...

View Full Version : Problem with PHP login system



chizu
05-08-2006, 01:12 AM
I have a PHP login system on my site. Lately someone has figured out how to change the username on the cookie, therefore, they can be logged into my site as someone else, which, for obvious reasons, is not good. I am not really sure how to keep this from happening. Any help on making cookies more secure would be much appreciated. Thanks!

dniwebdesign
05-08-2006, 05:18 AM
If you are not using a password to login to the website it is very unsecure. If there is a password it should compare the username and password in the cookie to the ones in the database before they proceed.

lansing
05-08-2006, 10:23 AM
I have a PHP login system on my site. Lately someone has figured out how to change the username on the cookie, therefore, they can be logged into my site as someone else, which, for obvious reasons, is not good. I am not really sure how to keep this from happening. Any help on making cookies more secure would be much appreciated. Thanks!Post your code here so we can see what is wrong with your script....how are you storing the UN's & PW's?

chizu
05-09-2006, 03:49 AM
Right, I do have passwords for logging in, but I don't compare them on each page. Thanks! I have it figured out now!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum