Zoneark can't script PHP, and I doubt he just copied it off Google or something. He's asked me how to make a .php file before for his own site. I'm talking just the file itself, not what goes in it. If he told someone else about the security hole or whatever, then he's obviously still at fault here, but my point is he's not the only one at fault.