I noticed the following in geeklog; ... if ($reply == $LANG01[25]) { ... Is this a smart way to do it ? You're assuming the client/browser is 'honest'...

No, that is not a security issue. The first thing any Geeklog file (in public_html) does is to include lib-common.php, which in turn includes the language file, thus overwriting whatever you may have injected from the URL or in a POST request. bye, Dirk