When you came to this page, you likely noticed a HTTP authentication request, because of the following image:
The information you typed into this was completely ignored, but could have easily been stored and read by me, if I had simply used that variable.
While most mods will recognize this as fake, some n00bs might think it’s real, and type in their password. I probably would have, if not for the title.
I suggest that signatures be required to be hosted on Kirupa. This would prevent the possibility of a potential hack such as this.
The source for my [font=monospace]img.php[/font] is this:
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Kirupa Admin"');
header('HTTP/1.0 401 yeah');
header('Content-type: image/png');
include('imgs/no.png');
exit;
} else {
header('Content-type: image/png');
include('imgs/yes.png');
}
?>
