Detected 1 occurrence(s) of ‘\s*pass[word]+\s*[:=]\s*["'][a-z0-9\-_\!\$]+["']‘: $user = cleanString($_POST['user']); $passUnhash = cleanString($_POST['pass']); $pass = hash("sha256", $passUnhash); if($user == "" || $passUnhash == "") { $error = TRUE; } else { $query = "SELECT admin FROM staff WHERE ign='$user' AND password='$pass'"; $result = queryMysql($query); if(!$result) die ("Database access failed: " . mysql_error()); $row = mysql_fetch_row($result); if (mysql_num_rows($result) […]
↧