Here is the scenario.
1. I set my browser to block all cookies.
2. I access this script.
3. I am thinking that I should get an error because I presume that
session_start() will attempt to set a cookie (which it appears to do).
(I tried setcookie() too and the cookie was accepted.)
My question is this.
When using httpauth, does httpauth override your cookie preferences?
David
******************* my code **************************
<?php
require "/home/www/common/_ini/_main.ini.php";
$auth = false; // Assume user is not authenticated
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
$sql = "SELECT * FROM staff WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";
$result = @mysql_query($sql, $connection)
or die ('Database Error - Could not select create data
from projects.');
// Get number of rows in $result.
$numrows = mysql_num_rows( $result );
if ( $numrows > 0 ) {
// A matching row was found - the user is authenticated.
$auth = true;
}
}
if ( ! $auth ) {
header( 'WWW-Authenticate: Basic realm="Private Extranet"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
session_start();
echo '<P>You are authorized!</P>';
phpinfo();
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
