Hello alekto,
I've got several notes to point out:
1. You can't do neither a header(), nor a SetCookie() after any echo on the page. The out-of-php pieces of the page included.
2. Don't, please please don't store raw passwords in the database! Hash them, better even adding a salt. The guy who had been writing code of our project before me stored raw passwords, and I lost an amount of time to encrypt them live so users wouln't notice anything happening. Please don't repeat this mistake)
3. Don't store passwords in the cookies, they can be easily stolen. the username is quite enough: if it is there and it is not empty, then you can verify if such a user exists.
--
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
