Hey Guys,
I am having one hell of a problem that I cannot figure out for the life of me. I have set up a super simple CMS for a client. Each different page of the CMS has and include file called session.php.
session.php
session_start();
$username = $_SESSION['siteadmin'];
if (!$_SESSION['siteadmin']){
header( 'Location: login.php?status=2' );
}
Every now and again, random things would disappear from the database. So, I setup a crude log system that logged any action through the CMS. Well, it happened again. The logs show this:
Logged in **.**.237.209 17:18 <-- thats me
Deleted board member id 12 195.42.102.25 16:49
Deleted board member id 15 195.42.102.25 16:49
Deleted board member id 8 195.42.102.25 16:49
Deleted board member id 10 195.42.102.25 16:49
Deleted board member id 9 195.42.102.25 16:49
Deleted board member id 4 195.42.102.25 16:49
Deleted board member id 3 195.42.102.25 16:49
Deleted board member id 5 195.42.102.25 16:49
Deleted board member id 6 195.42.102.25 16:49
Deleted board member id 11 195.42.102.25 16:49
Deleted board member id 7 195.42.102.25 16:49
Deleted review id 2 195.42.102.25 16:49
Deleted review id 3 195.42.102.25 16:49
and that goes on for a couple pages. It doesnt even show 195.42.102.25 logging in! Last time it happened with 195.128.18.19. How are they computers loading the window without a session variable? Is there a security hole in my code that I am completely overlooking?!
Any insight on this issue would be awesome.
Thanks,
