PHP - Security Of $_session
Hello all,
I have this at the top of my page to ensure that only logged in users can see the content Code: [Select] if(!isset($_SESSION['myusername'])){ header("Location:login.php"); exit; } else { $username = $_SESSION['myusername']; } This, of course is checked in the login form against a database and only stored in $_SESSION once it's verified... Now, my question is -- how secure is this? For example, could someone have $_SESSION['myusername'] set from another webpage, then navigate to mine and be able to see the protected content? Similar TutorialsI've read lots of articles and discussions about security issues for using session for user authentication; but I did not come to an explicit conclusion which is the best method. I decide to generate two session parameters (1) ID (2) a randomly generated Access Token which is stored in the database. I want to add more security: 1. Where to store session? server-side or client-side by session session.use_only_cookies ? 2. Is it good to check IP and User Agent before authentication by session? In this case I will lose the option of Remember Me as IP can be changed. 3. Which of the session parameters of http://php.net/manual/en/session.configuration.php is more practical to have a good security? Any additional idea?
First let me explain my code. This is later included in project_status.php] . In project_status.php] , I have included another file project_status_app.php which contains a HTML form.
<?php include 'inc_fn_header_and_menu.php'; function includeFile($file,$variable) { $var = $variable; include($file); } if (isset($_GET['id']) && $_GET['id']!="") { $pid = $_GET['id']; $_SESSION['pidForApproval'] = $_GET['id']; $query = 'SELECT * FROM `profile` WHERE pid ='.'\''.$pid.'\''; $result=mysqli_query($db,$queryToRetrievePP) or die("There are no records to display ... \n" . mysqli_error()); foreach ($result as $row) { $status = $row['status']; } } ...........some PHP and HTML code....... <div id="customerPurchaseApprovalForm"> <?php echo '<p>APPROVAL FOR CUSTOMER PURCHASE</p>'; $discountApprovalStatus = "Granted"; if ($discountApprovalStatus == "Granted") { includeFile("project_status_app.php",$highestannualvalue); } else { //......... } In project_status_app.php I am attempting to retrieve pidForApproval from the $_SESSION array. <?php // put your code here UPDATE `pp` SET `customer_purchase_remarks` = 'hahaha' WHERE `pp`.`id` = 207; if ($_SERVER['REQUEST_METHOD'] == 'POST') { include '../../inc/fastlogin.php'; $sql = "UPDATE pp SET customer_purchase_remarks ='{$_POST['remarkstxt']}' WHERE pp.pid='{$_SESSION['pidForApproval']}'"; $result = mysqli_query ( $fastdb, $sql ) ; if (mysqli_affected_rows($fastdb) != 1) { $_SESSION['err_cpa_rmks'] = "<p>Error while updating WHERE id='{$_SESSION['pidForApproval']}'</p>"; //echo "<p>Error while updating WHERE id='{$_POST['pidForApproval']}'</p>".mysqli_error($fastdb); } else { $_SESSION['suc_cpa_rmks'] = "<p>Records was updated successfully.</p>"; //echo "Records was updated successfully."; } header ("location: project_status.php?id="$_SESSION['pidForApproval']); exit(); } ?> When I load project_status.php, project_status_app.php is supposed to display the form. Once the user fills in the form the and the submit button has been pressed, the UPDATE statement is supposed to run and then it is supposed to navigate back to project_status.php?id=FA142. But the update is failing and the when the project_status.php is loaded back, the url looks like this http://localhost/fast/project_status.php?id= . The id is empty. It is supposed to be something like this http://localhost/fast/project_status.php?id=FA142. With the id being populated at the header ("location: project_status.php?id=".$_SESSION['pidForApproval']);
Missing some information. Hello everyone, I am working on a form that is similar to a shopping cart system and I am thinking of creating a button that submits the checked value and saves them to a $_SESSION variable. And also a link that links to a cart.html that takes the values of a $_SESSION variable. I am have trouble figuring what tag/attribute should I use in order to achieve that.
Right now my code attached below submits the checked values to cart.html directly. However I want my submit button to save the checked box to a $_SESSION variable and STAY on the same page. And then I will implement a <a> to link to the cart.php.
I researched a little bit about this subject and I know it's somewhat related to ajax/jquery. I just wanted to know more about it from you guys. I appreciate your attention for reading the post and Thanks!
Below is the form that I currently have:
<form name= "finalForm" method="POST" action="cart.php"> <input type="Submit" name="finalSelected"/> <?php foreach($FinalName as $key => $item) {?> <tr> <td><input type="checkbox" name="fSelected[]" value="<?php echo htmlspecialchars($FinalID[$key])?>" /> <?php echo "$FinalID[$key] & $item";?> </td> </tr> <?php } ;?>Below is the code for cart.php <?php require ('connect_db.php'); if(isset($_POST['finalSelected'])) { if(!empty($_POST['fSelected'])) { $chosen = $_POST['fSelected']; foreach ($chosen as $item) echo "aID selected: $item </br>"; $delimit = implode(", ", $chosen); print_r($delimit); } } if(isset($delimit)) { $cartSQL = "SELECT * from article where aID in ($delimit)"; $cartQuery = mysqli_query($dbc, $cartSQL) or die (mysqli_error($dbc)); while($row = mysqli_fetch_array($cartQuery, MYSQLI_BOTH)) { $aTitle[] = $row[ 'name' ]; } } ?> <table> <?php if(isset($delimit)) { $c=0; foreach($aTitle as $item) {?> <tr> <td> <?php echo $aTitle[$c]; $c++;?> </td> </tr> <?php }}?> </table> edited Hi i have made a login in system for a website iam trying to make. after you log in im trying to display the members username via the $_session created in the check_login.php. but when i Echo or print_r the $_session all is get is "welcome array" its like its not passing any information via the $_session from page to page. here is my code thanks in advance. Check_login.php session_start(); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=md5($_POST["mypassword"]); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION["myusername"]==$myusername; $_SESSION["mypassword"]; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> login_success.php <? session_start(); if($_SESSION['myusername']="$myusername"){ header("location:main_login.php"); } Echo "welcome" . $_SESSION['$myusername']; ?> thanks For the last few hours I have been pulling my hair out on a session not storing when I moved from local host to my vps. I have been setting sessions like: $_SESSION['mydata'] = $variable; This works no problem on my wamp installation. However to get it to work on my vps, I have to store them like this $_SESSION[mydata] = $variable; Can someone please explain to me why this is the case? PHP 5.3.3 I am trying to redirect a user (currently logged in) to a page where they are able to edit a posted comment. To keep things secure I am using a forms hidden input value to pass the {postID} to a redirect page Code: [Select] <form name="post_edit" method="post" action="post-edit-redirect.php" > <input type="hidden" name="local" id="local" value="<?php echo $row_rsPosts['postID']; ?>" /> <input type="image" src="../imgs/managepost.png" name="submit" /> </form> On the redirect page (simplified below) I am setting the {postID} in a SESSION before redirecting to the user to the page to edit their post with the new $_SESSION val for {postID} set. Code: [Select] session_start(); $id = $_REQUEST['local']; $_SESSION['postID']=$id; header("Location: edit-post.php"); This is working fine in every browser except IE (some one please just put an end to it), where when the edit-post.php page is reached the $_SESSION['postID'] is empty. If I regenerate the session ID from the redirect page as below IE then sets the SESSION ok. Code: [Select] session_start(); session_regenerate_id(); $id = $_REQUEST['local']; $_SESSION['postID']=$id; header("Location: edit-post.php"); However there should be no need to do this and would rather not if there is no need. Any help on why IE is not setting the SESSION is appreciated, and I hope I am not covering old ground here however I am unable to find a solution anywhere. - Cheers The $_Session has a url variable. Using a Dom how do I properly do: Code: [Select] html->load($_SESSION['variable']) I was thinking about breaking down the session to retrieve the value inside but I don't know how. Hey, i was reading some code and i find this: if(stristr($_SESSION["s"]["user"]["asdasd"]),$someString) How the double/triple [] in $_SESSION works ? PS: I tryied to google it but it was kinda hard to search :X Thanks. Is there an equivalent to * (any) in a $_SESSION? Something like this: foreach ($_SESSION['cart']['content'][*]['Large'] as $content) { I have parts of my webpage protected with the following Code: [Select] session_start(); if(!isset($_SESSION['myusername'])){ header("Location:login.php"); } else { $username = $_SESSION['myusername']; } How secure is this? The goal is so people who don't have access to the page (don't have a login account) cannot get access Thanks for any tips I'm trying to make a link to an SQL database survive though page reloads, and it's not working. Connecting, I use this: function link_to_converted_database() { $link = mysqli_init(); if (!$link) { die('mysqli_init failed'); } if (!mysqli_options($link, MYSQLI_INIT_COMMAND, 'SET AUTOCOMMIT = 1')) { die('Setting MYSQLI_INIT_COMMAND failed'); } if (!mysqli_options($link, MYSQLI_OPT_CONNECT_TIMEOUT, 50)) { die('Setting MYSQLI_OPT_CONNECT_TIMEOUT failed'); } if (!mysqli_real_connect($link, 'redacted', 'redacted', 'redacted')) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } comment( ' Success... ' . mysqli_get_host_info($link) ); if (mysqli_query($link,'USE conversion_database')) { comment("now using conversion_database."); } else { die('Conversion database unusable (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } $_SESSION['mysql_link']=$link; echo "<!--\n"; var_dump($_SESSION['mysql_link']); echo "\n-->\n"; return(true); } Subsequent SQL commands work fine using $_SESSION['mysql_link'], and the var_dump returns: object(mysqli)#2 (17) { ["affected_rows"]=> int(0) ["client_info"]=> string(48) "mysqlnd 5.0.7-dev - 091210 - $Revision: 294543 $" ["client_version"]=> int(50007) ["connect_errno"]=> int(0) ["connect_error"]=> NULL ["errno"]=> int(0) ["error"]=> string(0) "" ["field_count"]=> int(0) ["host_info"]=> string(24) "192.168.1.101 via TCP/IP" ["info"]=> NULL ["insert_id"]=> int(0) ["server_info"]=> string(16) "5.1.48-community" ["server_version"]=> int(50148) ["sqlstate"]=> string(5) "00000" ["protocol_version"]=> int(10) ["thread_id"]=> int(194) ["warning_count"]=> int(0) } After a page changes, all my $_SESSION vars work fine except for $_SESSION['mysql_link']. It's still there, but SQL queries bomb, and var_dump returns: Warning: var_dump(): Property access is not allowed yet in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Property access is not allowed yet in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 object(mysqli)#1 (17) { ["affected_rows"]=> NULL ["client_info"]=> NULL ["client_version"]=> int(50007) ["connect_errno"]=> int(0) ["connect_error"]=> NULL ["errno"]=> NULL ["error"]=> NULL ["field_count"]=> NULL ["host_info"]=> NULL ["info"]=> NULL ["insert_id"]=> NULL ["server_info"]=> NULL ["server_version"]=> NULL ["sqlstate"]=> NULL ["protocol_version"]=> NULL ["thread_id"]=> NULL ["warning_count"]=> NULL } There's got to be a way to save my SQL linkages so that I don't have to reconnect to the SQL database every time I want to see if new data has arrived, but this doesn't seem to be it. My PHP version is PHP 5.3.2.0. Thanks for any help. I just got through a server problem with a variable named $_SESSION['id'] What would happen was when I loaded a mysql request with id in it (usually what i name the main key in a table) it would overwrite the value in the $_SESSION without specifically asking it to ie $_SESSION['id']=$id; This was on an acenet server I have the same thing on a bluehost server and wampserver and never had a problem What I did on acenet was rename $_SESSION['id'] when declaring it to $_SESSION['usernumber'] and all my issues stopped Anyone know why? Is it a acenet problem? My problem is fixed im just wondering if anyone has had a similar issue????? Just wanted to know if $_Session was a global thing or does php require cookies setup?
I assumed that I could do something like this:
PAGE: A.php session_start(); $_Session['Cat'] = 'Meow'; // ----------------------- PAGE: B.php if (isset($_Session['Cat']) && !empty($_Session['Cat'])){ echo $_Session['Cat']; } OUTPUT: Meow // ----------------------- PAGE: C.php if (isset($_Session['Cat']) && !empty($_Session['Cat'])){ echo $_Session['Cat']; } OUTPUT: MeowI can't seem to get this to work. Page: Handler.inc // ========================================================= Session Log in / out public function logon($username, $password){ if ($username == "admin" && $password == "coffee"){ session_start(); $_SESSION['USER_STATUS'] = '1'; echo 'IN SESSION LOGIN HANDLER'; echo $_SESSION['UserLogged']; } } public function logout(){ $_SESSION['USER_STATUS'] = '0'; echo 'IN SESSION LOGOUT HANDLER'; session_destroy(); //session_unset(); }Page: index.php if (!isset($_SESSION['USER_STATUS']) && empty($_SESSION['USER_STATUS']) || $_SESSION['USER_STATUS'] == 0){ if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; echo $handler->logon($username, $password); } <LOGIN FORM CODE> }else{ if (isset($_SESSION['USER_STATUS']) && !empty($_SESSION['USER_STATUS']) || $_SESSION['USER_STATUS'] == 1){ echo 'Session name: '. $_SESSION['USER_STATUS']; } if (isset($_POST['btn_logout']) && !empty($_POST['btn_logout'])){ $handler->logout(); echo '<br />Logged out<br />'; } <LOGOUT FORM BUTTON CODE> }Could someone point me in the right direction please. It does not seem to hold its session. What types of data can the $_SESSION cookie store? Objects? Resources? And how are these stored in text form? hello all, hoping someone can help, i am still pretty new to php and i am stuck on creating a php cart. the code i have below is working, but the problem i am having is i need a store in the session array i am struggling to get my head around it so hoping someone can help here. i am hoping to have $product_id (which is currently in) $option1,2,3 and $text (for a textarea box) heres my function file function get_product() { echo "Hello"; } function add_product() { $product_id = $_POST['product_id']; if ($product_id == 'NULL') { echo "No Product Selected!"; } if (isset($_SESSION['cart'][$product_id])) { $_SESSION['cart'][$product_id]++; echo "<script>window.location='product.php'</script>"; }else{ $_SESSION['cart'][$product_id] = 1; echo "<script>window.location='product.php'</script>"; } } function increase_product() { $product_id = $_GET['product_id']; $_SESSION['cart'][$product_id]++; echo "<script>window.location='cart.php'</script>"; } function decrease_product() { $product_id = $_GET['product_id']; $_SESSION['cart'][$product_id]--; echo "<script>window.location='cart.php'</script>"; } function empty_cart() { unset($_SESSION['cart']); echo "<script>window.location='cart.php'</script>"; } }() my product page (currently with out the extra form items (option1,2,3 etc) include '_class/cart.php';$core->session($mode = 'start');if(isset($_POST['buy'])){$cart->add_product();}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Product</title></head><body><?php $core->navbar();?><form method="post" action=""><input name="product_id" type="hidden" value="Coffee" /><h1>Cup Of Coffee</h1><p>Buy me you know you want too!</p><input name="buy" type="submit" value="Add To Basket" id="buy" /></form><form method="post" action=""><input name="product_id" type="hidden" value="Biscuits" /><h1>Barrel Of Biscuits</h1><p>When Coffee Just Gives You The Munchies!</p><input name="buy" type="submit" value="Add To Basket" id="buy" /></form></body></html>() my include cart file if (isset($_SESSION['cart'])) {//Session Cart foreach($_SESSION['cart'] as $product_id => $quantity){//Session Array if($quantity < 1){//Quantity Less Then 1 unset($_SESSION['cart'][$product_id]); echo "<script>window.location='cart.php'</script>"; }//End Quantity Less Then 1 if(!$_SESSION['cart']){//Cart Array Empty unset($_SESSION['cart']); echo "<script>window.location='cart.php'</script>"; }//End Cart Array Empty if ($product_id != NULL){//Show Products echo '<h1>' . $product_id . '</h1>'; echo "Quantity <br>"; ?><a href="cart.php?product_id=<?php echo $product_id; ?>&option=increase">+</a> <?php echo $quantity; ?> <a href="cart.php?product_id=<?php echo $product_id; ?>&option=decrease">-</a><?php }//End Show Products }//End Session Array require 'library/paypal.php'; }else{ echo "Your Basket Is Empty"; }//End Session Cart() and my actual cart file include '_class/cart.php';$core->session($mode = 'start');?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Cart</title></head><body><?php$core->navbar(); if (isset($_GET['product_id']['option'])) { $product_id = $_GET['product_id']; $option = $_GET['option']; if ($option == 'decrease'){ $cart->decrease_product(); } if ($option == 'increase'){ $cart->increase_product(); } }elseif (isset($_GET['option'])){ $option = $_GET['option']; if ($option == 'empty'){ $cart->empty_cart(); } }else{ require 'library/cart.php'; }?><p><a href="cart.php?option=empty">Empty Cart</a></p></body></html>() please explain answers or exmples as clear as possible thanks everyone Info: When Customer clicks the "Add More Stuff" button on "/merchandise.php" to add more stuff, modify quantities, etc., the page submits to itself. Desired: I want a "FINISHED" button on the bottom of the page. When clicked on, Customer lands on a Thank You, "/FINISHED.php" page. Problem: The <form action="FINISHED.php"....> does not have access to the variables in the first form <form action="$_SERVER['PHP_SELF']">. Question: Using Sessions, javascript, or fancy PHP, is there a way the 2nd form can capture all the data from the first form, so when Customer clicks the FINISHED button, all the variables are sent to the FINISHED.php page?
Like: Reasons: There are too many PHP and Javascript variables created in the first form, many of which I don't understand, it would take me the rest of year 2019 to go line by line and rewrite all of the code. Requisite whining: Some code is beyond my skill level. For example, when the customer increases a quantity from "1" to "2" javascript will instantly change the displayed dollar-amount from $1.00 to $2.00 without actually "submitting/refreshing" the entire page. Though the displayed amount changes visually, the PHP $variable remains what it was until the page submits to itself. That means I cannot use $_SESSION to capture the newly-displayed amount until the page resubmits to itself. I've tried everything I can think of.... the closest solution I've found is the new HTML5 "formaction" tag, but I'm looking for a more universal solution (doesn't work in all browsers). Thank you!!
Edited February 28, 2019 by StevenOliver Hi all, I'm in trouble with a strange problem. At the system login a script sets a $_SESSION['status'], this keeps user status for admin (a), user (u), and so on... In another part of the system I need to post a value also called 'status': Code: [Select] <input value="N" type="hidden" name="status"/> and this 'status' value has nothing to do with 'status' session. The problem is that when I post the value 'N' it overwrite the session value, crashing the system then. The most strange is that on the localhost the problem does not happen, it only occurs on the server. Any clue? Thankx Danilo Jr. I, for some unknown reason, decided to attempt to build my first social networking website for my senior project. I am sort of a dumb dumb when it comes to PHP. For what I am currently working on now I need to display "members" that go to the same "school" and start in the same "semester" according to whomever is currently logged in. I understand $_SESSION['userid'] = mysql_insert_id(); is tracking the current user, but how would I track other information attached to that current user. The "school" and "semester" are tracked within tables outside of the "user" table. Any help at all would be awesome. If you need anymore information let me know. Thanks a trizillion. HI all i have the following code: <?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); if (session_status() == PHP_SESSION_NONE) { session_start(); } if (!isset($_SESSION['user_name'])){ header("location: index.php"); } mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); include '../_includes/dbconn.php'; if($_SERVER['REQUEST_METHOD']=='POST'){ if(isset($_POST['delete-equipment-button'])){ $eid = $_POST['EM-id']; $stmt = $conn->prepare(" SELECT a.equipment_id, b.equipment_name from ssm_equipment_order a inner join ssm_equipment b on a.equipment_id = b.equipment_id where a.equipment_id = ? "); $stmt->bind_param('i', $eid); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($eid, $eqname); $stmt->fetch(); $instances = $stmt->num_rows; $_SESSION['eqname']="$eqname"; if($instances>0){ $_SESSION['updateEquipment']="is being used in an active order and cannot be deleted"; header("location: ../equipment-list.php"); }else{ $_SESSION['updateEquipment']="has been successfully deleted"; $stmt = $conn->prepare(" DELETE FROM ssm_equipment WHERE equipment_id = ? "); $stmt->bind_param('i', $eid); $stmt->execute(); var_dump($_SESSION); // header("location: ../equipment-list.php"); } } } ?> The session variable eqname gets set properly when the delete fails (the first half of my if). When i get to the else, the session does not set a value. I assumed that it was because the item whose name i am trying to get is being deleted but i thought this would happen after i have set the session variable and therefore be preserved for when i get back to the equipment list? As always, i appreciate your help. |