A suggestion would be to make sure that the variables you're receiving are coming from where you think they're coming from...
For instance, $_SESSION['logged_in'] is also (generally) $logged_in but so is $_GET['logged_in'] A smart user could fake it if they wanted to... check the $_SESSION or $_COOKIE or $_POST arrays when it's important, don't just check $logged_in... P. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php