ToasterKing

So what you're saying is I can use the suggestion from raza.shahzad post and still keep my password secret? Speaking of which.. and again, really hate to seem ignorant but where would the actual 'password' go in that script? Because it seems like: if ($password != "abc123") { echo "error, unauthenticated user"; exit(); } else { Where [b]abc123[/b] is my password but then I would use http://www.apex-deus.org/index.php?password=abc123 (ehh.. the password should be in the url?) Somehow I'm not picking it up. Once again appreciate the patience of everyone.

[quote author=corbin link=topic=103908.msg414428#msg414428 date=1155362409] Uhhh no it shouldnt be.  On the ad = X thing you should add the line $ad = str_replace("../", "", $ad); $ad = str_replace("/", "", $ad); some where once $ad is defined... [/quote] Hate to seem ignorant but I don't understand. By the way thank you raza.shahzad and everyone else for responding.

[quote author=raza.shahzad link=topic=103908.msg414341#msg414341 date=1155347427] [quote]want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess[/quote] dear friend, in my opinion you can use this on top of you pages [quote]if ($password != "abcxyz") { echo "error, unauthenticated user"; exit(); } else { the body of your webpage } [/quote] and to access the page properly you need to use the following http://www.abcdomain.com/anyfile.php?password=abcxyz don't tell the password to anyone. [/quote] Problem with this is anyone can download the page with GetRight or FlashGet and the password will be in the html. Or, so I gather.

[quote author=mainewoods link=topic=103908.msg414321#msg414321 date=1155345138] What you're doing is a potential security risk: http://www.php.net/manual/en/security.filesystem.php [/quote] I understand. Thank you.

I should have posted this link as well: http://www.apex-deus.org/v2/ Each menu button you click on just loads the page between the header and footer graphics really. This way the entire page doesn't need to be reloaded.. obviously.. but you guys already know that heh. Anyway. All the .htm files are in the same directory so no problem. But, I want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess but I don't know what the url would be to call the page in the protected directory. Better example being.. http://www.apex-deus.org/v2/?ad=warfare (warfare.htm is not in the protected directory) vs http://www.apex-deus.org/v2/?ad=??????? (warfare.htm [b]is[/b] in the protected directory) Just not sure what url I would use to get the page since it's in a different directory. I know you guys get the "I don't know php but I'm trying" thing. I really appreciate everyones patience.

Just a little bump as it's almost on page 2

I honestly would have searched but I don't even know what I'm looking for. It's simple, but explaining it (for me) is complicated so I'll try to just explain it visually. I have an index page with this. ---img text, etc html--       <?php if(!$ad || $ad == ""){$ad = "visitors";} ?>       <?php include("$ad.htm"); ?> --img text, etc html-- So my links look like: http://www.mysite.com/?ad=visitors But I want to put some files in a protected folder like: http://www.mysite.com/protected/secret.htm What url would I use to load that up properly so the page comes between my img text, etc html? Or should I just copy and paste my index.php into the protected zone and use the same php code but this way I can just do a http://www.mysite.com/protected/?ad=secret Very sorry if that doesn't make any sense, tried to explain it the best way I could. If I posted this incorrectly I'll gladly rewrite it according to any rules I missed (and I did read the rules). Thank you to anyone who can answer whenever you get around to it.