sse*_*gei 2 php security session-variables
我有一个地狱的问题,我无法弄清楚我的生活.我为客户设置了一个超级简单的CMS.CMS的每个不同页面都包含名为session.php的文件.
session_start();
$username = $_SESSION['siteadmin'];
if (!$_SESSION['siteadmin']){
header( 'Location: login.php?status=2' );
}
不时地,随机的东西会从数据库中消失.因此,我设置了一个原始日志系统,通过CMS记录任何操作.好吧,它再次发生了.日志显示:
Logged in **.**.237.209 17:18 <-- thats me
Deleted board member id 12 195.42.102.25 16:49
Deleted board member id 15 195.42.102.25 16:49
Deleted board member id 8 195.42.102.25 16:49
Deleted board member id 10 195.42.102.25 16:49
Deleted board member id 9 195.42.102.25 16:49
Deleted board member id 4 195.42.102.25 16:49
Deleted board member id 3 195.42.102.25 16:49
Deleted board member id 5 195.42.102.25 16:49
Deleted board member id 6 195.42.102.25 16:49
Deleted board member id 11 195.42.102.25 16:49
Deleted board member id 7 195.42.102.25 16:49
Deleted review id 2 195.42.102.25 16:49
Deleted review id 3 195.42.102.25 16:49
这持续了几页.它甚至没有显示195.42.102.25登录!上次发生在195.128.18.19.他们如何在没有会话变量的情况下加载窗口?我的代码中是否有一个安全漏洞,我完全可以忽略?!
对这个问题的任何见解都会很棒.
谢谢,
| 归档时间: |
|
| 查看次数: |
143 次 |
| 最近记录: |