/1.php
61:
$user=mysql_fetch_assoc(mysql_query("SELECT `id` FROM `user` WHERE `login` = '".my_esc($_POST['login'])."' AND `pass` = '".shif($_POST['pass'])."' LIMIT 1"));
SQL Injection!
/1.php
65:
setcookie('id_user', $user['id'], time() 60*60*24*365);
Active script!
/1.php
66:
setcookie('pass', cookie_encrypt($_POST['pass'],$user['id']), time() 60*60*24*365);
/1.php61: $user=mysql_fetch_assoc(mysql_query("SELECT `id` FROM `user` WHERE `login` = '".my_esc($_POST['login'])."' AND `pass` = '".shif($_POST['pass'])."' LIMIT 1"));SQL Injection!/1.php65: setcookie('id_user', $user['id'], time() 60*60*24*365);Active script!/1.php66: setcookie('pass', cookie_encrypt($_POST['pass'],$user['id']), time() 60*60*24*365);
Даде проверять не нужно '".shif($_POST['pass'])."'
'".my_esc($_POST['login'])."'
setcookie('id_user', $user['id'], time() 60*60*24*365);
setcookie('pass', cookie_encrypt($_POST['pass'],$user['id']), time() 60*60*24*365);
setcookie('id_user', $user['id'], time()+60*60*24*365, '/');
setcookie('pass', cookie_encrypt($_POST['pass'],$user['id']), time()+60*60*24*365, '/');