I am developing my latest project and I have just finsihed the ACP login system, now this is pretty tight and I want some of the pro's here to have ago at by passing it to enter the actual control panel. Didnt make a link as I dont want spiders indexing it. clan-cms.co.uk/demo/admin/index.php If you do find a way in I will pay you $10, as long as you show me a screen shot of the actual ACP. Good luck
I would believe you Stefan but there are some reason I dont, 1. You dont know even what PHP means. 2. You dont know what XSS, or a SQL injection is 3. Do you understand PHP sessions? 4. Screenshot? And there is a secret message in there This is not me being rude btw everyone, its stefan being a arse lol. PS I do know stefan outside of these forums. Glen
Well, it ried some basic SQL injection, and it didn't work. But that's all I know, so I can't go any further
Looks like you have taken care of everything including buffer overflow attacks. Why not limit the login attempts to three instead of five.
Huggy, you may want to limit your cookies to your domain only. At the moment, a Type-Two XSS attack may be possible, either using the session_id cookie or other cookies granted upon successful login. This part: Additionally, you may want to take advantage of the $httponly parameter to prevent JS manipulation. All professional websites use this, such as DP Also, what's your method of encryption?