[Vince]

I don't know where you got this script, but it's vulnerable to SQL injection. Cookies can be edited on the client side. This only checks if the cookie exists rather than verifying its validity. If I create the 'sessionid' cookie with contents:

Код:

0' OR 1=1 --

The query will look like:

PHP код:

SELECT * FROM `ucpsessids` WHERE sessid = '0' OR 1=1 --' 


Line 46 is:

PHP код:

$_userName = $_userInfo->Name; 


Which means that $_userInfo isn't an object, which in turn means that the query above it failed it or returned an empty resultset.

PS: Wrong section.