Code: Select all
$error = $PMF_LANG['ad_auth_fail'] . ' (' . $faqusername . ')';
session_destroy();
$loginVisibility = '';
$user = null;
$action = 'main';
Search found 2 matches
- Thu Aug 16, 2012 12:56 pm
- Forum: Bug reports
- Topic: Security hole
- Replies: 2
- Views: 3513
Re: Security hole
I have temporarily fixed this by adding: session_destroy();
into index.php
- Thu Aug 16, 2012 12:17 pm
- Forum: Bug reports
- Topic: Security hole
- Replies: 2
- Views: 3513
Security hole
Hi we have an FAQ that is secured, however a user has discovered a way round this.
If you register for an account than request an email of your password the system sends you a password and then allows you to log in. You get an error on login but if you then click on registration again the system ...
If you register for an account than request an email of your password the system sends you a password and then allows you to log in. You get an error on login but if you then click on registration again the system ...