Hi there,
i created a session based login and in order to enter the selected part of the script,
i check for the passed variable and if the session is registered, which only happens,
if the user password is right.
So, currently i am checking for:
else if (($login)&&(session_is_registered('login_user')))
{
...SCRIPT_PART...
}
However, can this be exploited?
I mean, would it be possible for a user to forge the
"session_is_registered('login_user')" and so gain access to that part of the script?
Would you recommend adding a sepparate "check for right user&pass" within the
SCRIPT_PART again?
Regards,
Duncan
