revraz

Post your code and we'll look to see if the problem is there.

One thing i noticed real quick if(!$_POST['uname'] | !$_POST['passwd']) { Should be || for OR

Do you have sessions enabled in your php.ini file?

The PHP.INI file is usually provided by your webhost and you always had one. But if you added another one to say your webroot, now it is defaulting to yours instead of the webhosts. I would rename the php.ini that you added to like php.ini.bak and see if that fixes your problem. If not, post your code.

From a PHP standpoint, search for CMS or Content Management System. CSS is another beast in itself.

Sophie sounds fun.

In another post, someone made a good suggestion. Store the uid and the users IP address. If they return from the same IP, then its a safe bet its the same person. If it's a different IP, then make them re-log back in. Yes it's a hassle for those that are on dial up or other services that change IPs often, but it sure makes it more secure.

If it gives them the same access as if it read their password, then that would be no different than storing their ID/PW.

What is the { for here? $ret = mysql_query("SELECT * FROM $table1"); {

The Cookie on the user's machine or the Session ID in your Sessions folder on your webhost?

This is all covered in the Sticky up top.

Interesting, I've never had an issue myself doing it with Echo's.

Search on these PHP/MySQL keywords: mysql_real_escape_string stripslashes trim You'll also want to validate for correct data type like INT, NOT NULL or EMPTY, length of the data if there a mins/max sizes, etc.

Why dont you just ECHO or PRINT it from PHP?

I don't know what you mean here. SETCOOKIE() is a PHP function.

What if one of your trusted users gets a keylogging virus and then someone gains access to your site? Regardless of if you'd get hacked or not, don't put yourself in a spot where your database can either get xss attacks or just bad data. Get in the habit of doing it right the first time so you don't have to go back later and fix it all.

Anytime any data is entered into your database, you need to validate it for the type of data you are expecting. It doesn't have to be malicious to be bad, it can be just the wrong type of data as well. Garbage in, garbage out.

I wasn't, I was laughing at Burnside poking fun at you Oh, and Santa doesn't give money. I've been trying for years to get it out of him.

More like this is your host's Webroot structure: /users/b1234/domain/htdocs and htdocs is your folder that holds pages that load if you went to www.domain.com. But from his access, he can put folders and files back one hive and set them in /users/b1234/domain and use absolute paths to get to them, but from a webuser's standpoint, there is no way to navigate before the htdocs folder.

Sounds like he uses Objects and keeps his main object available via the web root and the rest are behind that so you can't even navigate to them if you tried.

Now go and change all of your PASSWORD entries to either sha1 or md5

Not sure if you can use mktime in a cookie like that. I've always done it with time () Easy way to do it is to multiply seconds * minutes * hours * days So time()+60 * 60 * 24 * 365); would equal 1 year.

I think you mean directory permissions.

Example HTML <form method="POST" action="contact.php"> <p>Name:* <br /></p> <input type="text" name="Name"> <p>Comments:* <br /></p> <textarea name="Comments"></textarea> <p>Email:* <br /></p> <input type="text" name="Email"> <p><input type="submit" name="submit" value="Submit"></p> PHP <?php $EmailFrom = "FromEMail Address"; $EmailTo = "ToEMail Address"; $Subject = "YourSubject"; $Name = Trim(stripslashes($_POST['Name'])); $Comments = Trim(stripslashes($_POST['Comments'])); $Email = Trim(stripslashes($_POST['Email'])); // validation $validationOK=true; if (Trim($Name)=="") $validationOK=false; if (Trim($Comments)=="") $validationOK=false; if (Trim($Email)=="") $validationOK=false; if (!$validationOK) { print "Email Sent"; exit; } // prepare email body text $Body = ""; $Body .= "Name: "; $Body .= $Name; $Body .= "\n"; $Body .= "Comments: "; $Body .= $Comments; $Body .= "\n"; $Body .= "Email: "; $Body .= $Email; $Body .= "\n"; // send email $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>"); // redirect to success page if ($success){ print "Email Sent"; } else{ print "Error, Email not Sent"; } ?>

Why do people use PASSWORD instead of md5 or sha1? What will you do if your DB crashes or they move you to a different sql server?