I have an authentication problem...
My users are authenticated through a mysql table. This set up a session variable to "true" and allow them to browse different pages (in each page I test that session variable).
To deny direct access to the directory, I put an htaccess which simply denies all accesses.

Things are working fine, except when I want to open a popup.In that case I again have the apache "forbidden".

What I don't understand: my site is built has an index page which include in it's center the requested specific pages.
So I have something like index.php?page_called=protected1
and in index I do an include of protected1.php.

This will include the page protected1.php which is in the protected directory in the webpage without any problem.

I don't understand why this is working as I include the file directly (include ("./protectedDirectory/protected1.php")) whereas a simple javascipt window open with that script is not allowed.
And I have no idea how to modify that, for some little things it's easier for my user to have a display popup (eg to remind him old values), and currently I have to put that file out of the protected directory.

I could put that files somewhere else than under the webroot, but I think there is a way of allowing popup opening by the php script?

Sorry if this may be a bit off topic, but I tried to find inforamtion on google/apache and found nothing, and I'm sure some of you are using that system as well?

Thanks for your time!

It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to