hmmm, Someone has managed to hack into my website administration.... that I wrote :-(
* My user & pass are stored in mysql * The login page checks that both login $_POSTS match the Mysql Data & then sets 3 sessions[] .... one with my username, one to say "loggedin=yes" & the 3rd with my access level. eg admin * The login page is secure and so is every subsequent page. * All 3 login sessions are checked on each page & if any fail your booted. So, any ideas how they got in? What are the potential PHP exploits for this type of login system? Maybe they got hold of my login? hmm, maybe - but the IP I see for them is on the other side of the globe & my computer is pretty secure. Any suggestions? Thanks all, Riquez Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
