^.^ I dunno if I feel better for knowing that, but thank you for the explanation. That may be worth a line in there in case people forget to log in, but what you just said is a lot 'scarier' than cookies. ^.^;; Actually, isn't this file old? I was only looking at upgrade for myself, but I notice this on the top: Drupal requires a web server, PHP4 (http://www.php.net/) and either MySQL or PostgreSQL. Drupal requires PHP 4.1.0 or greater on Linux and PHP 4.2.3 or greater on Windows. PHP5 is not yet supported. I can't find it at the moment, but I'd swear that the PHP required thing was changed, and PHP 5 is supported text was added... ...and you can file this with stupid questions if you like, but how is PHP 4 different from the PHP 4.1.0/PHP 4.2.3? Anisa. Steven Wittens wrote:
Can you put the reason in? Or maybe, big letters, *essential*, because it sounds fairly so. All of the steps are essential of course, but that one is a little counter intuitive, I don't know why I'm doing it. Does this not work if you have cookies disabled?
The reason we do this is to prevent just anyone from running a site's update.php. If you don't have a valid cookie, you will have to edit update.php at the top, and change a variable there to disable the access check temporarily ($access_check = false, it's explained at the top of the file). Users should be reminded to set this back afterwards to maintain security.
Steven Wittens