[Vince]

Quote:

Originally Posted by acade I'm beginning to make a UCP

From a tutorial created 5 years ago? The 'mysql' module is deprecated. Use either mysqli or PDO.

You should also just check the username/password combination directly. By first checking if the user exists you give a possible attacker useful information. If nothing is found simply return a generic "username and password combination is incorrect" message. Much more secure and less work for you.

i.e.:

PHP Code:

$mysqli->query("SELECT id FROM accounts WHERE Username = '$username' AND Password = '$pass'"); 


Then assign the retrieved 'id' to a session variable so you can use it for further queries.