On Sun, Aug 7, 2011 at 3:11 PM, Richard Riley <rileyrg@xxxxxxxxxxxxxx>wrote: > Andre Polykanine <andre@xxxxxxxx> writes: > > > Hello alekto, > > > > I've got several notes to point out: > > 1. You can't do neither a header(), nor a SetCookie() after any echo > > on the page. The out-of-php pieces of the page included. > > Not true. > > See ob_start and family. > > Yes, but it is better form to make sure there is no output before your header or setcookie commands. This makes your code more portable. Your code will need some restructuring, though. I did notice some other issues in your code, however. You delete the cookies in the beginning if they are set. This is probably what was killing your remember me function. But on a much more serious note, this script is full of security holes. Unhashed passwords in the DB and cookies is just asking for trouble. Plus, if you're using sessions, you should just use the session cookie to remember a login. It's safer than storing a password in a cookie. -- --Zootboy Sent from my PC.
