Quote:
|
Originally Posted by zeep25
i mean this would be one of the last website i would hack if i was hacker
|
Exactly.
And that's why our site uses custom non-SSL communications. We have administrative access, special registration codes (for some accounts tohave different priveleges than others), and use sessions. Our login script looks something like this (I wrote a custom database class for PHP, since our host does not have MySQL):
PHP Code:
<?
include_once("extractall.php"); // We register all session variables into $GLOBALS
session_start();
if (empty($saveuser) || isGuest($saveuser)){
$users = new nrgdb("fileforuserdb.txt");
}
?>