Security of admin validator
Posted: Sat Jun 12, 2004 1:26 pm
Hey guys! I just created a function that validates whether a user is an administrator or just a regular. How secure do you think my code is? Are there any potential holes or problems that I should be worried about? Thank you for your input!
Code: Select all
<?php
function ValidateAdmin()
{
$username = addslashes($_COOKIE['ls_username']);
if (!isset($username)||empty($username)) return false;
$password = addslashes($_COOKIE['ls_password']);
if (!isset($password)||empty($password)) return false;
$query = "SELECT * FROM users WHERE name='$username' AND password='$password' AND class='admin'";
$db = new database($query);
(!$db->FetchRow()) ? return false : return true;
$db->FreeResult();
$db->close();
unset($db,$query);
}
?>