Hello alekto,

            I've got several notes to point out:
1. You can't do neither a header(), nor a SetCookie() after any echo on the 
page. The out-of-php pieces of the page included.
2. Don't, please please don't store raw passwords in the database! Hash them, 
better even adding a salt. The guy who had been writing code of our project 
before me stored raw passwords, and I lost an amount of time to encrypt them 
live so users wouln't notice anything happening. Please don't repeat this 
3. Don't store passwords in the cookies, they can be easily stolen. the 
username is quite enough: if it is there and it is not empty, then you can 
verify if such a user exists.

With best regards from Ukraine,
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to