I have been testing and learning by building this simple CMS application and want see if works OK, but most importantly, would like to know if any of you are able to hack it. It's a simple "notepad" that allows people to register their own id/pw and able to track their own note "posts". It restricts the display to each user's respective notes, only and only if they are logged in. If they are not, then they shouldnt be able to see any notes at all, and are re-directed instead to the "Login" form.
The site link is:
I would like to see if you guys can bypass restrictions or hack it in any way possible, or view other user's notes.. I just wanna make sure I am doign things right from a security standpoint... appreciate any comments!
Here below are 2 users already in the DB, so you can login with either one and see how you should be able to see ONLY each person's "notes".
Design maybe kind of off, but that's cause I'm still working on it...