rwwd

All this is based on the assumption that all these files are in the same directory, then again, if the header couldn't find the file you would get the generic error message of: page could not be found. I'll check tomorrow to see if there has been a resolution to this, all the best! [EDIT]: My graphics skill's would shame a 3 year old, code behind my site's I consider Ok, but my graphics are poor!! Thankfully I can pass that stuff to another dept, I really wish I knew how to operate PS to create simple buttons with some PAZAZZ!! Rw

I never got on with, nor understood the point of variable vars. IS there a point to them, can they be used in the correct context, are they beneficial? Yes, arrays ARE invaluable. Just adding my 10p there. Rw

$_SESSION['username'] = $username; $result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() ); $row=mysql_fetch_assoc($result); $total = $row['total']; setcookie("username", "$username", time()+3600); setcookie("total", "$total", time()+3600); header( "Location: play.php" );//this should be here!!!! exit; Now everything above the header gets called & set provided the information is correct & assigned correctly from the query.. When the header is called, your effectively pointing the script to run elsewhere, and to the best of my knowledge, anything that is under this call doesn't get actioned; or is possibly ignored, I don't think that php parses anything post header call, as it is treated as an exit, this is why it is good practise to place the exit DIRECTLY after a header call. I may not solve this, but at least I can offer some tit-bits of experience and benefit of knowledge; well at least, while I am not so tired that the screen is seeming to blur quite a bit. Bed time! Rw

try this:- db.php <?php session_start(); $conn = mysql_connect("localhost", "dbuser", "dbpassword"); mysql_select_db("myDB", $conn); if (isset($_POST['username']) && isset($_POST['pword'])){ $username = mysql_real_escape_string(strip_tags($_POST['username'])); $password = md5(mysql_real_escape_string(strip_tags($_POST['pword']))); //I assume at this point that your checking that the md5 value matches what's in the DB, check that the varchar //limit exceeds 32 chars, else it WILL not function $sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1"); if (mysql_num_rows($sql) == 0){ echo "&serverResponse=Incorrect username/password"; } else{ $_SESSION['username'] = $username; $result = mysql_query("SELECT `total` FROM `usersystem` WHERE username` = '".$username."' LIMIT 1") or die( mysql_error() ); $row=mysql_fetch_assoc($result); $total = $row['total']; setcookie("username", $username, time()+3600); setcookie("total", $total, time()+3600); header( "Location: play.php" ); } } ?> play.php <?php include("db.php"); if((isset($_COOKIE["username"])) && (isset($_COOKIE["total"]))) { echo "username:".$_COOKIE['username']; echo "total:".$_COOKIE['total']; } else{ header('Location: nogo.php'); exit; } Ok, I have done that lot a little better, but I have only formatted what was there a little better, and changed the logic a little, I'm not saying that it will be better, but at least things are in the right order now. Rw

surely you need to have the database connection there instead of floating, pop the connection handle into the first mysql_ function, then the queries will inherit the connections from the first one. That may not be the issue, but always good practice to instantiate a connection handle. You need to set a limiter to the sql too so that you only get 1 row returned, that's usually a good place to start, and do a print_r to see what is actually available when you have run the checks on the cookie:- <?php include("db.php"); if ((isset($_COOKIE["username"]) && !empty($_COOKIE["username"])) && (isset ($_COOKIE["total"]) && !empty($_COOKIE["total"]))) { print_r($_COOKIE); echo "username: ".$_COOKIE['username']; echo "total:".$_COOKIE['total']; } else { header('Location: nogo.php'); exit;//good practice to have an exit after the header call too } Try that, and see what's returned. Rw

Some code that you have would help, show us what you have first, then we can help.. Rw

isset() to see if it's set, then !empty() to see that it has a value and isn't someone pretending to be a cookie. See how you get on now. Rw

[EDIT] I really need to type quicker, it is on my to do list, where ever that is nowadays... $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: http://example.com/"); die(); Seriously this is a bad way of doing this, firstly, if you had error reporting on you would get an error saying something like: presumed constant. Reason being, the name your assigning to your cookie hasn't been quoted and therefore is acting like a constant !ACTING! php will treat this as missing/not defined and throw the error. Also, your not specifying a the time limit correctly, though, not wrong, just un-necessary use of memory to assign the time to a var, this should be done within the function. Lastly, specify the domain that you want the cookie active on, using the "/" method will save a lot of time. so do something like this:- setcookie("ID_my_site", stripslashes($_POST['username']), time()+60*60*24*30, "/"); setcookie("Key_my_site", stripslashes($_POST['pass']), time()+60*60*24*30, "/"); //then redirect them to the members area header("Location: http://example.com/"); exit; Ok, they are defined better now, cookies are set for 30 days throughout your domain! Simple. Rw

There are loads of freebies out there, just depends of the level of security that your wanting; search for "php class repository" on google, sign up (it's free) and have a look in there, I quite often go in there and then take a few, and cobble the best bits together. BUT, if your wanting to learn, there is nothing like starting with a new document and writing a login class from scratch. Then at least you can track what happens and add new methods as you find you need them. Rw

well firstly you need to define the absolute file path, and have that done in the root file, something like this:- define('ABSOLUTE_PATH', dirname(__FILE__). "/"); This will give you the complete server path for you to work with defined within a constant - and a trailing slash, then you can refer to this in the xml function - this should help you out with this issue, but seriously, always use absolute paths, then you can avoid the toothpick syndrome, and this will make your code easier to maintain. Rw

There may not be errors occurring, there may be an unhandled if/else clause some where that you are invoking, but not handling, this is why having an if/else handled correctly will pay huge dividends in the long run whilst you develop your code. If only we had step into/step over eh! Rw

function convert(String $str){ $txt = simplexml_load_string($str); return $myvalue = $txt->value; } $data = convert($abcd); echo $data; Oop's I used the wrong var name in there, should have been $txt not $xml. Doh! Rw

You could do this:- //Tell the function to reject anything that ISNT a string, that way you don't need to typecast within the function. function convert(String $str){ $xml = simplexml_load_string($str); return $myvalue = $txt->value; } $data = convert($abcd); echo $data; But you need to make sure that the xml function returns data as expected, some basic debugging is needed. Rw

@PFMaBiSmAd cheers for the explanation. I knew I was correct with what I had said. Rw

missing the curlies from the else there, try to keep to one standard, don't mix and match - bad practise. use isset() then !empty() this proves as it's there and has state... Ideally, you need to post more of the code so we can see what else is going on in there. Rw