There's no way to be already logged in on my system. I don't use cookies. If you so much as reload the page, you'll have to login again the way I have it. A link to the URL will force a login. The only way that an exploit could be easily done is to create an imitation on a different website/URL that would emulate my page and entice the user to surrender his or her login credentials (username/password)--and that could then be used to login on the real site by a malicious user. I don't know any way to prevent an attack of this sort, however, even with the best of security practices in place; virtually any site could be spoofed. But the site is hardly much of a target, and would not be worth a hacker's time, as I see it.

Further to this, the site is not using the GET protocol. The URL is always basic, without additional hackable tokens. It's all based on POST.

Though the server itself has been subjected to multiple DoS attacks and hacking attempts over this period, perhaps it is enough that for all the supposed weaknesses in the system, this application has been online for over eight years without a single break-in/hack-in. Nor do I expect any significant trouble in the years to come, barring the site achieves a much greater level of notoriety than it now has (unlikely).

But we digress, and I fear I am still nearly as ignorant about database connections as when I first posted.