but when you click a state you get the "direct access is not allowed" message.
I visited the site and saw it too.
Really not very encouraging for the shoppers. :-(
I had a look into the source provided by a browser
There is a line
Code: Select all
<select name="select" onchange="javascript:getinfo('statexml.php?code='+this.value,'state')">
Maybe it is the source of the problem: combination of javascript (user site script processed in the browser) and statexml.php (server site script processed by the server).
If this assumption is true the commenting out security line from statexml.php corrects the problem.
If so you will have statexml.php unsecured. I do not know how to have both in your code puzzle.