 |
 |
Find a programming school near you
php-general | 2001072
Date: 07/24/01
- Next message: Alnisa Allgood: "Re: [PHP] Determining File Size"
- Previous message: David Hall: "RE: [PHP] .htaccess and determining if a user is logged in"
- In reply to: David Hall: "RE: [PHP] .htaccess and determining if a user is logged in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I've done further investigation and it seems that if I go with the
approach
> of looking for a REMOTE_USER value, I'll have to do the following:
>
> Since Apache only fills out the REMOTE_USER if the file is in a protected
> directory, I have to make a symbolic link within a protected directory to
> the non-protected script. Then Apache will require authentication for the
> file. Thus, both non-authenticated and authenticated users are running the
> same script.
>
> Any problems with this approach? My worry is that if the user passes
> $REMOTE_USER="FooledYou" in the url, it'll fool my script into thinking
> Apache sent it. I'll have to check into that one.
>
> Any better ideas?
Yep - have a look at the manual here:
http://www.php.net/manual/en/language.variables.external.php
and here:
http://www.php.net/manual/en/configuration.php (search for 'gpc_order')
jason
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe <email protected> For additional commands, e-mail: php-general-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Alnisa Allgood: "Re: [PHP] Determining File Size"
- Previous message: David Hall: "RE: [PHP] .htaccess and determining if a user is logged in"
- In reply to: David Hall: "RE: [PHP] .htaccess and determining if a user is logged in"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
