I understand that I need to inject SSI statements, but do I need a PHP script to do it? I haven't spent any time with php for several years. If php is the way to go, then I will jump in with both feet. If not, then I'd rather not waste my time.

If you are still working on lvl 4 or 5, you might not want to read this post. I am wondering why I had to change the content-length string on lvl 5 and not on lvl 4? For some reason on lvl 5 I had to change the number to suit my email address. Was this another security measure?