hi, here's the code i have for the form [code=php:0] <?php class SimpleContact { var $state; var $errorMsg; var $_to; var $_from; var $_subject; var $_msg; function _isEmail($email) { if (preg_match("#^(([A-Za-z0-9]+_+)|([A-Za-z0-9]+\-+)|([A-Za-z0-9]+\.+)|([A-Za-z0-9]+\++))*[A-Za-z0-9]+@((\w+\-+)|(\w+\.))*\w{1,63}\.[a-zA-Z]{2,6}$#", $email)) { return true; } else { return false; } } function _isInjection($text) { $text = strtolower($text); if (preg_match('#(content\s*-\s*disposition)|(bcc\:)|(cc\:)|(content\s*-\s*transfer\s*-\s*encoding)|(mime\s*-\s*version)|(multipart\s*/\s*mixed)|(multipart\s*/\s*alternative)|(multipart\s*/\s*related)|(reply\s*-\s*to)|(x\s*-\s*mailer)|(x\s*-\s*sender)|(x\s*-\s*uidl)#is',$text)) { return true; } else { return false;} } function init($to, $from, $name, $subject, $msg) { // start with least expensive process, end with regex madness. if( empty($name) ) { $this->state = 0; $this->errorMsg = 'Please fill in your name'; return false; } if( empty($subject) ) { $this->state = 0; $this->errorMsg = 'All mail must contain a subject'; return false; } if( empty($msg) ) { $this->state = 0; $this->errorMsg = 'All mail must contain a message body'; return false; } if( empty($from) || !$this->_isEmail($from) ) { $this->state = 0; $this->errorMsg = 'Invalid sender email address supplied'; return false; } if( empty($to) || !$this->_isEmail($to) ) { $this->state = 0; $this->errorMsg = 'Invalid recipient email address supplied'; return false; } if( $this->_isInjection($to) || $this->_isInjection($name) || $this->_isInjection($from) || $this->_isInjection($subject) || $this->_isInjection($msg)) { $this->state = 2; $this->errorMsg = 'This message has been identified as an email injection attempt'; return false; } $this->_to = $to; $this->_from = $from; $this->_name = $name; $this->_subject = $subject; $this->_msg = $msg; $this->state = 1; return true; } function sendMail() { if($this->state !== 1) { trigger_error('SimpleMail Object is not initialized or contains invalid data - Mail sending cancelled', E_USER_WARNING); } else { $header = "Return-Path: {$this->_from}\n"; $header .= "X-Sender: {$this->_from}\n"; $header .= "From: '{$this->_name}' <{$this->_from}>\n"; $header .= "MIME-Version: 1.0\n"; $header .= 'X-Mailer: PHP/'. phpversion(); ini_set(sendmail_from, $this->_from); // stops gmail from putting (unknown sender) in From field $sent = mail($this->_to, $this->_subject, $this->_msg, $header); ini_restore( sendmail_from ); if (!$sent) { trigger_error('SimpleContact failed due to php mail()', E_USER_WARNING); } else { $this->state = 3; } } } } // bot attacks may miss hidden input elements if (isset($_POST['confirm'])) { $to = 'email@email.com'; $name = $_POST['name']; $from = $_POST['email']; $subject = $_POST['subject']; $msg = $_POST['message']; $fin = FALSE; // is the entire user process complete? $userOutput = ''; // what the user will see at the end //get the ball rolling... $mailer = new SimpleContact; $mailReady = $mailer->init($to, $from, $name, $subject, $msg); //ensure input is good if(!$mailReady) { $userOutput = $mailer->errorMsg; } else { $mailer->sendMail(); if($mailer->state !== 3) { //something went wrong, mail() probably failed :| $userOutput = $mailer->errorMsg; } else { $userOutput = "Hi {$_POST['name']}, thanks for submitting your information."; $fin = TRUE; } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Contact Us</title> </head> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <legend>Contact Us</legend> <?php if(empty($userOutput)) { echo '<p class="note">Please complete all fields</p>'; } else { echo "<p class='alert'>$userOutput</p>"; } ?> <label for="name"><input type="text" name="name" id="name" value="<?php if(!$fin && isset($_POST['name'])) echo $_POST['name']; ?>" /> Name</label> <label for="email"><input type="text" name="email" id="email" value="<?php if(!$fin && isset($_POST['email'])) echo $_POST['email']; ?>" />E-mail</label> <label for="subject"><input type="text" name="subject" id="subject" value="<?php if(!$fin && isset($_POST['subject'])) echo $_POST['subject']; ?>" />Subject</label> <label for="message" class="commentlabel">Your Message<br /> <textarea name="message" cols="30" id="message" rows="8"><?php if(!$fin && isset($_POST['message'])) echo $_POST['message']; ?></textarea> </label> <input type="hidden" name="confirm" value="true" /> <input name="submit" type="submit" class="btn" value="Send Mail!" /> </fieldset> </form> </body> </html> [/code] Can you tell me what i'd put in the //perform download part? is is just a direct link to the zip file or something else? I appreciate the help.