Hi there, i created a session based login and in order to enter the selected part of the script, i check for the passed variable and if the session is registered, which only happens, if the user password is right.
So, currently i am checking for: else if (($login)&&(session_is_registered('login_user'))) { ...SCRIPT_PART... } However, can this be exploited? I mean, would it be possible for a user to forge the "session_is_registered('login_user')" and so gain access to that part of the script? Would you recommend adding a sepparate "check for right user&pass" within the SCRIPT_PART again? Regards, Duncan