how it is possible to bypass authentication
Posted: Sat Jun 11, 2005 3:57 pm
I have on each page of my website
where $_SESSION['user'] comes from aut.php page where the user, pass and acces level is check in a mysql db. My question is, how can someone bypass this and see the pages without authenticating? I know someone did because I have logs. Also very strange is the fact that googlebot managed to bypass too the login athou I have robots.txt in my root, BTW is this a google bot address : crawl-66-249-65-229.googlebot.com ?
So, were is the problem? I also have to add that I'm using a frame in my main.php but all the pages loaded in it are protected by the code above.
Code: Select all
session_start();
if (empty($_SESSION['user']))
{
header('Location: login.php');
}So, were is the problem? I also have to add that I'm using a frame in my main.php but all the pages loaded in it are protected by the code above.