When data is sent from a web-site to a server, at what level is the data validated? Does the web-site authenticate something, and sent the packets to the server, or does the web-site send the query to the server, and authentication+storage occur at the level?

Websites can authenticate in a variety of ways. If you are referring to one that stores usernames and passwords in a database, then the website will prompt the user for his/her username and password. Then it will query the database to see if they match. It will then do whatever you tell it to based on the success or failure. I like to send kill 1 to the user if they fail. ;D

Thanks for the reply, but I'm actually asking about a situation where something regarding an account is being modified, but requires server confirmation in order for the changes to be made. I'm trying to see if I can bypass such authentication by forging a packet which tells the server to make such changes even though they aren't valid to make. I'm trying to see if I can just bypass something. Eh, I'll have to try it for myself. :(

I think I explained what I needed improperly.