if (verify_logon($_POST['username'], $_POST['password']);
$username = $_POST['username'];
$password = $_POST['password'];
dvdbinternet wrote:For a user that wants to do damage it is also possible to make the cookie himself.
I let the user login in on a page and the remember his username and password in the session variables. in other words, I place the username and password in a variable and use "session_register();" with that variable. each time a page is called these variables are available.
you can then check that variable each time if the user has enough acces-rights.
You won't have to check that each time with you're database because you allready did that once (but still, you could check).
When I'm not completely clear, let me know.
DyoWeL wrote:is there a way that hackers or sniffers can sweep this username and passwords? If yes is there any alternative to secureour authentication script?
Users browsing this forum: No registered users and 0 guests