If you are using the first version on this page, you need to add this code into your newest.php at the very top or you are vulnerable to being hacked:
Code:
<?php
if ( !defined('XCART_SESSION_START') ) { header("Location: ../../"); die("Access denied"); }
(int)$wn;
?>
If you are using the version posted by PhilJ then find:
Code:
require "./auth.php";
require $xcart_dir."/include/categories.php";
After put: