I'm developing an admin system for custom CMS. On all my pages which are part of the admin site I use a check_user() function. The check_user() function only does this:
function check_user()
{
session_start();
if ($_SESSION['username'] == "admin") {
} else {
header("location:admin.php");
}
}
Though it seems a bit simple, is this enough to keep away unwanted members from the site? How exploitable is $_SESSION[] vars are? Any suggestions to improve this function?
Thanks in advance!
In the given code, $_SESSION is not exploitable IF register_globals is off (which on all latest installs will be off... but just to be sure)
Although depending on how these session parameters are set, it could be exploited. (i.e. using request parameters as keys in the session variable for example)
To improve on this code, i would suggest to always start a session, independent of the check_user call. This enables you to reuse the check_user.