[quote author=king arthur link=topic=101982.msg406794#msg406794 date=1154381598] You are certain the cookie is set on the client machine? [/quote]Just realised that that's my actual problem. [code]<? setcookie("name", "Admin"); setcookie("pass", "Darn"); ?>[/code] This works fine but the code below doesn't, any ideas why? [code]<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Login to your VirtualMU Account.</title> <meta http-equiv="Content-Type" content="text/html; charset=windows-1253"> <meta name="description" content="Login to your virtualMU Account"> <meta name="keywords" content="VirtualMU,online,game,MMOG,MMORPG,Role-playing,Login,MU"> <meta name="author" content="SiLvER"> <LINK REL="StyleSheet" HREF="Style.css" TYPE="text/css"> </head> <? include("Config.php"); $random = mt_rand(1000, 9999); if ($_COOKIE['pass'] == NULL) { ?> <table width="100" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <TABLE width="200" border="0" dwcopytype="CopyTableRow"> <tbody> <form action="Login.php?do=Login" method="post"> <tr> <td valign="top">Login:</td> <td><input type="text" name="name" maxLength=10> </td> </tr> <tr> <td valign="top">Password:</td> <td><input type="password" name="pass" maxLength=10> </td> </tr> <tr> <td valign="top">Code:</td> <td><input type="hidden" name="extcode" id="extcode" value="<? print("$random"); ?>"> <input name="na" id="na" style="width:35 " size="11" value="<? print("$random"); ?>" READONLY> </td> </tr> <tr> <td valign="top">Confirm:</td> <td><input name="extcode1" class="lanyu" id="extcode1" style="width:35 " size="11" maxlength="6"> </td> </tr> <tr> <td valign="top"><input type="submit" value="Go!"></td> </form> </table> </font> </td> </table> </div> <? } elseif (!$_COOKIE['pass'] == NULL) { die("<a href=Logout.php>Log out</a>"); } include("Config.php"); include("System/Included/md5.php"); include("System/Included/Banned.php"); include("System/Included/Functions.php"); $do = stripslashes($_REQUEST['do']); if ($do == Login) { $name = $_POST["name"]; $pass = $_POST["pass"]; //include_once('sql_check.php'); //check_inject(); if ((eregi("[^a-zA-Z0-9_-]", $name)) || (eregi("[^a-zA-Z0-9_-]", $pass)) ) { die("SQL Injection Detected, make sure to ONLY use letters and numbers!"); } $sql_username_check = mysql_query("SELECT Login FROM `account` WHERE Login='$name'"); $username_check = mysql_num_rows($sql_username_check); $sql_pass = mysql_query("SELECT Password FROM `account` WHERE Login='$name'"); $enc_pass = mysql_fetch_row($sql_pass); $dec_pass = md5_decrypt( $enc_pass[0], "password" ); if (empty($name) || empty($pass) ) { echo "Some fields were left blank.<br>"; } if (!$username_check > 0) { die("The Login ID you entered doesn't exist.<br>"); } if (!$extcode == $extcode1) { die("The code you entered doesn't match with the original."); } if (!$pass == $dec_pass) { die("Invalid password specified.<br>"); } setcookie("name", $name); setcookie("pass", md5_encrypt( $pass, "password" )); echo '<meta http-equiv="refresh" content="0; url=SelectChar.php">'; } ?> </html>[/code]