Page 1 of 1

how it is possible to bypass authentication

Posted: Sat Jun 11, 2005 3:57 pm
by andrei.mita
I have on each page of my website

Code: Select all

session_start();
if (empty($_SESSION['user']))
{
header('Location: login.php');
}
where $_SESSION['user'] comes from aut.php page where the user, pass and acces level is check in a mysql db. My question is, how can someone bypass this and see the pages without authenticating? I know someone did because I have logs. Also very strange is the fact that googlebot managed to bypass too the login athou I have robots.txt in my root, BTW is this a google bot address : crawl-66-249-65-229.googlebot.com ?
So, were is the problem? I also have to add that I'm using a frame in my main.php but all the pages loaded in it are protected by the code above.

Posted: Sat Jun 11, 2005 4:22 pm
by Buddha443556
Try...

Code: Select all

if(isset($_SESSION['user']) === false) {
    header('Location: login.php');
}
crawl-66-249-65-229.googlebot.com, could be. Right neighborhood anyway.

EDIT: PHP Cheatsheet