Is this password form secure? If not, what do I need to check for?
<?php
function secCode()
{
include_once("constants.php");
// obtain the password the user has entered
$password = $_POST['password'];
// warn for incorrect password
if(($password != "321498762") && (strlen($password) > 0))
$wrongPW = "<br /><font color=\"$WARN\">Wrong password.</font>";
// ask for password
if($password != "321498762")
{
echo("
<form name=\"form\" method=\"post\" action=\"index.php?sec=admin\">
<p>
Password:
<input name=\"password\" value=\"$password\" type=\"password\" size=\"15\" maxlength=\"15\" />
<input type=\"submit\" name=\"Submit\" value=\"Submit\" />
</p>
$wrongPW
</form>
");
}
// correct password has been entered
else
{
echo(success);
}
}
?>
