diff --git a/user.php b/user.php
index 0ea85cc..e93a855 100644
--- a/user.php
+++ b/user.php
@@ -56,6 +56,7 @@ $sessionID = $util->getSessionCookie();
 		$authURL = $util->getCORALURL() . "auth/" . $addURL . htmlentities($_SERVER['REQUEST_URI']);
 		header('Location: ' . $authURL, true);
 
+		exit; //PREVENT SECURITY HOLE
 	}
 
 
@@ -105,6 +106,7 @@ if ($loginID){
 	//if the user doesn't exist in database we need to redirect them to a page to give instructions on how to be added
 	if ($user->privilegeID == ""){
 		header('Location: not_available.php');
+		exit; //PREVENT SECURITY HOLE
 	}
 }