My apologies for not responding, I had attempted to sign up for the list, and that had failed. Oops! Now, here I am. :) Paul van Schayck said, about the <<br />> .. oops, that was a mistake in my search/replace.. I thought I had fixed all of those occurences that I made. Also, for the !loggedin() || !have_priv(admin) .. i just copied that code from another module, that had used it in that exact same spot.. the file had a comment that said "// check for admin access here" .. :P no, i don't think it should be !loggedin() && !have_priv(admin) .. that wouldn't make sense, if it were &&.. that needs to be an || . Re: Johnathan Ernst: As I said, I had just copied the code from the other places in the admin/* files that used it. Before I changed that, the code simply said: if(!loggedin()) .. which meant anyone logged in could access that admin function. It does make sense that if not logged in you couldn't have admin privs, so I could change all the files to check that instead. So, my next question.. do you have to have admin priv to be a maintainer? Becauses some of the files check for loggedin, havepriv(admin) and maintainer flags. Should admin/adminCommentView.php be protected? I realise it's in the admin category, but it doesn't look like anyone can get into any mischief with that.. could almost be handy for users. --- anyway, i've fixed those issues, merged it to latest CVS, and will be re-sending it off in just a minute. Thanks :) __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com