how it is possible to bypass authentication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
andrei.mita
Forum Commoner
Posts: 65
Joined: Sun May 08, 2005 4:06 am
Location: Barlad/Romania

how it is possible to bypass authentication

Post by andrei.mita »

I have on each page of my website

Code: Select all

session_start();
if (empty($_SESSION['user']))
{
header('Location: login.php');
}
where $_SESSION['user'] comes from aut.php page where the user, pass and acces level is check in a mysql db. My question is, how can someone bypass this and see the pages without authenticating? I know someone did because I have logs. Also very strange is the fact that googlebot managed to bypass too the login athou I have robots.txt in my root, BTW is this a google bot address : crawl-66-249-65-229.googlebot.com ?
So, were is the problem? I also have to add that I'm using a frame in my main.php but all the pages loaded in it are protected by the code above.
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

Try...

Code: Select all

if(isset($_SESSION['user']) === false) {
    header('Location: login.php');
}
crawl-66-249-65-229.googlebot.com, could be. Right neighborhood anyway.

EDIT: PHP Cheatsheet
Post Reply