Reply To: Try out my first PHP web app!

[__]

Much nicer.

When login fails, you should not tell the user whether it was the username or password that was wrong: if I know that the username is good, I only have to guess passwords. If I don’t know which one is wrong (or if both are wrong), then I have a lot more work to do.