Beeing hacked?

[tsjikie]

I got some weird thing going on on my site [a href=\"http://www.technicabrussel.be/index.php?page=funfoto&fotoid=49\" target=\"_blank\"]here[/a] and [a href=\"http://www.technicabrussel.be/index.php?page=funfoto&fotoid=43\" target=\"_blank\"]here[/a] (the messages at the bottom).

I wrote a login system, and you can't post a message there if you are not logged in. The messages look like parts of an email header.

In my form I use this

[code]<input type="hidden" name="auteur" value="<? echo $_SESSION['username']; ?>">[/code]

and then I use this check method to see if the user was logged in

[code]if ($_POST['auteur']=='')[/code]

When there is a $_SESSION['username'], it means you are logged in. When you are not logged in or the login failed, it deletes the session variables.

Anyone who can help?