Hillebrand - 2008-07-04 10:21:24
i tested the script and i noticed that the stored password is not encrypted like md5 or so. this would be necessary because if not you send the clean password through the net.
a) storing the password inside the db md5 - encrypted
b) sending the password from the form after encryting it to md5. so noone can fetch the clean password an abuse the login.