jnerotrix Posted December 7, 2008 Share Posted December 7, 2008 I have a login system and i need any1 to tell me if they run across any errors (WARNING THIS IS AN ADULT SITE) http://1800sexnow.com Please Test the main login What should happen after you register is that you should be able to see the sites content there is a profile page and edt info page a forgot password page ect.. Link to comment https://forums.phpfreaks.com/topic/135868-test-my-login-system/ Share on other sites More sharing options...
darkfreaks Posted December 7, 2008 Share Posted December 7, 2008 SQL injection: 85 failures try using this function to clean your variables: <?php function clean($var){ $var=strip_tags(trim(mysql_real_escape_string($var))); return filter_var($var,FILTER_SANITIZE_STRING); }?> Link to comment https://forums.phpfreaks.com/topic/135868-test-my-login-system/#findComment-708270 Share on other sites More sharing options...
helraizer Posted December 8, 2008 Share Posted December 8, 2008 I have a login system and i need any1 to tell me if they run across any errors (WARNING THIS IS AN ADULT SITE) http://1800sexnow.com Please Test the main login What should happen after you register is that you should be able to see the sites content there is a profile page and edt info page a forgot password page ect.. everytime you get a username or password wrong it opens a new tab, I didn't realise this until I had about 16 open tabs of your site. Also if I type a username such as "asfasfpj" and a wrong password it says "Username is invalid" but if I enter "Admin" then get the password wrong it says "Incorrect password" meaning I got the username right. Don't do this because attackers can use this because they then know they have the username. Try saying something like "Invalid Username/Password" because then they don't know which they got wrong. Link to comment https://forums.phpfreaks.com/topic/135868-test-my-login-system/#findComment-709051 Share on other sites More sharing options...
Recommended Posts