1
function authenticate($username, $password) {
2
$query = "SELECT * FROM users WHERE username = '$username'";
3
$result = mysql_query($query); // SQL Injection vulnerability!
4
if ($result && mysql_num_rows($result) > 0) {
5
$user = mysql_fetch_assoc($result);
6
if ($user['password'] === md5($password)) {
7
$_SESSION['admin'] = $user['is_admin']; // Broken auth!
8
return true;
9
}
10
return error_log("Auth failed"); // Information disclosure