You do not escape passed strings to the db... this alone opens up for sql injection (i would read up on the various sites about sql injection). Furthermore, you seem to register the username/password to the session, as well as redirecting with parameters coming directly from the session - someone could change these to their liking and open up your application for code injection, response splitting and maybe even more.Can u tell me what can be sql injection in my code? please
Of course all this also depends on other factors, code you additionally use, etc. With phpBB3 we increased security a lot by using common functions which are required by our coding guidelines. This alone makes it hard to write insecure code - for example if following strictly it is very hard to create sql injection holes, due to queries following a strict standard. Therefore, our MOD Team will instantly deny mods not adhering to the coding guidelines. I am also worried about the increase of insecure code being submitted to our mods database. :/ At first, we may not care - but at the second look you will realise once a vulnerability is found within a MOD this will most likely be backlashed at phpBB, saying that phpBB is insecure just because a MOD had a vulnerability. Therefore (and for our own SDLC) we created the internal framework we have in conjunction with the coding guidelines. Sure, it is much to learn for someone just beginning with PHP, but IMO it is worth it.