wrong user-/pw-check

Brought to you by: anzuhan

#2 wrong user-/pw-check

Status: open

Owner: nobody

Labels: None

Priority: 9

Updated: 2004-06-06

Created: 2004-06-06

Creator:

Private: No

if($_POST['username'] != $user &&
$_POST['password'] != $pass) {

--> show_tasks.php:20

should be

if($_POST['username'] != $user ||
$_POST['password'] != $pass) {

else everyone can login with right pw and wrong
user, or right user and wrong pw

Anonymous - 2004-06-06

priority: 5 --> 9
If you would like to refer to this comment somewhere else in this project, copy and paste the following link: