Bottyz

Hi there, thanks for the speedy response. I was hoping it would be something to do with my script! It takes way too long to download anyhting at the moment. The script works in the following way: userlogs in, then is only allowed access to various product download pages based on which product(s) they have, pages display only downloads available to customer from mysql, user then clicks link in a list which calls the filedownload.php?file= ?? where the ?? equals the id of the row int he mysql table. This then tells the browser what the file name is for it to let the user download and passes the download over. The script for filedownload.php is as follows: <?php //Antileech script session_start(); //connect to db include('dbconnect/lh.php'); mysql_select_db($database_lh, $lh); // block any attempt to the filesystem if (isset($_GET['file']) && basename($_GET['file']) == $_GET['file']) { //set variable to retrieve id number from url $fileid = $_GET['file']; // query the db for access levels $sql="SELECT * FROM filelist WHERE id='$fileid'"; $data = mysql_query($sql, $lh) or die(mysql_error()); // retrieve the file and its access levels while($retrieve = mysql_fetch_array( $data )) { $filename = $retrieve['filename']; $category = $retrieve['category']; $subcategory = $retrieve['subcategory']; } } else { $filename = NULL; } $allowed = 0; // include a list of allowed domains/tell whether logging is enabled include('downloadconfig.php'); //checks if user is from allowed domain if($allowblank > 0) { if($_SERVER['HTTP_REFERER']=="") { $allowed = 1; }} $domains = count($alloweddomains); for($y=0;$y<$domains+1;$y++) { if((stristr($_SERVER['HTTP_REFERER'], $alloweddomains[$y]))) { $allowed = 1; } } //if domain allowed... if($allowed > 0) { //if no filename... if (!$filename) { // if variable $filename is NULL or false return message if($logging > 0){ $status = "FileNotFound"; include('logit.php'); } // if file not found return to previous page with an error to display $errors = 'ERROR: That file wasnt found!'; $_SESSION['fileERROR'] = $errors; $redirect = $_SESSION['PrevUrl']; header("Location: ". $redirect ); exit; } //if file exists need to check authorision levels //set access to no $access = NULL; //retrieve current user levels $cpm = $_SESSION['MM_CPMGroup']; $cpmh = $_SESSION['MM_CPMHGroup']; $cm = $_SESSION['MM_CMGroup']; $cj = $_SESSION['MM_CJGroup']; //set file category type & set access if allowed if ($category == 'cpm') { if ($cpm == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cpm/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/msds/cpm/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cpm/"; } else { $path = "files/cpm/"; } } } elseif ($category == 'cpmh') { if ($cpmh == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cpmh/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/msds/cpmh/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cpmh/"; } else { $path = "files/cpmh/"; } } } elseif ($category == 'cm') { if ($cm == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cm/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/msds/cm/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cm/"; } else { $path = "files/cm/"; } } } elseif ($category == 'cj') { if ($cj == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cj/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/msds/cj/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cj/"; } else { $path = "files/cj/"; } } } if ($access < 1) { // if user access not granted to file category return message if($logging > 0){ $status = "WrongPermissions"; include('logit.php'); } $errors = "ERROR: You don't have permission to access that file!"; $_SESSION['fileERROR'] = $errors; $redirect = $_SESSION['PrevUrl']; header("Location: ". $redirect ); exit; } // if file exists and user access granted: // define the path to your download folder plus assign the file name $path .= $filename; // check that file exists and is readable if (file_exists($path) && is_readable($path)) { // get the file size and send the http headers $size = filesize($path); // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off'); //content type switch(strtolower(substr(strrchr($filename,'.'),1))) { case "pdf": $mime="application/pdf"; break; case "mp3": $mime="audio/x-mp3"; break; case "zip": $mime="application/zip"; break; case "rar": $mime="application/zip"; break; case "tar": $mime="application/zip"; break; case "sit": $mime="application/zip"; break; case "doc": $mime="application/msword"; break; case "xls": $mime="application/vnd.ms-excel"; break; case "ppt": $mime="application/vnd.ms-powerpoint"; break; case "gif": $mime="image/gif"; break; case "png": $mime="image/png"; break; case "jpeg":$mime="image/jpg"; break; case "jpg": $mime="image/jpg"; break; default: $mime="application/force-download"; } header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: " .$mime); header("Content-Disposition: attachment; filename=\"".$filename."\";"); header('Content-Transfer-Encoding: binary'); header('Content-Length: '.$size); readfile("$path"); if($logging == 1){ $status = "Granted"; include('logit.php'); } exit; } //if domain not allowed } else { if($logging > 0){ $status = "DomainDenied"; include('logit.php'); } //quiet leecher kill exit; } ?> I hope the above makes sense!

Hi all, I have a working download script which uses php to hide a files real location from the user. My problem is that the speed of the average download is now only 90ish kb/s, whereas if you were to access the directly it is much faster (depending on your internet connection). Is there a way of increasing the script's download capabilities? Like a header php line? Or is it something that would be set by the web host's server? Cheers all!

try: if ($row_rs_units['train_email'] != NULL) { echo $row_rs_units['train_email'].";"; } theres no need for the echo nothing.

UPDATE: I've found out that this message occurs because there is a default limited of 8mb in my php.ini. I've added the following line to the beginning of my script ini_set("memory_limit","100M"); this should now set the limit to 100mb. Everything now appears to work, zip file shows as 32.9mb but it only downloads part of it now. the original file size unpacked was 42,492,074 bytes but the downloaded zip's unpacked size is only 12,217,510 bytes. Thanks for your help so far guys but now what????

Hey all, As previously posted i've been having some trouble getting a php download script working. I have made some progress and can now download small files. I have successfully downloaded a 66kb word document but when i've tried a 32.9mb zip file it is only 647 bytes and contains the following: <b>Fatal error</b>: Allowed memory size of 33554432 bytes exhausted (tried to allocate 34560001 bytes) in <b>/home/a6964942/public_html/LHU/filedownload.php</b> on line <b>146</b><br /> I can download the file directly so i know i can download a file of that size, so the problem has to be somewhere within the script itself? The script i have setup for this is as follows: // CODE FOR DB ACCESS and if user access granted continue... // define the path to download folder plus assign the file name $path = 'files/'.$filename; // check that file exists and is readable if (file_exists($path) && is_readable($path)) { // get the file size and send the http headers $size = filesize($path); // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off'); //content type switch(strtolower(substr(strrchr($filename,'.'),1))) { case "pdf": $mime="application/pdf"; break; case "mp3": $mime="audio/x-mp3"; break; case "zip": $mime="application/zip"; break; case "rar": $mime="application/zip"; break; case "tar": $mime="application/zip"; break; case "sit": $mime="application/zip"; break; case "doc": $mime="application/msword"; break; case "xls": $mime="application/vnd.ms-excel"; break; case "ppt": $mime="application/vnd.ms-powerpoint"; break; case "gif": $mime="image/gif"; break; case "png": $mime="image/png"; break; case "jpeg":$mime="image/jpg"; break; case "jpg": $mime="image/jpg"; break; default: $mime="application/force-download"; } header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: ".$mime); header("Content-Disposition: attachment; filename=\"".$filename."\";"); header('Content-Transfer-Encoding: binary'); header('Content-Length: '.$size); readfile("$path"); if($logging == 1){ $status = "Granted"; include('logit.php'); } exit; } Anybody know what could be the problem? Is there a limit to binary transfers?

I want to make it so that no one unauthorised can download the files. So it needs to transparently present the files without the user being able to see the file paths.

ok, so probing a bit more into this all files no matter what size they are... are downloading as 1kb only. Any ideas? fileszie and filename are correct, as i've tried echoing and downloading directly outside the code. my code now looks like this: // if file exists and user access granted: // define the path to your download folder plus assign the file name $path = 'files/'.$filename; // check that file exists and is readable if (file_exists($path) && is_readable($path)) { // get the file size and send the http headers $size = filesize($path); // fix for IE catching or PHP bug issue header("Pragma: public"); // set expiration time header("Expires: 0"); // browser must download file from server instead of cache header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); // force download dialog header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); // set file size header("Content-Length: " .$size); // set file name header('Content-Disposition: attachment; filename="'.$filename.'"'); //set encoding header('Content-Transfer-Encoding: binary'); // open the file in binary read-only mode // display the error messages if the file can´t be opened $file = @ fopen($path, 'rb'); if ($file) { if($logging == 1){ $status = "Granted"; include('logit.php'); } // stream the file and exit the script when complete fpassthru($file); exit; } else { if($logging == 1){ $status = "CantOpen"; include('logit.php'); } $errors = "ERROR: Can't open requested file!"; $_SESSION['$fileERROR'] = $errors; $redirect = $_SESSION['PrevUrl']; header("Location: ". $redirect ); exit; } } i'm not sure the code is reaching the fpassthru() line but it does log an access granted entry to the log mysql.

the more i look into this the harder it seems to be. I think it might have something to do with my content-length header as the $size variable echos correctly but when i goto download and check the content-length header value, its completely different. Anybody got some code they know works for downloading files?

Hi All, I'm new to the file downloading side of things and am a bit lost with a couple of problems i've come across. I want to be able to download, zip, jpg, pdf and a few other file types but those are the most important. I've tried a few tutorials i've found and combined them with some of my own script. I've tested downloading a zip file and it appears as a download but doesn't appear to download properly as it says its currupted and downloads too quickly for a 32mb file! code is as below: if ($access < 1) { //if user access not granted to file category return message if($logging > 0){ $status = "WrongPermissions"; include('logit.php'); } $errors = "ERROR: You don't have permission to access that file!"; $_SESSION['$fileERROR'] = $errors; $redirect = $_SESSION['PrevUrl']; header("Location: ". $redirect ); exit; } //if file exists and user access granted: // define the path to your download folder plus assign the file name $path = 'files/'.$filename; // check that file exists and is readable if (file_exists($path) && is_readable($path)) { // get the file size and send the http headers $size = filesize($path); header('Content-Type: application/octet-stream'); header('Content-Length: '.$size); header('Content-Disposition: attachment; filename='.$filename); header('Content-Transfer-Encoding: binary'); // open the file in binary read-only mode // display the error messages if the file can´t be opened $file = @ fopen($path, 'rb'); if ($file) { if($logging == 1){ $status = "Granted"; include('logit.php'); } // stream the file and exit the script when complete fpassthru($file); exit; } else { if($logging == 1){ $status = "CantOpen"; include('logit.php'); } $errors = "ERROR: Can't open requested file!"; $_SESSION['$fileERROR'] = $errors; $redirect = $_SESSION['PrevUrl']; header("Location: ". $redirect ); exit; } } Is it something to do with the content headers? Another problem is that once the file has been offered up for download, it doesn't log the download in my mysql table. i've echoed out the $logging variable and thats ok. It seems to miss the logging part all together, as i tried echoing out a hello world followed by an exit but it doesn't get that far. Any help would as always, be much appreciated.

hi all, I found an error whilst testing an activate users script i've been testing and debugging, but i can't find a way around this bug? Basically, it only happens when there is more than one user to activate in a list. And on the second, thrid, fourth, etc... in the loop the function to generate a random password cannot be redeclared? the problematic section fo the code is below: // connect to db foreach($_POST['userID'] as $uID){ $productaccess1 = isset($_POST[$uID.'_PA1']) ? '1' : '0'; $productaccess2 = isset($_POST[$uID.'_PA2']) ? '1' : '0'; $productaccess3= isset($_POST[$uID.'_PA3']) ? '1' : '0'; $productaccess4 = isset($_POST[$uID.'_PA4']) ? '1' : '0'; $deleterecord = isset($_POST[$uID.'_DEL']) ? '1' : '0'; $productaccess1a = "No"; $productaccess2a = "No"; $productaccess3a = "No"; $productaccess4a = "No"; //Generate random password function random_password($password) { $vowels = 'aeuy'; $consonants = 'bdghjmnpqrstvz'; $length = 8; $strength = 4; if ($strength & 4) { $vowels .= "AEIOU"; $consonants .= 'BDGHJLMNPQRSTVWXYZ23456789'; } if ($strength & { $consonants .= '@#$%'; } $password = ''; $alt = time() % 2; for ($i = 0; $i < $length; $i++) { if ($alt == 1) { $password .= $consonants[(rand() % strlen($consonants))]; $alt = 0; } else { $password .= $vowels[(rand() % strlen($vowels))]; $alt = 1; } } return $password; } $theirpassword = random_password($password); // encrypts the randomly generated 8 digit password into 32 digit hash $their_password = md5($theirpassword); Is it something that cannot be done in a loop? thanks in advance

Hey all, I've been trying to think of a way to present pdf files to website visitors, and i can't say i've had much experience with doing so in php. Is there a nice way of presenting pdf files to visitors to a website? Or is it just a case of using an image link direct to a pdf file? I've read up about using the google docs viewer to embed pdfs directly to the webpage but not too sure this is the best option, however nice it does look.

Ignore what i just said, i found the problem by looking at someone else post! it was due to a wrongly set session_start() statement: if (isset($_SESSION)) { session_start(); } obviously i missed the ! before isset! D'oh!

Hey all, I seem to be here a lot lately! Just have a question: If you set a form to use a seperate php file as its action, which you then set a session variable in that seperate php file and get it to redirect the header back to the first php file, can you echo the session variable without it unsetting itself? Because i can't get it to work? one.php if(isset($_SESSION['Msg'])) { //print my message if it exists echo $_SESSION['Msg']; //now clear it again $_SESSION['Msg'] = NULL; //add a few breaks echo "<br><br>"; } further down in one.php i have the following form with the action to go to two.php <form action="two.php" method="POST"> and two.php sets the session variable and returns to one.php like so: if($goahead == "true") { $_SESSION['Msg'] = "Successfully activated " . $counter . " of " . $total . " users."; } $MM_success = "one.php"; header("Location: " . $MM_success); exit; I've echoed out the results of two.php and all works as it should (including the session variable), but once it redirects back to one.php the session variable doesn't echo anything or seem to exist? Can it be done? Cheers all!

No, there are four seperate fields in the db, one for each of the checkbox variables. If the field equals 1 then the user can access that area, if it equals zero they can't. And if all of them equal 0 then they shouldn't be activated, which again is a seperate field where 1 equals activated and 0 equals not. But i can take it from here, many thanks for all your help

how is it echoing? like you had it? : echo "<form action="questionlist.php?id=.$row[quizref]">"; if so it will be wrong. to correct it you should do something like this: echo "<form action='questionlist.php?id=" . $row[quizref] . "'>"; If not the above, then it may be a missing ; from the previous line?

I think i've figured out a semi quick way, its not pretty but it should work: <?php if(isset($_POST['activate_submit'])){ foreach($_POST['userID'] as $uID){ $CPM=$_POST[$uID.'_CPM']; $CPMH=$_POST[$uID.'_CPMH']; $CM=$_POST[$uID.'_CM']; $CJ=$_POST[$uID.'_CJ']; echo $uID; echo "<br>"; $CPM = isset($_POST[$uID.'_CPM']) ? '1' : '0'; echo $CPM; echo "<br>"; $CPMH = isset($_POST[$uID.'_CPMH']) ? '1' : '0'; echo $CPMH; echo "<br>"; $CM = isset($_POST[$uID.'_CM']) ? '1' : '0'; echo $CM; echo "<br>"; $CJ = isset($_POST[$uID.'_CJ']) ? '1' : '0'; echo $CJ; echo "<br>"; if($CPM=='1') { // activate user and set user auths // other code or mysql query (update/insert) } elseif ($CPM=='1') { // activate user and set user auths // other code or mysql query (update/insert) } elseif ($CPMH=='1') { // activate user and set user auths // other code or mysql query (update/insert) } elseif ($CM=='1') { // activate user and set user auths // other code or mysql query (update/insert) } elseif ($CJ=='1') { // activate user and set user auths // other code or mysql query (update/insert) } else // skip user and don't activate or set user auths } exit; } ?> The above should work because as long as at least one checkbox equals '1' (or yes) it can activate, i only want it to skip the activate if no checkbox has been ticked. Does that make more sense??

Thanks! I did kinda figure out i forgot the = sign after each <? and that was the reason no results were being forwarded! D'oh!! but tis cool now tho One more thing if i may? I want to get the activate script to skip any records where all the checkboxes are no, and not activate that field. I can't think of an easy way to get it to fall through the if statements though and skip to the next record. If i put if($CPM=='no' && $CPMH=='no' && $CM=='no' && $CJ=='no') { I can captcha any records that don't have the checkboxes set but have no idea what code i could put to make it skip the mysql update. If i instead use a load of if statements for all the varying possibilities i can duplicate the mysql update query to each of the possible outcomes, but is there a quicker way? :D :D :D

thanks for your help! Although it seems i've still got something wrong: activate.php <?php if (!isset($_SESSION)) { session_start(); } $MM_redirectLogin = "adminlogin.php"; if (!isset($_SESSION['ADMIN_Username'])) { if (isset($_SESSION['user_agent'])) { if ($_SESSION['user_agent'] != md5($_SERVER['HTTP_USER_AGENT'])) { // Bye now Mr hacker session_destroy(); header("Location: ". $MM_redirectLogin ); exit; } } $_SESSION['ADPrevUrl'] = "updateuserauth.php"; header("Location: ". $MM_redirectLogin ); exit; } else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="keywords" content=""> <meta name="description" content=""> <title>Administration Area</title> <link href="../css/adminblue.css" rel="stylesheet" type="text/css"> </head> <!-- ImageReady Slices (Rich Web Visual3.psd) --> <body> <?php include_once( 'adminbluenav.php' ); ?> <div id="main"> <div id="maincontent"> <br> <br> <?php if ($_SESSION['SuprAD'] >= "2") { ?> <br><span style="font-size; 1.2em; color: #61d0fe;"><b><img src="../images/setuserauth.png"></b></span> <br><br> <?php // connect to db include('../dbconnect/lh.php'); // retrieve unactivated users into table and create submit form // note user email address is same as their_username ?> <div style="font-size: 1.2em; color: #61d0fe;">The following accounts have not been activated yet:</div><br> <form action="activateupdate.php" method="POST"> <table style="border: 1px solid #61d0fe; width: 680px; background-color: #272727;"><tr> <td style='border: 1px; margin: 0; padding: 10px; background-color: #272727;'><b>Email:</b></td> <td style='border: 1px; margin: 0; padding: 10px; background-color: #272727;'><b>Name:</b></td> <td style='border: 1px; margin: 0; padding: 10px; background-color: #272727;'><b>Address Details:</b></td> <td style='border: 1px; margin: 0; padding: 10px; background-color: #272727;'><b>Telephone Number:</b></td></tr> <?php // set variable to current logged in user $currentuser = $their_username; //fetch using value below $unact = "0"; // query the db for access levels $sql="SELECT * FROM users WHERE activated='$unact'"; $data = mysql_query($sql, $lh) or die(mysql_error()); // retrieve the usernames and access levels while($retrieve = mysql_fetch_array( $data )) { $user = $retrieve['their_username']; echo "<tr><td style='border: 1px; margin: 0; padding: 10px; background-color: #373737; font-size: 0.8em; vertical-align: top;'>"; echo $user; echo "</td><td style='border: 1px; margin: 0; padding: 10px; background-color: #373737; font-size: 0.8em; vertical-align: top;'>"; echo $retrieve['name']; echo "</td><td style='border: 1px; margin: 0; padding: 10px; background-color: #373737; font-size: 0.8em; vertical-align: top;'>"; echo $retrieve['companyname'] . "<br>" . $retrieve['address'] . "<br>" . $retrieve['address2'] . "<br>" . $retrieve['town'] . "<br>" . $retrieve['county'] . "<br>" . $retrieve['postcode'] . "<br>" . $retrieve['country'] . "<br></td><td style='border: 1px; margin: 0; padding: 10px; background-color: #373737; font-size: 0.8em; vertical-align: top;'>"; echo $retrieve['tel'] . "</td></tr><tr><td colspan='4' style='margin: 0; padding: 10px; background-color: #424242;'><input type='hidden' name='userID[]' value='" . $user . "'><span style='text-align: left;'>Activate the above user and allow access to:<br><br>CPM-100 area: <input type='checkbox' name='" . $user . "_CPM'> CPM-100H area: <input type='checkbox' name='" . $user . "_CPMH'> CM-200 area: <input type='checkbox' name='" . $user . "_CM'> CJ Pro area: <input type='checkbox' name='" . $user . "_CJ'></span></td></tr>"; } ?> <tr> <td colspan="4" style="text-align: right; padding: 5px; background-color: #272727;"> <input type="submit" name="activate_submit" value=" Update "> </td> </tr> </table> </form> <br> <span>* If the above table is empty then all users have currently been activated!</span> <br> <br> <br> <?php } else { echo "<br><br>"; echo "<p style='font-size: 1.2em; color: #61d0fe;'>Unfortunately, your current authorisation level doesn't allow you access to this page. Please use a login with more privileges to access the content.</p>"; echo "<br><br>"; } ?> <br> </div> </div> <!-- End Main Content, Begin Bottom Graphic --> <div id="bottombar"> <span id="copyright">&#169; 2010. All Rights Reserved.</span> </div> <!-- End Bottom Graphics --> </div> </body> </html> <?php } ?> activateupdate.php <?php if(isset($_POST['activate_submit'])){ foreach($_POST['userID'] as $uID){ $CPM=$_POST[$uID.'_CPM']; $CPMH=$_POST[$uID.'_CPMH']; $CM=$_POST[$uID.'_CM']; $CJ=$_POST[$uID.'_CJ']; $User=$_POST['userID']; echo $User; echo "<br>"; echo $CPM; echo "<br>"; echo $CPMH; echo "<br>"; echo $CM; echo "<br>"; echo $CJ; echo "<br>"; // other code or mysql query (update/insert) } exit; } ?> If i try the above, everything populates to the table as desired (for this example there are two unactivated users), but if i click update the variables don't retrieve data, all i get echoed out is: Array <br> <br> <br> <br> <br> Array <br> <br> <br> <br> <br> in the activateupdate.php. Which suggests to me that the number of arrays is being pickedup but the variables aren't passing? any ideas?

you could use neil.johnsons way above or insert date using an additional variable and use the following: $dateposted = date("Y-m-d"); should give you the year, month and day then add $dateposted into your query

Ditch the "s and swap them for ' within the query statement and split it down like this: $query="UPDATE questions SET question='$question' WHERE quizref='$quizno' AND questionno='$questionno'"

Hi all, I have a members area, where users sign up using register.php, which then emails us to activate them. We will then log into our admin panel to activate any users not yet activated. (have i lost you yet?) Each user will only be allowed specific access to certain areas of the site i.e. if they own 2 products out of four they can only access support pages relating to those products. The access levels will be set when we activate the user. I have the majority of scripts working, the only bit i'm stumped with is the activation. Ideally, i'd like to retrieve all users with the field activated=0 (so not activated) into a table, which i can do and have got set up. Then.... This is where i get lost: i want to make a form for each user retrieved into the table above, with checkboxes for each area i want to allow them to, all within the same table and once submitted will activate each user at a time. Any ideas on the script? I can supply what i have now if needed? Thanks!!

You are a legend! I was staring right at the problem. Thanks for pointing that out, it sometimes takes a fresh eye to see blantant errors when you been looking at a screen for hours. As for rearranging the code so that i don't need to reload the page: I can't see a way in which i could do that? A couple more pointers would be great if you have any. Thanks again!

have you tried setting the image heights? if that doesnt work: It may be that if you reduce your 'Entry Criteria' wording it probably won't make the tab expand. You may have to reduce the font on the tab slightly? If this works then you know its a problem in the code with padding/margin/tab size etc..

.tab-active {} is missing height: 24px; might be your problem. Its only when you click on the entry criteria tab.

the page name is index2.php which as you can see... $MM_redirectLoginFailed = "index2.php"; header("Location: " . $MM_redirectLoginFailed ); the header uses index2.php as the name it redirects to upon failure. I've just added exit; after each of the header redirects and still get a constant true session variable. Sorry, if im making a noob mistake or missing something blatantly obvious! I've coded with php plenty before but i've never delved into user authentication until recently, and i'm still trying to get a feel for it. Any more help would be very much appreciated!