ok here goes: [code]<? //set the variables as required $dbhost = "***********"; $dbuser = "*************"; $dbpass = "***********"; $dbname = "*************"; //do not edit this, it connects the script $members = mysql_connect($dbhost,$dbuser,$dbpass);//line10 if(!$members) //error checking :D { echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>"; } mysql_select_db($dbname) or die(mysql_error()); $username = $_POST["Username"]; //get the username from the form, as $username $password = md5($_POST["Password"]); //line20 get the password from the form in md5 $recieve = sprintf("SELECT * FROM Members WHERE Username='%s' AND Password='%s'", mysql_real_escape_string($Username), mysql_real_escape_string($Password)); //this is the "query", which selects the row where memebername=the one entered, and the same for the password $query = mysql_query($recieve); //do the query session_start(); if($rows = mysql_num_rows($query)) //line30 if the query resulted with a row, start the sessions and go to the index { $_SESSION['login'] == $Username; header("location: main.php"); } else //if not, end incorrect sessions, and go to the index { session_destroy(); header("location: error.html"); //return to login } ?>[/code] main.php: (i renamed it php instead of .html in an attempt at making it work but no success :() [code]<? if(isset($_SESSION['login'])) { //raw html code (is this wrong?) } else { header("location: index.html"); echo "You must be logged in to view this page."; } ?> [/code] as for the html code, its just raw html, im assuming this is one of the problems, how do you set a whole page of html to a php variable?