" button, it applies a timer delay. After that timer (it's also displayed to the user) reaches 0, the build is complete, and the build completion script runs. (ie. if ($Timer==00s) set $Woodmill=$Woodmill+1) Also, I need to know how to set the server to refresh itself (so all the points update at the same time) on regular intervals, like every 4 hrs. Thanks for any help, ~Dark dude~