I am VERY disappointed right now!
I'm working for a friend on your script, and the first thing I was planning to do was give MD5 a salt so that it would be a little more secure and this is the first line I see.
$username = $_POST["username"];
$pass1 = $_POST["pass1"];
$pass2 = $_POST["pass2"];
Why?
Why is this not secure D< and you're inserting this RIGHT into the DB. I know you didn't build this script yoursefl, but just improved on it, but please, add some more security next update.
|