Shilo

I am such a retard! This is the error: <?php elseif ($action = 'logout'){ session_destroy(); } ?> Was supposed to be: <?php elseif ($action == 'logout'){ session_destroy(); } ?> 3 Hours!!! 3 hours and alot of stress. and 2 bottles of beer down the drain! For what? Just for 1 equals sign!!

Any Suggestions? Ive been trying to get this to work for like 3 hours. I got no clue whats wrong... :'(

<?php session_start(); $passpw = $_POST['password']; $userac = $_POST['username']; if ($action == 'login'){ $sql="SELECT * FROM user WHERE username = \"$userac\" AND password = \"$passpw\""; $result = @mysql_query($sql,$connection) or die("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error()); $num=mysql_num_rows($result); while ($row = mysql_fetch_array($result)) { $active = $row['active']; $confirm = $row['confirm']; $valid_user = $row['valid_user']; } if($active == "no") { $error = 'You have Been Banned From For Abuse On Our Forums!'; } if($confirm == "no"){ $error = "Your Email Address Hasnt Been Yet Confirmed!"; } elseif($active == "yes") { $_SESSION['valid_user'] = $valid_user; $error = 'Login Successful'; } elseif($passpw == NULL) { $error = 'You Did Not Enter A Password'; } elseif($userac == NULL) { $error = 'You Did Not Enter A Username'; } elseif($valid_user == NULL) { $error = 'You Entered Incorrect Login Information'; } } elseif ($action = 'logout'){ session_destroy(); } ?> For some reason the session will only stay registered on that page. Once I leave I lose the session data and my account logs out. I have session_start(); on everypage. but it still doesnt want to stay registered. Any suggestions?

Are you serious?! Thats all I had to do. Grr. I cant thank you egnouph man! Have a good night. TOPIC SOLVED!

what I think I need to do is make the htaccess file look like: ErrorDocument 403 %{HTTP_HOST}^/index.php?status=403 or something. but I cant seem to find the function for the root of the website.

To start off with my problem I will give you some code: .htaccess: ErrorDocument 403 /index.php?status=403 ErrorDocument 404 /index.php?status=404 and the code of the /index.php?status=403: <?php case "403": $titleE = "403 Error - Forbidden"; $messE = " :: You do not have access to this area!"; $error = $bst.$titleE.$messE.$ben; break; ?> This works fine and displays "403 Error - Forbidden :: You do not have access to this area!" and shows it in an error box with the default homepage. now heres the problem. It displays "localhost/require/" at the top of the page. This is because I was trying to access the "require" directory of my website. but when I click on a new link I get this error: See the problem. Its trying to find file "localhost/require/index.php?blablabla..." is there a way to make the htaccess direct the page to index.php?status=403 but in the root directory and not the require directory?

okay. that cleared it up for me. Thank you

Just out of curiosity... ... Is it possible for people to modify thier session data. for example: If there session user_level was = 0. is it possible for them to modify it to be user_level = 1? or would they have to access the server files to do it. Basically what im asking is: When a session is registered. is any form of the session stored on the clients computer like a cookie is? or am I pretty safe registering user_level =0 or =1 and having like <?php if ($_SESSION['user_level'] = 0){ echo 'user links'; } if ($_SESSION['user_level'] = 1){ echo 'admin links'; } ?>

and if for some reason you dont have access to the .ini file on your server you can use: <?php ini_set('post_max_size', '256MB'); ini_set('upload_max_filesize', '256MB'); ?>