Watch for uninitialized variables
<?php
if($user=='rasmus') {
$ok = true;
}
if($ok) {
echo "$user logged in";
}
?>
Catch these by setting the error_reporting level to E_ALL.
The above script would generate this warning (assuming $user is set):
Warning: Undefined variable: ok in script.php on line 6
You can of course also turn off register_globals, but that addresses the symptom
rather than the problem.