[hellomen]

nice tutorial but not good enough for security reasons
-it is sql injectable
-password instant storage?
-sessions over cookies?

mhm this are just 3 I could think of and those 3 are the most important things I suggest to not learn from this script but actuall use this script as a reminder on how to put it up on a logical way.

Do you know how to do it the correct way or the best way? I\m very interested in learning how to do it secure. Do you think you could upload a thread or a tutorial about how to do it? Thank you!

MySQLi or PDO (I prefer PDO)
is one to make it more secure than the mysql_connect and stuff

strip_tags() for the $_GET's and $_POSTS helps better against XSS than when you don't use them
and ofcourse check your codes for fails
also try to use injections by yourself if you're unsure or ask someone to find leaks...

oh and never trust people on the internet
so every single thing you think mehhh that can be done later (security)
always MAKE THE THING because you can never trust a service user from your service.

[Sebkvernland]

MySQLi or PDO (I prefer PDO)
is one to make it more secure than the mysql_connect and stuff

strip_tags() for the $_GET's and $_POSTS helps better against XSS than when you don't use them
and ofcourse check your codes for fails
also try to use injections by yourself if you're unsure or ask someone to find leaks...

oh and never trust people on the internet
so every single thing you think mehhh that can be done later (security)
always MAKE THE THING because you can never trust a service user from your service.

Thank you!

[Sebkvernland]

MySQLi or PDO (I prefer PDO)
is one to make it more secure than the mysql_connect and stuff

strip_tags() for the $_GET's and $_POSTS helps better against XSS than when you don't use them
and ofcourse check your codes for fails
also try to use injections by yourself if you're unsure or ask someone to find leaks...

oh and never trust people on the internet
so every single thing you think mehhh that can be done later (security)
always MAKE THE THING because you can never trust a service user from your service.

Thank you!

[Sebkvernland]

MySQLi or PDO (I prefer PDO)
is one to make it more secure than the mysql_connect and stuff

strip_tags() for the $_GET's and $_POSTS helps better against XSS than when you don't use them
and ofcourse check your codes for fails
also try to use injections by yourself if you're unsure or ask someone to find leaks...

oh and never trust people on the internet
so every single thing you think mehhh that can be done later (security)
always MAKE THE THING because you can never trust a service user from your service.

Thank you!

[Sebkvernland]

MySQLi or PDO (I prefer PDO)
is one to make it more secure than the mysql_connect and stuff

strip_tags() for the $_GET's and $_POSTS helps better against XSS than when you don't use them
and ofcourse check your codes for fails
also try to use injections by yourself if you're unsure or ask someone to find leaks...

oh and never trust people on the internet
so every single thing you think mehhh that can be done later (security)
always MAKE THE THING because you can never trust a service user from your service.

Thank you!

[noize]

nice tutorial but not good enough for security reasons
-it is sql injectable
-password instant storage?
-sessions over cookies?

mhm this are just 3 I could think of and those 3 are the most important things I suggest to not learn from this script but actuall use this script as a reminder on how to put it up on a logical way.

Huh? Password instant storage? Session over cookie?

You have clearly got no idea about what you're talking about. I clearly stated this is an old thread and that I should rewrite this from scratch to make something decent, but there are already tons of posts on such a matter.

Stop spamming with senseless statements.

[noize]

nice tutorial but not good enough for security reasons
-it is sql injectable
-password instant storage?
-sessions over cookies?

mhm this are just 3 I could think of and those 3 are the most important things I suggest to not learn from this script but actuall use this script as a reminder on how to put it up on a logical way.

Huh? Password instant storage? Session over cookie?

You have clearly got no idea about what you're talking about. I clearly stated this is an old thread and that I should rewrite this from scratch to make something decent, but there are already tons of posts on such a matter.

Stop spamming with senseless statements.

[noize]

nice tutorial but not good enough for security reasons
-it is sql injectable
-password instant storage?
-sessions over cookies?

mhm this are just 3 I could think of and those 3 are the most important things I suggest to not learn from this script but actuall use this script as a reminder on how to put it up on a logical way.

Huh? Password instant storage? Session over cookie?

You have clearly got no idea about what you're talking about. I clearly stated this is an old thread and that I should rewrite this from scratch to make something decent, but there are already tons of posts on such a matter.

Stop spamming with senseless statements.

[noize]

nice tutorial but not good enough for security reasons
-it is sql injectable
-password instant storage?
-sessions over cookies?

mhm this are just 3 I could think of and those 3 are the most important things I suggest to not learn from this script but actuall use this script as a reminder on how to put it up on a logical way.

Huh? Password instant storage? Session over cookie?

You have clearly got no idea about what you're talking about. I clearly stated this is an old thread and that I should rewrite this from scratch to make something decent, but there are already tons of posts on such a matter.

Stop spamming with senseless statements.

[unnamed]

Nice script. Easy to follow, and seems pretty safe. I've yet to break the security, and I've been messing with it for a little bit since I'm bored.

It's not secure anymore actually.