Check Username in DB
View Single Post
09-14-2009, 05:12 PM
Join Date: Sep 2007
Where are $username and $password set? Where does the script take you? Does it always error out or does it report a login. If it reports a sucessful login, is your cookie modified correctly?
I also see some major security issues:
1. No SQL cleaning that I can see
2. No validation, you merely stick the users username in the cookie (cookies can be created and modified by the user)
While not a critical note, you should be working with database IDs. Instead of updating where username and password is X, you need to find users by their unique database ID.
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot