Hi friends. I made a login script for my website. I personally think it is pretty safe but I was wondering what you guys think. Tell me if you see any vulnerabilities or exploits that I should patch up. How could people crack it?

http://www.pheeble.com/login.php

Appreciate it.

Post the source code then poeple will be able to help you. Otherwise there's no way of telling how secure the script is.

Depends what kind of encryption you using in your database. If it's just plain text then you should slap your self on the back of your head. Also where is the source at?

well I cant even see the page but the source would be good.

It's broke.

I scaned the site checking the tree and then entered http://www.pheeble.com/v5/ as being the second page after the intro and it let me right in. Never saw any kind of a login script. So I would venture it's not to secure if I can traverse the directory tree and pull up any page I wish.

No, that doesn't sound terribly secure, does it?
But then, he may not have implemented it yet; he could just be testing the login at this point...

Well, inside the httpd.conf (I'm going to assume we're talking apache here because that's my knowledge base, not IIS), in the intial <Directory> for this page, I would take Indexes out of the Options list. This prevents people from scanning/traversing directory trees.

As for the php, we can't see the code so we can't check!