tovia_sweet

Hi I am getting error: Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: YES) in D:\xampp\htdocs\mafiasession\class_mafiarelbd.php on line 120 MYSQL=>Conexao negada When i run login.html, i enter root as my user and police as my password. (its my local server, and works already for php access etc) Thanks in advance Tovia Singer The only thing is the orig login table insert statment had: INSERT INTO login ( `login` , `senhamd5` , `senhasha1` ) VALUES ('mafiasession', MD5( 'mafiasession' ) , SHA1( 'mafiasession' )); i changed it to: INSERT INTO login ( `login` , `senhamd5` , `senhasha1` ) VALUES ('root', MD5( 'police' ) , SHA1( 'police' )); I am basically using a php class for implementing login for my site, see all code: ********************************************************************************************************* ********************************************************************************************************* ********************************************************************************************************* database side code: CREATE TABLE `_session` ( `id_session` int(11) NOT NULL auto_increment, `remote_addr` bigint(12) NOT NULL, `request_uri` varchar(128) NOT NULL, `keytime` bigint(20) NOT NULL, `keepalive` int(11) NOT NULL, PRIMARY KEY (`id_session`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 CREATE TABLE `login` ( `id_login` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `login` VARCHAR( 20 ) NOT NULL , `senhamd5` VARCHAR( 32 ) NOT NULL , `senhasha1` VARCHAR( 40 ) NOT NULL ) ENGINE = MYISAM DEFAULT CHARSET=latin1; INSERT INTO login ( `login` , `senhamd5` , `senhasha1` ) VALUES ('root', MD5( 'police' ) , SHA1( 'police' ) ); ********************************************************************************************************* ********************************************************************************************************* ********************************************************************************************************* login.html: <HTML> <HEAD> <script src="md5.js" type="text/javascript"></script> <script src="sha1.js" type="text/javascript"></script> <script src="base64.js" type="text/javascript"></script> </HEAD> <BODY> <form action="login.php?acao=entrar" method="post" onsubmit="javascript:username.value=encode64(username.value),password.value=encode64(hex_hmac_md5(hex_md5 (password.value), salt.value)+'|'+hex_hmac_sha1(hex_sha1(password.value), salt.value ))"> <input type="hidden" name="salt" value="<?=$serverkey?>"> <input type="hidden" name="id" value="<?=$idkey?>"> <p style="text-align:center"> <table cellspacing="0" class="lined"> <tr><th>Usuário</th><td class="control"><input type="text" name="username" size="20" value=""></td></tr> <tr><th>Senha</th><td class="control"><input type="password" name="password" size="20"></td></tr> <tr><td colspan="2" class="control"><input type="submit" value="Entrar"></td></tr> </table> </p> </form> </BODY> </HTML> ********************************************************************************************************* ********************************************************************************************************* ********************************************************************************************************* login.php: <?php ################################ include_once ("_autoload.php"); ################################ $Objeto = new mafiasession(); if($_GET['acao']=="entrar") { $Objeto->registersession(); exit; }else{ extract($Objeto->newserverkey(),EXTR_OVERWRITE); } ?> ********************************************************************************************************* ********************************************************************************************************* ********************************************************************************************************* _autoload.php: <?php // http://br.php.net/manual/en/function.session-cache-limiter.php session_cache_limiter("nocache");// it does not allow cache of the session in proxy or in the client,default in FreebSD //http://br.php.net/manual/en/function.session-cache-expire.php //session_cache_expire(4); //only it works for different values of nocache session_start(); # configuration of the database define("RELDB","MYSQL");// IT SUPPORTS MYSQL and PGSQL define("DATABASE","t4d");// Name of his base of data define("HOST","localhost");// Name or ip of the servant of database define("USER","root");// user of login of the database, use root only if the database will be local define("PASSWORD", "police");// signin of the user of database define("TIMELOGIN",30000);// time in microsendos so that the user uses the form of login define("TIMEKEY",60);//tim in seconds with which it must be exchanged the keys of the session define("TIMESESSION",6);//time in minute, maximum time of inactivity define("SESSIONKEY","phrase going to go gone"); // personalized key to compose the session key define("LOGINURL","http://localhost/mafiasession/login.php"); // URL to effect login define("LOGINOKURL","http://localhost/mafiasession/mafiasession.php"); // URL what one with success must load authentication define("KICKURL","http://www.dpf.gov.br/"); // URL for redirecion because of attempts of entering in to the session without the authenticated keys # car to load class from when she is instanciada function __autoload($classename) { # a way can be specified inside or out of the DOCUMENT_ROOT //$CLASSPATCH="/usr/local/www/phpmafia/_class/"; //include_once($CLASSPATCH."class_".$classename.".php"); include_once("class_".$classename.".php"); } ?> ********************************************************************************************************* ********************************************************************************************************* ********************************************************************************************************* mafiasession.php: <?php // file base of the system, possue the basic html with menu and iframe include_once ("_autoload.php"); $Objeto = new mafiasession(); $Objeto->checksession(); ?> <html> <head> <title>MafiaSession - Security Login</title> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <p> check that the value of 1170958697 and keysession change in accordance with the value setado in TIMEKEY, in other words the key of the session is exchanged. </p> <p> <?php foreach($_SESSION as $key=>$value) { echo $key."=>>".$value."<br/>"; } ?> </p> <p> com o setup default<br/><br/> define("TIMELOGIN",30000);// microsendos<br/> define("TIMEKEY",60);//segundos<br/> define("TIMESESSION",3);//minutos<br/><br/> you will have 30 seconds to effectuate the login, the key of the session sera atualzada to each 60 seconds the time maximum of inactivity is 3 minutes, in other words if in 3 minutes you not to effectuate the method $Objeto-> checksession () his session sera closed and sera redirecionado for the page of login </p> </body> </html> ********************************************************************************************************* ********************************************************************************************************* ********************************************************************************************************* class_mafiarelbd.php: <?php /** * Class what it connects to one * database relacional * @author Marcelo Soares of the Coast * @email phpmafia at yahoo dot with dot br * @copyright Marcelo Soares of the Coast © 2006. * @license FreeBSD http: // www.freebsd.org/copyright/freebsd-license.html * @version 1,1 * @access private * @package phpmafiasql * @subpackage phpmafiareldb * @data 2006-10-18 * @update 2007-02-01 * changelog corrected method getlastid () for postsandstone */ class MafiaRelDB { function __construct($reldb = null) { $this->__sethost(HOST); $this->__setdb(DATABASE); $this->__setuser(USER); $this->__setpass(PASSWD); $this->__setreldb(RELDB); if(is_array($reldb)) { extract($reldb, EXTR_OVERWRITE); if (!$host) { $this->__sethost($host); } if (!$database) { $this->__setdb=($database); } if (!$user) { $this->__setuser=($user); } if (!$passwd) { $this->__setpass=($passwd); } if (!$datatype) { $this->__setreldb=($datatype); } } $this->dbconnection = false; $this->connect = false; $this->query = false; $this->sql = false; $this->row = false; } # SETA O HOSTNAME private function __sethost($reqhost) { unset($this->dbhost); $this->dbhost = $reqhost; } # SETA O BANCO DE DADOS DA CONEXAO private function __setdb($reqdb) { unset($this->database); $this->database = $reqdb; } # SETA O USUARIO DO BANCO DE DADOS private function __setuser($requser) { unset($this->dbuser); $this->dbuser = $requser; } # FUNCAO QUE SETA A SENHA DE CONEXAO DO BANCO private function __setpass($reqpassword) { unset($this->dbpassword); $this->dbpassword = $reqpassword; } # private function __setdbconnection($connection) { unset($this->connect); $this->connect = $connection; } ############################################################ # defines the type of database private function __setreldb($reldb) { unset($this->reldatabase); unset($this->datatype); unset($this->datatype); $this->reldatabase=strtolower($reldb); switch($this->reldatabase) { case "mysql": return $this->datatype = "MYSQL"; break; case "pgsql": return $this->datatype = "PGSQL"; break; default: die("Banco de dados => ".$this->reldata." não é suportado"); break; } } # It opens a connection in accordance with the database private function openconn() { if($this->dbconnection==false) { switch($this->datatype) { case "MYSQL"; $this->connect = mysql_connect($this->dbhost, $this->dbuser,$this->dbpassword) or die("MYSQL=>Conexao negada"); $this->dbconnection = mysql_select_db($this->database) or die("MYSQL=>Não existe o banco ".$this- >database); if ($this->dbconnection == true) { return $this->dbconnection; }else{ return $this->dbconnection=false; } break; case "PGSQL"; $this->connect = "host=".$this->dbhost." dbname=".$this->database." user=".$this->dbuser." password=".$this- >dbpassword.""; $this->dbconnection = pg_connect($this->connect) or die("PGSQL=>Conexao negada"); if ($this->dbconnection == true) { return $this->dbconnection; }else{ return $this->dbconnection=false; } break; } } } ###################################################################### protected function __setquery($querystring) { if ($this->dbconnection == false) { $this->openconn(); } unset($this->query); switch($this->datatype) { case "MYSQL"; $this->query = mysql_query($querystring) or die ("MYSQL ERRO NA QUERY =>".$querystring); break; case "PGSQL"; $this->query=pg_query($this->dbconnection, $querystring) or die ("PGSQL ERRO NA QUERY=>".$querystring); break; } return $this->query; } ################################# protected function getnumberrows() { switch($this->datatype) { case "MYSQL"; $this->numberrows=mysql_num_rows($this->query); break; case "PGSQL"; $this->numberrows=pg_num_rows($this->query); break; } return $this->numberrows; } ################################ protected function getrecord($record) { switch($this->datatype) { case "MYSQL"; $this->record=mysql_result($this->query,$record); break; case "PGSQL"; $this->record=pg_fetch_row($this->query,$record); break; } return $this->record; } ################################ protected function affected() { unset($this->affected); switch($this->datatype) { case "MYSQL"; $this->affected=mysql_affected_rows(); break; case "PGSQL"; $this->affected=pg_affected_rows($this->query); break; } return $this->affected; } protected function __fetchassoc() { unset($this->fetchassoc); switch($this->datatype) { case "MYSQL"; $this->fetchassoc=mysql_fetch_assoc($this->query); break; case "PGSQL"; $this->fetchassoc=pg_fetch_assoc($this->query); break; } return $this->fetchassoc; } protected function __fetchrow($querystring) { unset($this->fetchrow); switch($this->datatype) { case "MYSQL"; $this->fetchrow=mysql_fetch_row($querystring); break; case "PGSQL"; $this->fetchrow=pg_fetch_row($querystring); break; } return $this->fetchrow; } ############################################################ protected function getlastid() { unset($this->lastid); if ($this->affected()>0) { switch($this->datatype) { case "MYSQL"; $this->lastid=mysql_insert_id(); break; case "PGSQL"; $this->lastid=pg_fetch_result(pg_query("SELECT lastval()"),0,0); ////list($this->lastid)=pg_fetch_row(pg_query("SELECT lastval()")); break; } return $this->lastid; }else{ return false; } } # protected function begin() { unset($this->query); switch($this->datatype) { case "MYSQL"; $this->query=mysql_query("SET AUTOCOMMIT=0"); $this->query=mysql_query("BEGIN"); break; case "PGSQL"; $this->query=pg_query($this->dbconnection, "BEGIN"); break; } return true; } # protected function commit() { unset($this->query); switch($this->datatype) { case "MYSQL"; $this->query=mysql_query("COMMIT"); break; case "PGSQL"; $this->query=pg_query("COMMIT"); break; } return true; } # protected function closeconn() { if ($this->dbconnection = true) { switch($this->datatype) { case "MYSQL"; mysql_close($this->dbconnection); break; case "PGSQL"; pg_close($this->dbconnection); break; } return true; } return false; } # protected function freeresult() { switch($this->datatype) { case "MYSQL"; mysql_free_result($this->query); break; case "PGSQL"; pg_free_result($this->query); break; } unset($this->query); return true; } # Fim da Classe } ?> ********************************************************************************************************* ********************************************************************************************************* ********************************************************************************************************* class_mafiasession.php: <?php /** * Class what it controls * the session php * @author Marcelo Soares of the Coast * @email phpmafia at yahoo dot with dot br * @copyright Marcelo Soares of the Coast © 2007. * @license FreeBSD http: // www.freebsd.org/copyright/freebsd-license.html * @version 1,0 * @access public * @package phpmafiasession * @subpackage phpmafiasql * @data 2007-02-06 */ # You fix necessarias in the database /* -- MYSQL CREATE TABLE `_session` ( `id_session` int(11) NOT NULL auto_increment, `remote_addr` bigint(12) NOT NULL, `request_uri` varchar(128) NOT NULL, `keytime` bigint(20) NOT NULL, `keepalive` int(11) NOT NULL, PRIMARY KEY (`id_session`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 CREATE TABLE `login` ( `id_login` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `login` VARCHAR( 20 ) NOT NULL , `senhamd5` VARCHAR( 32 ) NOT NULL , `senhasha1` VARCHAR( 40 ) NOT NULL ) ENGINE = MYISAM DEFAULT CHARSET=latin1; -- PGSQL CREATE TABLE _session ( id_session serial NOT NULL, remote_addr integer NOT NULL, request_uri character varying(128) NOT NULL, keytime bigint NOT NULL, keepalive integer ) WITH OIDS; CREATE TABLE "login" ( id_login serial NOT NULL, "login" character varying(20) NOT NULL, senhamd5 character varying(32) NOT NULL, senhasha1 character varying(40) NOT NULL ) WITH OIDS; */ ################################################################################# include_once ("class_mafiasql.php"); ################################################################################# # class that controls the session of the php class MafiaSession extends MafiaSQL { # arrow the time limits for login in microseconds private function __timelogin($microtime) { unset($this->timelogin); $this->timelogin = $microtime; } # arrow the time limits of a session private function __timelimit($lifetime) { unset($this->timelimit); $this->timelimit = $lifetime; } #function that catches the values of the client for creating the key of authentication private function insertkeydata() { $this-> __timelogin(TIMELOGIN); $this->keytime = str_replace(".",'',microtime(true)); $this->REMOTE_ADDR=str_replace(".",'',$_SERVER["REMOTE_ADDR"]); if($this->REMOTE_ADDR=="::1") { $this->REMOTE_ADDR=127001; } if($_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]==str_replace("http://",'',LOGINURL)) { session_unset(); session_destroy(); $this->REQUEST_URI=$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; $this->clientedata=$this->REMOTE_ADDR.$this->REQUEST_URI.$this->keytime; $SQL_CLEAN="DELETE FROM _session WHERE keytime<=".($this->keytime-$this->timelogin); $SQL_CLEAN.=" AND keepalive=0"; $this->setsql($SQL_CLEAN); $SQL_KEY="INSERT INTO _session (REMOTE_ADDR,REQUEST_URI,keytime,keepalive) VALUES ('".$this- >REMOTE_ADDR."','".$this->REQUEST_URI."',".$this->keytime.",0)"; $this->idkey= $this->setsql($SQL_KEY); return $this->idkey; }else{ header("Location: ".KICKURL.""); /* Redirect browser */ } } # Function that creates the key sha256 of authentication from the data carved in the bd private function createserverkey($id) { $SQL_KEY="SELECT * FROM _session WHERE id_session=".$id; extract($this->sql2linearray($SQL_KEY),EXTR_OVERWRITE); $this->serverkey=hash('sha256',$remote_addr.$request_uri.$keytime); return true; } # It validates the key of authentication private function validkey($id) { $this->timecurrent=time(); $SQL="UPDATE _session set keepalive=".$this->timecurrent." WHERE id_session=".$id ; return $this->setsql($SQL); } # It checks the key of authentication private function checkserverkey($id,$keyserver) { //unset($this->keydb); $SQL_KEY="SELECT * FROM _session WHERE id_session=".$id;//." ".$param; if($this->setsql($SQL_KEY)==1) { extract($this->getlinearray(),EXTR_OVERWRITE); $this->keydb=hash('sha256',$remote_addr.$request_uri.$keytime); if($keyserver===$this->keydb) { return true; }else{ return false; } }else{ return false; } } # fanointing that brings the key of authentication back public function newserverkey() { $this->createserverkey($this->insertkeydata()); return array("idkey"=>$this->idkey,"serverkey"=>$this->serverkey); } # Function what it registers when the key was how cost inserting one in the field keepalive private function registerkey($id,$keyserver) { if($this->checkserverkey($id,$keyserver)==true) { return $this->validkey($id); }else{ return false; } } # It checks if the login is cost private function checkpasswd($user,$salt,$passwdmd5,$passwdsha1) { $SQL_PASS="SELECT * FROM login WHERE login='".$user."'"; //echo $SQL_PASS; if($this->setsql($SQL_PASS)==1) { extract($this->__fetchassoc(),EXTR_OVERWRITE); //aplico hmac para verificar se as senhas correpondem $hashmd5=hash_hmac('md5',$salt,$senhamd5); //echo "MD5=>".$passwdmd5."===".$hashmd5."<br/>"; $hashsha1=hash_hmac('sha1',$salt,$senhasha1); // echo "SHA1=>".$passwdsha1."===".$hashsha1."<br/>"; if(($passwdmd5===$hashmd5) AND ($passwdsha1===$hashsha1)) { $this->iduser=$id_login; return $this->iduser; }else{ return false; } }else{ return false; } } # function that registers the session public function registersession() { if(is_array($_POST)) { if($this->registerkey($_POST['id'],$_POST['salt'])==true) { list($senhamd5,$senhasha1)=explode("|",base64_decode($_POST['password'])); if($this->checkpasswd(base64_decode($_POST['username']),$_POST['salt'],$senhamd5,$senhasha1)==true) { $this->keysession=1; $_SESSION['idkey']=$_POST['id']; $_SESSION['keylogin']=$_POST['salt']; $_SESSION['iduser']=$this->iduser; $_SESSION['time']=$this->timecurrent; $_SESSION['keysession']=hash_hmac('sha256',$_SERVER["REMOTE_ADDR"].$_POST['username'].$this- >timecurrent,SESSIONKEY); $_SESSION['remote_addr']=$_SERVER["REMOTE_ADDR"]; $_SESSION['browser']=$_SERVER["HTTP_USER_AGENT"]; //echo LOGINOKURL; exit; header("Location: ".LOGINOKURL.""); /* Redirect browser */ }else{ header("Location: ".LOGINURL.""); /* Redirect browser */ } } } } # It checks if the session they count valid data of the client public function checksession() { if(($_SESSION['remote_addr']===$_SERVER["REMOTE_ADDR"]) AND ($_SESSION['browser']===$_SERVER["HTTP_USER_AGENT"])) { if(time()>($_SESSION['time']+(TIMESESSION*60)+1)) { header("Location: ".LOGINURL.""); /* Redirect browser */ } if(time()>$_SESSION['time']+TIMEKEY) { if($this->keepalive()==false) { header("Location: ".LOGINURL.""); /* Redirect browser */ } }else{ //echo "inside the time of validity of the session<br/>"; return true; } }else{ header("Location: ".KICKURL.""); /* Redirect browser */ } } # Check if the keepalive is cost and it updates it private function keepalive() { $keepalive=false; //$timecurrent=time(); $SQL_PASS="SELECT login FROM login WHERE id_login='".$_SESSION['iduser']."'"; if($this->setsql($SQL_PASS)==1) { $login=$this->getrow(); //extract($this->getrow(),EXTR_OVERWRITE); if($_SESSION['keysession']===hash_hmac('sha256',$_SERVER["REMOTE_ADDR"].base64_encode($login).$_SESSION ['time'],SESSIONKEY)) { if($this->checkserverkey($_SESSION['idkey'],$_SESSION['keylogin'])==true) { if($this->validkey($_SESSION['idkey'])==true) { $_SESSION['time']=$this->timecurrent; $_SESSION['keysession']=hash_hmac('sha256',$_SERVER["REMOTE_ADDR"].base64_encode($login).$this- >timecurrent,SESSIONKEY); $keepalive=true; } } } } return $keepalive; } # end of the class } ?> ********************************************************************************************************* ********************************************************************************************************* ********************************************************************************************************* class_mafiasql.php: <?php /** * Class that separates one * database relacional * @author Marcelo Soares of the Coast * @email phpmafia at yahoo dot with dot br * @copyright Marcelo Soares of the Coast © 2006. * @license FreeBSD http: // www.freebsd.org/copyright/freebsd-license.html * @version 1,1 * @access public * @package phpmafiasql * @subpackage phpmafiasql * @data 2006-10-18 * changelog when the methods were added getlinearray () sql2linearray () * @update 2007-02-01 */ include_once ("class_mafiarelbd.php"); ################################################################################## class MafiaSQL extends MafiaRelDB { # private function __querytype($sqlstring) { unset($this->sql); unset($this->querytype); $array_injection=array("#","--","\\","//",";","/*","*/","drop","truncate"); $this->sql=trim(strtolower(str_replace($array_injection,"",$sqlstring))); list($this->querytype)= explode(" ",$this->sql); return $this->querytype; } # public function setsql($sqlstring) { if($sqlstring==null) { die("O valor passado para a função setsql não pode ser nulo \r\n<br>"); } switch($this->__querytype($sqlstring)) { case "select"; return $this->__selectquery($this->sql); break; case "update"; return $this->__updatequery($this->sql); break; case "insert"; return $this->__insertquery($this->sql); break; case "delete"; return $this->__deletequery($this->sql); break; default: die("Query não suportada => ".$sqlstring."\r\n<br/> => to execute this type of query it is necessary to use a database manager\r\n<br>"); break; } } # private function __selectquery($sqlstring) { $this->__setquery($sqlstring); $this->numberrows=$this->getnumberrows(); return $this->numberrows; } # private function __updatequery($sqlstring) { if(stripos($sqlstring, 'where') == false) { die("Para fazer UPDATE é necessário a clausula WHERE em => ".$sqlstring); } $this->__setquery($sqlstring); return $this->affected(); } # private function __insertquery($sqlstring) { $this->__setquery($sqlstring); return $this->getlastid(); } # private function __deletequery($sqlstring) { if(stripos($sqlstring, 'where') == false) { die("To do DELETE the clause is necessary WHERE em => ".$sqlstring); } $this->__setquery($sqlstring); return $this->affected(); } # public function getassocarray() { unset($this->rows); unset($this->results); if($this->querytype=="select") { $this->results = array(); while ($this->rows=$this->__fetchassoc()) { $this->results[]=$this->rows; } return $this->results; }else{ die("The method getassocarray is supported only in select"); } } # public function getlinearray() { unset($this->rows); unset($this->results); if($this->querytype=="select") { return $this->__fetchassoc(); }else{ die("The method getlinearray is supported only in select"); } } # public function getarray() { unset($this->rows); unset($this->results); if($this->querytype=="select") { $this->results = array(); while ($this->rows=$this->__fetchrow()) { $this->results[]=$this->rows; } return $this->results; }else{ die("The method getarray is supported only in select"); } } # public function getrow($row=0) { if($this->querytype=="select") { return $this->getrecord($row); }else{ die("The method getrow is supported only in select"); } } # public function sql2assocarray($sqlstring) { if($this->__querytype($sqlstring)=="select") { if($this->__selectquery($this->sql)==true) { return $this->getassocarray(); }else{ die(" A query => ".$sqlstring." it did not bring a result back válid"); } }else{ die(" A query => ".$sqlstring." he is not a select"); } } public function sql2linearray($sqlstring) { if($this->__querytype($sqlstring)=="select") { if($this->__selectquery($this->sql)==true) { return $this->getlinearray(); }else{ die(" A query => ".$sqlstring." it did not bring a valid result back"); } }else{ die(" A query => ".$sqlstring." he is not a select"); } } # End of the Class } ?> my php is 5 etc, apache, mysql windows xp pro, it looks like i am making some error in calling the classs. please help, Thanks in advance Tovia Singer

IIS error 404, when i add IsapiRewrite4.dll to ISapi filter, version: iis = version 5, windows = xp pro? Hi My iis webserver works fine and and is configured with php, mysql etc, but when i add: Isapi filter: D:\rewrite\IsapiRewrite4.dll (i also added IsapiRewrite4.ini to my d:\rewrite directory) and under directory security i have my current admin user: MPC\web_user i then restart iis services, and i get: HTTP 404 - File not found Internet Information Services not even .html pages will open from my webserver: http://mpc/head.html i checked services: IIS Admin World Wide Web Publishing And they are working fine in services, all started! Strange but when i remove my: Isapi filter everything works fine, and i can view pages through iis, internet explorer as normal. http://localhost/iishelp/iis/htm/core/iihtmat.htm#virtualdirectories gives me: Physical Location/ Alias/ URL Path: C:\Inetpub\wwwroot home directory (none) http://Sales \\Server2\SalesData\ProdCustomers Customers http://Sales/Customers C:\Inetpub\wwwroot\Quotes None http://Sales/Quotes C:\Inetpub\wwwroot\OrderStatus None http://Sales/OrderStatus D:\Mktng\PR PR http://Sales/PR Reason i added a filter was because i need to rewrite urls produced by my php pages: http://mpc/new.php?id="98" to searche engine friendly urls without ? and without .php & with names Thanks in advance but why does the filter give me error 404 when i add it into Isapi filter? And its fine without it? Kind Regards Tovia Singer