The password is encoded in the db, so it wouldn't be able to do plain; nor would it be secure
.
What do you mean to say?
The password will either be furnished in MD5 encoding, or plain. Depending on this, the authentication.php routine will compare either directly or after MD5 encoding.
Yes, would be more secure to send in MD5 encoded format. But on the path from user entry to the php program it always gets transmitted insecurely, unless if the forum were on a secure server. And maybe if the password comes from an encoded cookie.
Still asking. Any takers that either have pity to program the auth function, or at least give me some hints?
Probably a straight readout of username and userpassword from the database might be the easiest way. Plus admin and moderator status. Plus IP block and other user block status.
