man what is going on
this ain't exploit at all
if ($action == "logout")
{
Setcookie("loginpwd","",time() -86400);
Setcookie("loginuser","",time() - 86400);
include($logout_page);
exit;
}
else if ($action == "login")
u have if here and its say if u logout and u have exit too so it won't execute
anything after that