UserSystem - by Froobe

[Blob]

I made a free, simple, open-source usersystem:

Features:

• Login
• Register
• Logout
• Install

Files:

• index.php
• installer.php
• style.css
• inc/
• inc/config.php
• inc/usersystem.class.php

Link:

http://www.uploadz.co.uk/703usersystem.rar

Password:

Code:

froobe

Please enjoy.

To install go to "index.php"

Sorry about the page titles. I forgot to edit them...

[Flisker]

Nice welldone =]

[ScottDiamond.]

Well done on helping out people. I may use it for a clients' Members Area.

[Tomm]

Errm hate to burst your bubble but its unsecure.

Atleast use mysql_real_escape_string and check if magic_quotes_gpc if enabled else you'll end up adding slashes twice.

Example source:

PHP Code:

SELECT * FROM users WHERE user='aidan' AND password='' OR ''='' 


Cba to add dynamic crap.

But it should not let this query run as I typed it as it would let me login as anyone I want without knowing the password...

It returns:

SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''

As I typed it....

Another example:

$ryan = new UserSystem();

$test = "UPDATE `users` SET `password`='lolowned' WHERE `username`='admin';";
echo $ryan->clean($test);

Returns:

UPDATE `users` SET `password`='lolowned' WHERE `username`='admin';

[Flisker]

*bubble burst*