Home/ Questions/Q 8336725
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T04:05:03+00:00

All right so I’ve been looking all over the net and I can’t seem

  • 0

All right so I’ve been looking all over the net and I can’t seem to find any solution for my problem. My apologies if this has been asked in the past.

I’m sure there’s a very simple answer for this: A while back I built a website for a client. This website has an administration system in which some pages are locked using a $_SESSION variable called ‘level’, which basically checks whether the user is an administrator or not. Furthermore, some pages are locked with the usual log in session variables, to ensure that only logged in people can access these pages.

Now the problem is that on two of my pages, the php scripts seems to run completely by themselves. The first page is just a page that resends all of the activation emails to every user in the DB. This page can only be accessed by being logged in, and being an administrator. The second page can only be accessed by going through PayPal. The PayPal script has fallback support which checks whether there are PayPal post variables.

Anyone know why these scripts are running by themselves? It gets bothersome when random emails are continually sent to customers or administrators. I probably did something wrong somewhere. I thought it might just be the Google crawler activating the scripts, but wouldn’t the crawler have to be logged in to access the scripts?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It could be a number of things.

    One approach could be that search engines are executing your scripts.

    A couple of years ago I was hired to look into what could be causing the deletion of all pages made with their homemade CMS.

    Looking through their access logs revealed that two search engines was trying to index the content in the administration frontend. Including all the Delete page links.

    The reason why this could occur was a combination of two things.

    The first was the administrators browser plugins from the two search engines. Documentation proved that pages a client visited was sent to the search engines from their plugin.

    Secondly, when the search engine attempted to index a session protected page, the original developer of their CMS forgot to put an exit; after the header('Location: ...');part which meant that the rest of the code on the page still got executed.

    The solution

    I fixed the problem by adding exit; to the code:

    If( ! isset($_SESSION['level']) )
{
  header('Location: login.php');
  exit; // stops further execution of code
}

    I hope this can help.

    • 0