This isn't specific to php. Looking at the yahoo.com page for signing into an email, I checked the source and noticed that a lot of other fields are posted along side the username and password. If I was to make a bot that used cURL (or anything else for that matter, that doesnt explicitly load the webpage up) would I have to post all those hidden fields too? The obvious way would be to code it so that I can pick up all the fields that ARE posted, and then repost them when I post a username and password. Wondering whether this is needed though! Cheers!