dlate

Hmm tried removing the height?

Yeah looks like u used dreamweaver for markup code, id suggest writing the html yourself as dreamweaver throws in alot of garbage and can make code that isnt w3c valid.

Very true, but considering alot of people have a single password for all websites and programs they use, should'nt you as a code developer be protecting them further. It goes further than what a hacker is going to do with your site when he has email addresses and passwrods of potentially thousands of users. Exactly, this is what happened with stage6 they didnt hash there passwords properly and alot of people got there password exposed.

The way i encrypt my password is by using 3 salts on an md5, a sha and another md5 password then substr it to 128 char hash and i store that in my database.

Disabling right clicking wont prevent people from seeing the source code... Cant find much wrong with the login, did u trim, striptags and mysql escape on the input? Though storing the passwords in the login file itself isnt smart... if u are determined not to use a databse id suggest putting the passwords and usernames outside the root directory of the website. If u can show the script i could tell u if anything else might be wrong.

Nice idea, i look forward to seeing the beta of it.

Thanks for ur replies akitchin, ive used the query u showed me in ur last post and that was exactly what i wanted it to do, so thank you very much for that

Am i clear in what i need? if not please let me know so i can further explain what im trying to do as well as provide screenshots

Hey dark, u seem to be the security king around here, is it wise to use all 3 escape_string, trim and strip tags or would one be sufficient to prevent XSS attacks? Def. a good idea, and I would suggest you take it a tiny step further and instead of doing the same 3 functions each time, just make a function called something like escape_text() that takes in the $_GET or $_POST variable and returns the escaped text. It'd just make it a little easier Yeah i currently have a function that checks if a string is set and not empty, then returns the string with trim, mysql escape and strip tags. Thanks for the tips appreciate it

Nope no error. The problem is that the case should only work on the row ive selected (Where username & password = ) but instead it checks on all the rows. (if groupID > 0 in the row where password and username = myvalue then dothis else dothis)

Hi, im trying to do a simple query with a case. What im trying to do: if GroupID > 0 then it should match core_users.GroupID = core_pages_access.GroupID else match core_users.ID with core_pages_access.userid. The problem i have at the moment, Whenever in the table another row exists with a groupID greater than 0 it will return results. This is what i have so far: SELECT * FROM `core_users`, `core_pages_access` WHERE core_users.Username = 'Admin' AND core_users.Password = 'hash' AND CASE WHEN core_users.GroupID > 0 THEN core_users.GroupID = core_pages_access.GroupID ELSE core_users.ID = core_pages_access.userID END Im pretty new to if else in mysql so any help is greatly appreciated

hehe k thank you

Ah i see, thank you very much u have been very helpfull. When im done with this script ill probably have to run trough it a couple of times to make sure i remove any redundant code

Hey dark, u seem to be the security king around here, is it wise to use all 3 escape_string, trim and strip tags or would one be sufficient to prevent XSS attacks?

Hehe nice, didnt know u could change the delimiter As far as me using preg_match as well as replace is because i want to save the data between the tags and then replace it. Thanks for ur input, i really appreciate any help i can get with regex as im a complete newbie with it, could you please explain why ur putting <<<DATA in ur string?