Bottyz

Hi all, I'm trying to increase the server default php session timeout from 1hour to 3hours. I don't have access to my php.ini but can use .htaccess. Is the following the correct way to do this? in the .htaccess add the line: php_value session.gc_maxlifetime 10800 Or would I be better off including the following after every session start() on everypage: ini_set("session.gc_maxlifetime","10800"); thanks!

Silly question (Which is not usually browser specific but thought i'd throw the thought out there) but do you have the session start statement at the top of the next php file? session_start(); Is Opera & Safari caching differently to the other browsers?

Hi all, I've been trying to improve the speed of my file download script and was wondering if anyone could advise me which of the following is more efficient (Don't worry its not the whole script, just one segment), in terms of speed and server load? The way I have the segment currently: //if file exists need to check authorision levels //set access to no $access = NULL; //retrieve current user levels $cpm = $_SESSION['MM_CPMGroup']; $cpmh = $_SESSION['MM_CPMHGroup']; $cm = $_SESSION['MM_CMGroup']; $cj200 = $_SESSION['MM_CJ200Group']; $cj = $_SESSION['MM_CJGroup']; //set file category type & set access if allowed if ($category == 'cpm') { if ($cpm == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cpm/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cpm/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cpm/"; } else { $path = "files/cpm/"; } } } elseif ($category == 'cpmh') { if ($cpmh == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cpmh/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cpmh/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cpmh/"; } else { $path = "files/cpmh/"; } } } elseif ($category == 'cm') { if ($cm == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cm/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cm/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cm/"; } else { $path = "files/cm/"; } } } elseif ($category == 'cj200') { if ($cj200 == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cj200/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cj200/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cj200/"; } else { $path = "files/cj200/"; } } } elseif ($category == 'cj') { if ($cj == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cj/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cj/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cj/"; } else { $path = "files/cj/"; } } } if ($access < 1) { // if user access not granted to file category return message if($logging > 0){ $status = "Wrong Permissions"; include('logit.php'); } if (! $_SESSION['PrevUrl']) { //header("Location: ". $loginpage ); exit; } $redirect = $_SESSION['PrevUrl']; header("Location: ". $redirect ); exit; } // if file exists and user access granted continue Obviously the above is a lot of lines of code... So I have rewritten the above to look like: //if file exists need to check authorision levels & retrieve current user levels if ($category == 'cpm' && $_SESSION['MM_CPMGroup'] == '1') { $access = 1; } elseif ($category == 'cpmh' && $cpmh = $_SESSION['MM_CPMHGroup'] == '1') { $access = 1; } elseif ($category == 'cm' && $cm = $_SESSION['MM_CMGroup'] == '1') { $access = 1; } elseif ($category == 'cj200' && $_SESSION['MM_CJ200Group'] == '1') { $access = 1; } elseif ($category == 'cj' && $_SESSION['MM_CJGroup'] == '1') { $access = 1; } else { $access = NULL; } if ($access == NULL) { // if user access not granted to file category return message $status = "Unauthorised"; include('logit.php'); header("Location: ".$_SESSION['PrevUrl']); exit; } // if file exists and user access granted continue switch($subcategory) { case "techdata":$path="files/techdata/".$category."/".$filename; break; case "msds": $path="files/techdata/".$category."/msds/".$filename; break; case "symbols": $path="files/symbols/".$category."/".$filename; break; default: $path="files/".$category."/".$filename; } The second version is a lot shorter, but is it better? And could I shorten the if statement further so its more like: //if file exists need to check authorision levels & retrieve current user levels if (($category == 'cpm' && $_SESSION['MM_CPMGroup'] == '1') || ($category == 'cpmh' && $cpmh = $_SESSION['MM_CPMHGroup'] == '1') || ($category == 'cm' && $cm = $_SESSION['MM_CMGroup'] == '1') || ($category == 'cj200' && $_SESSION['MM_CJ200Group'] == '1') || ($category == 'cj' && $_SESSION['MM_CJGroup'] == '1') { $access = 1; } else { $access = NULL; } if ($access == NULL) { // if user access not granted to file category return message $status = "Unauthorised"; include('logit.php'); header("Location: ".$_SESSION['PrevUrl']); exit; } // if file exists and user access granted continue switch($subcategory) { case "techdata":$path="files/techdata/".$category."/".$filename; break; case "msds": $path="files/techdata/".$category."/msds/".$filename; break; case "symbols": $path="files/symbols/".$category."/".$filename; break; default: $path="files/".$category."/".$filename; } Any advice would be appreciated! Thanks!!

Hi all, I've tried numerous different methods of blocking user agents with my htaccess but none seem to result in a 403 but always a 500 response! The section of my htaccess in question looks like so: RewriteEngine on DirectoryIndex index.php index.html ErrorDocument 400 /400.php ErrorDocument 401 /401.php ErrorDocument 403 /403.php ErrorDocument 404 /404.php ErrorDocument 500 /500.php RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule ^.* - [F,L] RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC] RewriteRule ^.* - [F,L] RewriteCond %{HTTP_USER_AGENT} ^Toata [NC] RewriteRule ^.* - [F,L] RewriteCond %{HTTP_USER_AGENT} ^Plesk [NC] RewriteRule ^.* - [F,L] RewriteCond %{HTTP_USER_AGENT} ^Sosospider [NC] RewriteRule ^.* - [F,L] RewriteCond %{HTTP_USER_AGENT} ^WhiteHat RewriteRule ^.* - [F,L] RewriteCond %{HTTP_USER_AGENT} ^ZmEu [NC] RewriteRule ^.* - [F,L] I added in the extra lines of RewriteRule ^.* between each user agent to see if it was a problem with having the list of user-agents and then one rewrite rule at the bottom. But this doesn't appear to be the case. All of the above user agents need to be matched to the first part of the user-agent string as some finish with extra words, like Sosospider is actually Sosospider+. Hence no $ after the strings. The webserver is linux based with apache and cpanel installed. I have spoken with my webhosts and they don't have any idea why other than it could be a syntax issue. The 500 error document doesn't get pointed to either, it always defaults to 500.shtml which doesn't exist on the server. That though seems to be a cpanel issue. Any help as always is much appreciated.

Right ok, after more tweaking and even looking into cURL as a method of correcting the file downloads (and omitting it as i can't figure out how to present a user with a save to.. dialog), i've come up with the following: // if file exists and user access granted: // Set maximum script execution time in seconds (0 means no limit) set_time_limit(0); // define the path to your download folder plus assign the file name $path .= $filename; // file size in bytes $fsize = filesize($path); // check that file exists and is readable if (file_exists($path) && is_readable($path)) { apache_setenv('no-gzip', '1'); // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } //content type switch(strtolower(substr(strrchr($filename,'.'),1))) { case "pdf": $mime="application/pdf"; break; case "zip": $mime="application/zip"; break; case "doc": $mime="application/msword"; break; case "xls": $mime="application/vnd.ms-excel"; break; case "jpeg":$mime="image/jpg"; break; case "jpg": $mime="image/jpg"; break; default: $mime="application/force-download"; } // set headers header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Type: $mime"); header("Content-Disposition: attachment; filename=\"$filename\""); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . $fsize); // download $file = @fopen($path,"rb"); if ($file) { while(!feof($file)) { print(fread($file, 1024*); flush(); if (connection_status()!=0) { @fclose($file); die(); } } @fclose($file); } if($logging == 1){ $status = "Granted"; include('logit.php'); } exit; } The above seems to work with all files again now, but will need some constant testing for a little while to see if i get anymore corrupted transfers. If anyone can see any obvious mistakes in the code snippet above, please let me know. Also, can anyone see any issues with cpu usage or similar on the above? Hopefully the code will also help anyone else with similar issues... If i don't get anymore errors, i'll post back and mark as solved. I'm surprised no more of you php wizards have been able to help further? Maybe i posted on a dodgy topic. Thanks for reading my random rantings and thoughts anyways! PS. On another note, anybody have an idea as to how you would allow pausing and resuming of downloads? Or am i looking too much into this? lol!

Hi all, found a problem with my revised script. I have a 94mb zip file that just downloads 0kb. Is there some kind of memory limit that file_get_contents can't exceed? The server memory limit is 128mb. thanks

Hi all, I've implemented a different set of headers now, which seem to work but won't allow users to download more than one file at a time. Is the following a safe way of overcoming the problem? // if file exists and user access granted: // define the path to your download folder plus assign the file name $path .= $filename; // check that file exists and is readable if (file_exists($path) && is_readable($path)) { apache_setenv('no-gzip', '1'); // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } //content type switch(strtolower(substr(strrchr($filename,'.'),1))) { case "pdf": $mime="application/pdf"; break; case "zip": $mime="application/zip"; break; case "doc": $mime="application/msword"; break; case "xls": $mime="application/vnd.ms-excel"; break; case "jpeg":$mime="image/jpg"; break; case "jpg": $mime="image/jpg"; break; default: $mime="application/force-download"; } header('Content-Disposition: attachment; filename=' . urlencode($filename)); header('Content-Type: application/force-download'); header('Content-Type: application/octet-stream'); header('Content-Type: application/download'); header('Content-Description: File Transfer'); header('Content-Length: ' . filesize($path)); echo file_get_contents($path); if($logging == 1){ $status = "Granted"; include('logit.php'); } exit; } :-\

It did cross my mind, but if thats the case then why does it work most of the time and not some of the time? Currently, It will corrupt with all sizes of zip file (since changes i made). Current code is as above and 8 times out of 10 the zips will download fine. Sometimes the file can say its downloaded instantaneously and you open it to find its corrupted, even when the file is supposed to be 40mb? It always states the correct file size when you click save as. Its as if something interrupts the download. Any further help would be appreciated as always! This is getting very frustrating :'(

Hi all, I wrote a download script for some protected files a little while back. And on the whole, its works pretty well but occasionally, zip files will not completely download and will end up corrupted. It happens more with bigger files but that i'm guessing is due to the fact it takes longer to download them? I've searched intensively on Google for the past few days and implemented a few new ideas, which hasn't made a difference. Its annoying, in the fact you can try the same file a few times over and it'll download 8 out of 10 times no problem. I even added in the apachesentenv after a recommendation, as the rest of my site is gzip php'd. But that hasn't worked either. Part of the code as follows: apache_setenv('no-gzip', '1'); // if file exists and user access granted: // define the path to your download folder plus assign the file name $path .= $filename; // check that file exists and is readable if (file_exists($path) && is_readable($path)) { // get the file size and send the http headers $size = filesize($path); // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off'); //content type switch(strtolower(substr(strrchr($filename,'.'),1))) { case "pdf": $mime="application/pdf"; break; case "mp3": $mime="audio/x-mp3"; break; case "zip": $mime="application/zip"; break; case "rar": $mime="application/zip"; break; case "tar": $mime="application/zip"; break; case "sit": $mime="application/zip"; break; case "doc": $mime="application/msword"; break; case "xls": $mime="application/vnd.ms-excel"; break; case "ppt": $mime="application/vnd.ms-powerpoint"; break; case "gif": $mime="image/gif"; break; case "png": $mime="image/png"; break; case "jpeg":$mime="image/jpg"; break; case "jpg": $mime="image/jpg"; break; default: $mime="application/force-download"; } header("Cache-Control: public"); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Description: File Transfer"); header("Content-Type: " .$mime); header("Content-Disposition: attachment; filename=\"{$filename}\""); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . filesize($path)); readfile("$path"); if($logging == 1){ $status = "Granted"; include('logit.php'); } exit; } Live http Headers in Firefox displays the following upon clicking a download: http://www.website.com/filedownload.php?file=12 GET /filedownload.php?file=12 HTTP/1.1 Host: www.website.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-gb,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.website.com/downloads.php Cookie: __utma=100661891.2064943237.1286446219.1290502952.1290505322.70; __utmz=100661891.1290502952.69.8.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=lighthouse%20cjpro; __utmc=100661891; __utmb=100661891.43.10.1290505322; PHPSESSID=8aadcc17930b9e146f103f180f30f470 HTTP/1.1 200 OK Date: Tue, 23 Nov 2010 11:22:13 GMT Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12 X-Powered-By: PHP/5.2.12 Expires: 0 Cache-Control: must-revalidate, post-check=0, pre-check=0 Pragma: public Content-Description: File Transfer Content-Disposition: attachment; filename="Version_5_Software.zip" Content-Transfer-Encoding: binary Content-Length: 62654423 Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Type: application/zip ---------------------------------------------------------- Are my headers wrong? or in the incorrect order? If not, any ideas? I'm a bit stumped! Thanks for taking the time to read my query.

Hi all, I wrote this function: function nl2br_revertfull($str) { $br = preg_match('`<br>[\\n\\r]`',$str) ? '<br>' : '<br />'; $str = html_entity_decode(preg_replace('`'.$br.'([\\n\\r])`', '$1', $str)); $str = str_replace('&', '&', $str); return str_replace('£', '£', $str); } Which reverts nl2br & htmlencoded text from a db back for use in my webpage. All works beautifully except it seems if there are two <br /><br /> 's in a row it will only convert one and leave the other as <br /&gt. So it looks like this in the source: <br /><br /> Can anyone see why? Thanks in advance!!

i've figured that this should be ok for use... Can anyone confirm? function validate_art_url($str) { pregmatch('^[a-z]+[\-]*$', $str) ==0; }

Hi all, I'm very new to regex and cannot get my head around all the characters. I've been testing out a few things to work it out but am struggling with one in particular. I've created a news system for my website in php and on the main page you only have a truncated description of each article but with 'read more' links to the full article. The 'read more' links like news.php?article= Where it has the ?article= it has a meaning full seo friendly title such as "new-website" or "news-page-launched" etc.... This link then brings up that full article. My idea is to use a preg_match expression that makes sure all that is in the link is letters and the - symbol. This is to make sure no-one can insert code here and attack the site. Is this a bad idea or can anyone help?

Hi all, A friend of mine has recently implemented the following code on his website but it doesn't check to see if any of the fields are empty. Can anyone provide pointers as to where the best place to validate user input would be? <?php $notindomain_errorpage = "errors.php"; $server_errorpage = "errors.php"; $invalidaddress_errorpage = "errors.php"; $successpage = "thankyou.php"; $recipient="[email protected]"; $subject="Web site feedback"; // Set the server variables for older (PHP4,3 etc) systems if (!isset($_SERVER)){ $_POST = &$HTTP_POST_VARS; $_SERVER = &$HTTP_SERVER_VARS; } $servername = $_SERVER['SERVER_NAME']; if ($_SERVER['REQUEST_METHOD']=="POST") { if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>7 || !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) { header( "Location: ".$notindomain_errorpage ); exit; } else { $msg="The following information was submitted from a form on ".$servername.":\n\n"; foreach($_POST as $key => $val) { //filter out any form items called send or reset //image based submit and reset buttons will be in the format // send_x: 13 // send_y: 10 $myKeySlice = substr("$key",0,4); if ($myKeySlice != "send" && $myKeySlice != "rese"){ if ($key == "subject" || $key == "email" || $key == "name"){ //Prevent injection attacks by stripping tags and newlines from the data //Do this only on data that makes it into the e-mail header as newlines in a message body should still be valid $key = strip_tags($key); $val = strip_tags($val); if (eregi("\r",$key) || eregi("\n",$key)){ header( "Location: ".$notindomain_errorpage ); exit; } if (eregi("\r",$val) || eregi("\n",$val)){ header( "Location: ".$notindomain_errorpage ); exit; } } //replace any underscores in the input names (PHP puts these in!) with spaces $key = str_replace("_"," ",$key); //if the form item is called "subject" then set this as the subject line of the mail if ($key == "subject"){ $subject=$val; } else { if (is_array($val)){ $msg.="Item: $key\n"; foreach($val as $v) $msg.="ÊÊÊ$v\n"; } else { $msg.="$key: $val\n"; } } } } //set up the default headers $headers = ""; //get the senders name (if specified) if ($_POST["name"]) { $name = $_POST["name"]; } else { $name = ""; } //get the senders email address (if specified) if (isset($_POST["email"])) { $email = $_POST["email"]; if (!preg_match('/^[a-zA-Z0-9_\.-]+@[a-zA-Z0-9-\.]+\.[a-zA-Z]+(\.[a-zA-Z]+)?$/', $email)){ header( "Location: ".$invalidaddress_errorpage ); exit; } } else { $email = "[email protected]"; //clear the name so we don't end up with username @ webmaster's address! $name = ""; } $headers .= "From: $name <$email>\r\n"; //add the correct headers for plain text //see: http://www.webmasterworld.com/php/3949990.htm $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-type: text/plain; charset=\"ISO-8859-1\"\n"; $headers .= "Content-transfer-encoding: 7bit\n"; $headers .= "Reply-To: $email\r\n"."Return-Path: $email"; error_reporting(0); if (mail($recipient, $subject, $msg, $headers)){// header( "Location: ".$successpage ); } else { header( "Location: ".$server_errorpage ); } } } else { header( "Location: ".$server_errorpage ); } ?> I'm thinking it should be somewhere around the foreach($_POST line? But i'm not familiar with arrays. Can anyone help please?

I have changed the email header to convert to the utf-8 charset as you suggested which helped but didn't solve the problem. I have however modified the input screening script a few more times since then and the following seems to work: function cndstrips($str) { if (get_magic_quotes_gpc()) { return htmlentities(utf8_decode(html_entity_decode(stripslashes($str)))); } else { return htmlentities(utf8_decode(html_entity_decode($str))); } } I'm I over encoding/decoding of inputs using the above? Or does anyone see any possible issues regarding xss or hack attempts with the above? I've done some research but my knowledge in that area is still limited. Thanks for the pointers so far!

Hi AbraCadaver, I put the information from the form into a html based email so if i change the header to text/plain as you stated won't this screw up my email? My current header reads as below: $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

Hi all, I've been running a basic contact us form using a textarea for users to send us enquiries for a few months now. We have a few foreign users that use special accented characters like umlaut etc... Which are common to lots of languages other than english. When the php script processes the data and sends it in a html based email it screws up the symbols and sends a load of rubbish where they should be. I have been trying out a few variations of script but cannot get any to display correctly. Old script: function previous_request_value($str) { if (isset($_REQUEST[$str]) ) return $_REQUEST[$str]; else return ''; } function cndstrips($str) { if (get_magic_quotes_gpc()) return stripslashes($str); else return $str; } $visitor_email=cndstrips(trim(previous_request_value('visitor_email'))); $visitor_name=cndstrips(trim(previous_request_value('visitor_name'))); $visitor_companyname=cndstrips(trim(previous_request_value('visitor_companyname'))); $message_body=cndstrips(trim(previous_request_value('message_body'))); $message_telephone=cndstrips(trim(previous_request_value('message_telephone'))); $msg_subject=cndstrips(trim(previous_request_value('msg_subject'))); Current Version (My attempt at editing the code to convert specialchars still doesnt work correctly): function previous_request_value($str) { if (isset($_REQUEST[$str]) ) return $_REQUEST[$str]; else return ''; } function cndstrips($str) { if (get_magic_quotes_gpc()) { $str = htmlspecialchars(stripslashes($str), ENT_QUOTES); } else { $str = htmlspecialchars($str, ENT_QUOTES); } preg_replace('/&(?![A-Za-z0-9#]{1,7};)/','&',$str); return $str; } $visitor_email=cndstrips(trim(previous_request_value('visitor_email'))); $visitor_name=cndstrips(trim(previous_request_value('visitor_name'))); $visitor_companyname=cndstrips(trim(previous_request_value('visitor_companyname'))); $message_body=cndstrips(trim(previous_request_value('message_body'))); $message_telephone=cndstrips(trim(previous_request_value('message_telephone'))); $msg_subject=cndstrips(trim(previous_request_value('msg_subject'))); Any ideas where i'm going wrong? Plus another slightly annoying feature is if a user enters html entities as & instead of just &, it double encodes it to &amp; I have tried to use htmlspecialchars_decode first but it crashes the whole script. I'd appreciate any help available. Thanks.

I've just figured out why it wasn't recording from 404 errors but does when it is typed direct.... i still had my 404 page set to 404.shtml! lol. Schoolboy error! Thanks to those who helped though

thanks for the reply. Users are informed about the storing of information in our privacy policy already, but thanks for the suggestion. The code you stated works the same as my code... It doesn't record the 404 error unless you type the 404.php page in directly... so if a user types an invalid url and gets the 404 page it doesn't record in the mysql. Any ideas? I'm still getting a blank HTTP_REFERER variable as well.

I've tried that and it hasn't made any difference... Is there a better way to accomplish what I want to do?

Hi all, I've recently been seeing a lot of hack attempts in my server logs. I've thought it may be a good idea to use my 404.php to record the requested urls and the users ip address etc into a mysql db. I'm having some trouble getting the mysql to execute. I can load the page using any invalid url fine, and most of the variables echo onto the 404 page itself (bar the HTTP_REFERER, which is another issue). Its not returning any mysql or other errors, it just doesn't seem to want to update the mysql... Code is as below: <?php session_start(); //connect to db include('dbconnect/lh2.php'); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <head> <title>ERROR: 404 Not Found</title> </head> <body> <div class="wrapper"> <!-- Start Navigation Menu --> <!-- End Navigation Menu, Start Main Content --> <div id="main"> <div id="maincontent"> <br><br> <p><img src="images/oops.png" alt="Oops!"></p> <br><br> <p style="font-size: 1.2em;">We have recently updated our website and the URL you requested doesn't exist. If it is a bookmark, please use the menu above to navigate to the required page and then update your bookmarks.</p> <br> <p>If you have typed the URL directly, please check for mistakes in the url you entered or use the menu above to navigate to the required page.</p> <br> <p>Alternatively, if this is a link you have clicked via our website please report the broken link to us using our <a href="#"><b>contact us form</b></a> and we'll do our best to rectify the issue as soon as possible.</p> <br><br> <p style="font-size: 0.8em;"><b>Your Browser:</b> <?php echo $_SERVER['HTTP_USER_AGENT'];?> <br><b>Your IP Address:</b> <?php echo $_SERVER['REMOTE_ADDR'];?> <br><b>Referring Page:</b> <?php echo htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_REFERER']));?> <br><b>Page Requested:</b> <?php echo htmlspecialchars(mysql_real_escape_string($_SERVER['REQUEST_URI']));?> </p> <?php //Hack - logging script date_default_timezone_set('GMT'); $serverdate = date("d M Y h:i:s a"); $requestedaddress = htmlspecialchars(mysql_real_escape_string($_SERVER['REQUEST_URI'])); $ipaddy = $_SERVER['REMOTE_ADDR']; $referpage = htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_REFERER'])); //Insert the log entry into logs db $insert = "INSERT INTO 404s (id, ipaddy, whenreq, referpage, pagereq) VALUES (NULL, '$ipaddy', '$serverdate', '$referpage', '$requestedaddress')"; $add_404log = mysql_query($insert) or die(mysql_error()); ?> <br><br> </div> </div> </div> </body> </html> Any ideas?

totally agree with Pikachu. If you get stuck post the code from your index.php. It shouldn't screw up your layout at all. So that will be something in your current code.

THen I guess I don't understand what hte echo statement is or where it belongs. What is the "echo statement" and exactly where do I need to put it? I was under the impression that it goes in index.php and that the echo statement IS: <title><?php echo TITLE ?></title> The above seems ok. The calling code is just <?php echo TITLE; ?> or <?php echo METATAGDESC; ?> etc... The problem may be with where you are including the external php page into your index.php. Are you placing the <?php echo TITLE ?> before you include the page of html that is required? If so then that part of the page would of already been written before the php script can pick up on the fact TITLE should contain anything. For example: <head> <title><?php echo TITLE; ?></title> </head> include('relevantpage.php'); // page containing the define statements the above won't work... as when the title is asked for, there is no define statement loaded. The following on the other hand would work: include('relevantpage.php'); // page containing the define statements <head> <title><?php echo TITLE; ?></title> </head> It may just be that you are deciding what page it should be too late... move your page=whatever part and include such and such php file (with define statements) above the echo TITLE script. Oh and off topic but your above code is missing the > from the center tag in the following: <center<b><i><p>We need to Understand the <b>BASICS</b> of Body Functioning and the <B>BASICS</B> of Health-Supporting Food in order to Achieve BASIC Good Health. </p></b></i></center> I hope my waffling helps?

post your calling code and the code of the page with the defines in it and i'll have a play and see why its not working. There is no real reason it shouldn't be. It sounds as if you are double quoting around the <?php echo "TITLE" ?> which will only produce TITLE. This shouldn't be quoted at all.

Nope, there is no need for the $ sign as its not a php variable as such. Just make sure all quotes are escaped as pikachu has stated and you should find it starts working.

if the above is all your code for that page then you are missing the closing tag or else for the 'if logged in' statement.