Whats Wrong whit this code

[jomasaco]

PHP Code: (Select All)

<?php
include "funcs.php";

if(isset($_POST) && !empty($_POST)) {
$site=$_POST['site'];
$site=str_replace("http://","",$site);
$site=str_replace("www.","",$site);

$query = mysql_query("SELECT * FROM wcddl_sites WHERE url = '".$site."'");
        $numR = mysql_num_rows($query);
        if($numR==0) echo 'Site not found';
        else {
            $row = mysql_fetch_assoc($query);
            if($pass!=$row['password']) echo ' Password is incorrect.';
            else {
                echo ' Welcome '.$site.' owner';
            }
        }
}
else {
    echo '<form name="login" target="$self" id="login" method="post">
Site: <input type="text" name="site">
Pass: <input type="password" name="pass">
<input type="submit" value="Submit" />
</form>';
}        
?>

[jomasaco]

No one?
This are only an test do not use such code on your site or your database can be erased.
An hint never trust in input data.

[c0rrupt]

thanks for feed back on this mate!!