From: [EMAIL PROTECTED]
Operating system: Windows 98 Second Edition
PHP version: 4.0.5
PHP Bug Type: Apache related
Bug description: Retrieving cookies in MSIE 5.0 returns an Apache Error 500 page
PHP.ini file:
[PHP]
; $Id: php.ini-dist,v 1.73.2.2 2001/04/22 11:58:49 phanto
Exp $
;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; This file controls many aspects of PHP's behavior. In
order for PHP to
; read it, it must be named 'php.ini'. PHP looks for it
in the current
; working directory, in the path designated by the
environment variable
; PHPRC, and in the path that was defined in compile time
(in that order).
; Under Windows, the compile-time path is the Windows
directory. The
; path in which the php.ini file is looked for can be
overriden using
; the -c argument in command line mode.
;
; The syntax of the file is extremely simple. Whitespace
and Lines
; beginning with a semicolon are silently ignored (as you
probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored,
even though
; they might mean something in the future.
;
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is
different from FOO=bar.
;
; The value can be a string, a number, a PHP constant
(e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and
None) or an expression
; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").
;
; Expressions in the INI file are limited to bitwise
operators and parentheses:
; | bitwise OR
; & bitwise AND
; ~ bitwise NOT
; ! boolean NOT
;
; Boolean flags can be turned on using the values 1, On,
True or Yes.
; They can be turned off using the values 0, Off, False or
No.
;
; An empty string can be denoted by simply not writing
anything after the equal
; sign, or by using the None keyword:
;
; foo = ; sets foo to an empty string
; foo = none ; sets foo to an empty string
; foo = "none" ; sets foo to the string 'none'
;
; If you use constants in your value, and these constants
belong to a
; dynamically loaded extension (either a PHP extension or
a Zend extension),
; you may only use these constants *after* the line that
loads the extension.
;
; All the values in the php.ini-dist file correspond to
the builtin
; defaults (that is, if no php.ini is used, or if you
delete these lines,
; the builtin defaults will be identical).
;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;
; Enable the PHP scripting language engine under Apache.
engine = On
; Allow the <? tag. Otherwise, only <?php and <script>
tags are recognized.
short_open_tag = On
; Allow ASP-style <% %> tags.
asp_tags = Off
; The number of significant digits displayed in floating
point numbers.
precision = 14
; Enforce year 2000 compliance (will cause problems with
non-compliant browsers)
y2k_compliance = on
; Output buffering allows you to send header lines
(including cookies) even
; after you send body content, at the price of slowing
PHP's output layer a
; bit. You can enable output buffering during runtime by
calling the output
; buffering functions. You can also enable output
buffering for all files by
; setting this directive to On.
output_buffering = On
; You can redirect all of the output of your scripts to a
function. For
; example, if you set output_handler to "ob_gzhandler",
output will be
; transparently compressed for browsers that support gzip
or deflate encoding.
; Setting an output handler automatically turns on output
buffering.
output_handler =
; Transparent output compression using the zlib library
; Valid values for this option are 'off', 'on', or a
specific buffer size
; to be used for compression (default is 4KB)
zlib.output_compression = Off
; Implicit flush tells PHP to tell the output layer to
flush itself
; automatically after every output block. This is
equivalent to calling the
; PHP function flush() after each and every call to
print() or echo() and each
; and every HTML block. Turning this option on has
serious performance
; implications and is generally recommended for debugging
purposes only.
implicit_flush = Off
; Whether to enable the ability to force arguments to be
passed by reference
; at function call time. This method is deprecated and is
likely to be
; unsupported in future versions of PHP/Zend. The
encouraged method of
; specifying which arguments should be passed by reference
is in the function
; declaration. You're encouraged to try and turn this
option Off and make
; sure your scripts work properly with it in order to
ensure they will work
; with future versions of the language (you will receive a
warning each time
; you use this feature, and the argument will be passed by
value instead of by
; reference).
allow_call_time_pass_reference = On
;
; Safe Mode
;
safe_mode = Off
safe_mode_exec_dir =
; Setting certain environment variables may be a potential
security breach.
; This directive contains a comma-delimited list of
prefixes. In Safe Mode,
; the user may only alter environment variables whose
names begin with the
; prefixes supplied here. By default, users will only be
able to set
; environment variables that begin with PHP_ (e.g.
PHP_FOO=BAR).
;
; Note: If this directive is empty, PHP will let the user
modify ANY
; environment variable!
safe_mode_allowed_env_vars = PHP_
; This directive contains a comma-delimited list of
environment variables that
; the end user won't be able to change using putenv().
These variables will be
; protected even if safe_mode_allowed_env_vars is set to
allow to change them.
safe_mode_protected_env_vars = LD_LIBRARY_PATH
; This directive allows you to disable certain functions
for security reasons.
; It receives a comma-deliminated list of function names.
This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions =
; Colors for Syntax Highlighting mode. Anything that's
acceptable in
; <font color="??????"> would work.
highlight.string = #CC0000
highlight.comment = #FF9900
highlight.keyword = #006600
highlight.bg = #FFFFFF
highlight.default = #0000CC
highlight.html = #000000
;
; Misc
;
; Decides whether PHP may expose the fact that it is
installed on the server
; (e.g. by adding its signature to the Web server header).
It is no security
; threat in any way, but it makes it possible to determine
whether you use PHP
; on your server or not.
expose_php = On
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
max_execution_time = 30 ; Maximum execution time of
each script, in seconds
memory_limit = 8M ; Maximum amount of memory a script
may consume (8MB)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; error_reporting is a bit-field. Or each number up to
get desired error
; reporting level
; E_ALL - All errors and warnings
; E_ERROR - fatal run-time errors
; E_WARNING - run-time warnings (non-fatal errors)
; E_PARSE - compile-time parse errors
; E_NOTICE - run-time notices (these are warnings
which often result
; from a bug in your code, but it's
possible that it was
; intentional (e.g., using an
uninitialized variable and
; relying on the fact it's
automatically initialized to an
; empty string)
; E_CORE_ERROR - fatal errors that occur during PHP's
initial startup
; E_CORE_WARNING - warnings (non-fatal errors) that
occur during PHP's
; initial startup
; E_COMPILE_ERROR - fatal compile-time errors
; E_COMPILE_WARNING - compile-time warnings (non-fatal
errors)
; E_USER_ERROR - user-generated error message
; E_USER_WARNING - user-generated warning message
; E_USER_NOTICE - user-generated notice message
;
; Examples:
;
; - Show all errors, except for notices
;
;error_reporting = E_ALL & ~E_NOTICE
;
; - Show only errors
;
;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR
;
; - Show all errors except for notices
;
error_reporting = E_ALL & ~E_NOTICE
; Print out errors (as a part of the output). For
production web sites,
; you're strongly encouraged to turn this feature off, and
use error logging
; instead (see below). Keeping display_errors enabled on
a production web site
; may reveal security information to end users, such as
file paths on your Web
; server, your database schema or other information.
display_errors = On
; Even when display_errors is on, errors that occur during
PHP's startup
; sequence are not displayed. It's strongly recommended
to keep
; display_startup_errors off, except for when debugging.
display_startup_errors = Off
; Log errors into a log file (server-specific log, stderr,
or error_log (below))
; As stated above, you're strongly advised to use error
logging in place of
; error displaying on production web sites.
log_errors = Off
; Store the last error/warning message in $php_errormsg
(boolean).
track_errors = Off
; String to output before an error message.
;error_prepend_string = "<font color=ff0000>"
; String to output after an error message.
;error_append_string = "</font>"
; Log errors to specified file.
;error_log = filename
; Log errors to syslog (Event Log on NT, not valid in
Windows 95).
;error_log = syslog
; Warn if the + operator is used with strings.
warn_plus_overloading = Off
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
;
; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
; The separator used in PHP generated URLs to separate
arguments.
; Default is "&".
;arg_separator.output = "&"
; List of separator(s) used by PHP to parse input URLs
into variables.
; Default is "&".
; NOTE: Every character in this directive is considered as
separator!
;arg_separator.input = ";&"
; This directive describes the order in which PHP
registers GET, POST, Cookie,
; Environment and Built-in variables (G, P, C, E & S
respectively, often
; referred to as EGPCS or GPC). Registration is done from
left to right, newer
; values override older values.
variables_order = "EGPCS"
; Whether or not to register the EGPCS variables as global
variables. You may
; want to turn this off if you don't want to clutter your
scripts' global scope
; with user data. This makes most sense when coupled with
track_vars - in which
; case you can access all of the GPC variables through the
$HTTP_*_VARS[],
; variables.
;
; You should do your best to write your scripts so that
they do not require
; register_globals to be on; Using form variables as
globals can easily lead
; to possible security problems, if the code is not very
well thought of.
register_globals = On
; This directive tells PHP whether to declare the
argv&argc variables (that
; would contain the GET information). If you don't use
these variables, you
; should turn it off for increased performance.
register_argc_argv = On
; Maximum size of POST data that PHP will accept.
post_max_size = 8M
; This directive is deprecated. Use variables_order
instead.
gpc_order = "GPC"
; Magic quotes
;
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On
; Magic quotes for runtime-generated data, e.g. data from
SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead
of \').
magic_quotes_sybase = Off
; Automatically add files before or after any PHP
document.
auto_prepend_file =
auto_append_file =
; As of 4.0b4, PHP always outputs a character encoding by
default in
; the Content-type: header. To disable sending of the
charset, simply
; set it to be empty.
;
; PHP's built-in default is text/html
default_mimetype = "text/html"
;default_charset = "iso-8859-1"
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
; UNIX: "/path1:/path2" Windows: "\path1;\path2"
include_path =
; The root of the PHP pages, used only if nonempty.
doc_root = "c:\program files\apache group\apache\htdocs"
; The directory under which PHP opens the script using
/~usernamem used only
; if nonempty.
user_dir =
; Directory in which the loadable extensions (modules)
reside.
extension_dir = ./
; Whether or not to enable the dl() function. The dl()
function does NOT work
; properly in multithreaded servers, such as IIS or Zeus,
and is automatically
; disabled on them.
enable_dl = On
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
file_uploads = On
; Temporary directory for HTTP uploaded files (will use
system default if not
; specified).
;upload_tmp_dir = "C:\Windows\Temp"
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M
;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
; Whether to allow the treatment of URLs (like http:// or
ftp://) as files.
allow_url_fopen = On
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
;
; If you wish to have an extension loaded automaticly, use
the following
; syntax:
;
; extension=modulename.extension
;
; For example, on Windows:
;
; extension=msql.dll
;
; ... or under UNIX:
;
; extension=msql.so
;
; Note that it should be the name of the module only; no
directory information
; needs to go here. Specify the location of the extension
with the
; extension_dir directive above.
;Windows Extensions
;Note that MySQL and ODBC support is now built in, so no
dll is needed for it.
;
;extension=php_bz2.dll
;extension=php_ctype.dll
;extension=php_cpdf.dll
;extension=php_curl.dll
;extension=php_cybercash.dll
;extension=php_db.dll
;extension=php_dba.dll
;extension=php_dbase.dll
;extension=php_domxml.dll
;extension=php_dotnet.dll
;extension=php_exif.dll
;extension=php_fdf.dll
;extension=php_filepro.dll
;extension=php_gd.dll
;extension=php_gettext.dll
;extension=php_hyperwave.dll
;extension=php_iconv.dll
;extension=php_ifx.dll
;extension=php_iisfunc.dll
;extension=php_imap.dll
;extension=php_ingres.dll
;extension=php_interbase.dll
;extension=php_java.dll
;extension=php_ldap.dll
;extension=php_mcrypt.dll
;extension=php_mhash.dll
;extension=php_ming.dll
;extension=php_mssql.dll
;extension=php_oci8.dll
;extension=php_openssl.dll
;extension=php_oracle.dll
;extension=php_pdf.dll
;extension=php_pgsql.dll
;extension=php_printer.dll
;extension=php_sablot.dll
;extension=php_snmp.dll
;extension=php_sybase_ct.dll
;extension=php_yaz.dll
;extension=php_zlib.dll
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
[Syslog]
; Whether or not to define the various syslog variables
(e.g. $LOG_PID,
; $LOG_CRON, etc.). Turning it off is a good idea
performance-wise. In
; runtime, you can define these variables by calling
define_syslog_variables().
define_syslog_variables = Off
[mail function]
; For Win32 only.
SMTP = localhost
; For Win32 only.
sendmail_from = [EMAIL PROTECTED]
; For Unix only. You may supply arguments as well
(default: 'sendmail -t -i').
;sendmail_path =
[Logging]
; These configuration directives are used by the example
logging mechanism.
; See examples/README.logging for more explanation.
;logging.method = db
;logging.directory = /path/to/log/directory
[Java]
;java.class.path = .\php_java.jar
;java.home = c:\jdk
;java.library = c:\jdk\jre\bin\hotspot\jvm.dll
;java.library.path = .\
[SQL]
sql.safe_mode = Off
[ODBC]
;odbc.default_db = Not yet implemented
;odbc.default_user = Not yet implemented
;odbc.default_pw = Not yet implemented
; Allow or prevent persistent links.
odbc.allow_persistent = On
; Check that a connection is still valid before reuse.
odbc.check_persistent = On
; Maximum number of persistent links. -1 means no limit.
odbc.max_persistent = -1
; Maximum number of links (persistent + non-persistent).
-1 means no limit.
odbc.max_links = -1
; Handling of LONG fields. Returns number of bytes to
variables. 0 means
; passthru.
odbc.defaultlrl = 4096
; Handling of binary data. 0 means passthru, 1 return as
is, 2 convert to char.
; See the documentation on odbc_binmode and
odbc_longreadlen for an explanation
; of uodbc.defaultlrl and uodbc.defaultbinmode
odbc.defaultbinmode = 1
[MySQL]
; Allow or prevent persistent links.
mysql.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
mysql.max_persistent = -1
; Maximum number of links (persistent + non-persistent).
-1 means no limit.
mysql.max_links = -1
; Default port number for mysql_connect(). If unset,
mysql_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in
/etc/services or the
; compile-time value defined MYSQL_PORT (in that order).
Win32 will only look
' at MYSQL_PORT.
mysql.default_port =
; Default socket name for local MySQL connects. If empty,
uses the built-in
; MySQL defaults.
mysql.default_socket =
; Default host for mysql_connect() (doesn't apply in safe
mode).
mysql.default_host =
; Default user for mysql_connect() (doesn't apply in safe
mode).
mysql.default_user =
; Default password for mysql_connect() (doesn't apply in
safe mode).
; Note that this is generally a *bad* idea to store
passwords in this file.
; *Any* user with PHP access can run 'echo
cfg_get_var("mysql.default_password")
; and reveal this password! And of course, any users with
read access to this
; file will be able to reveal the password as well.
mysql.default_password =
[mSQL]
; Allow or prevent persistent links.
msql.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
msql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1
means no limit.
msql.max_links = -1
[PostgresSQL]
; Allow or prevent persistent links.
pgsql.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
pgsql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1
means no limit.
pgsql.max_links = -1
[Sybase]
; Allow or prevent persistent links.
sybase.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
sybase.max_persistent = -1
; Maximum number of links (persistent + non-persistent).
-1 means no limit.
sybase.max_links = -1
;sybase.interface_file = "/usr/sybase/interfaces"
; Minimum error severity to display.
sybase.min_error_severity = 10
; Minimum message severity to display.
sybase.min_message_severity = 10
; Compatability mode with old versions of PHP 3.0.
; If on, this will cause PHP to automatically assign types
to results according
; to their Sybase type, instead of treating them all as
strings. This
; compatability mode will probably not stay around
forever, so try applying
; whatever necessary changes to your code, and turn it
off.
sybase.compatability_mode = Off
[Sybase-CT]
; Allow or prevent persistent links.
sybct.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
sybct.max_persistent = -1
; Maximum number of links (persistent + non-persistent).
-1 means no limit.
sybct.max_links = -1
; Minimum server message severity to display.
sybct.min_server_severity = 10
; Minimum client message severity to display.
sybct.min_client_severity = 10
[bcmath]
; Number of decimal digits for all bcmath functions.
bcmath.scale = 0
[browscap]
;browscap = extra/browscap.ini
[Informix]
; Default host for ifx_connect() (doesn't apply in safe
mode).
ifx.default_host =
; Default user for ifx_connect() (doesn't apply in safe
mode).
ifx.default_user =
; Default password for ifx_connect() (doesn't apply in
safe mode).
ifx.default_password =
; Allow or prevent persistent links.
ifx.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
ifx.max_persistent = -1
; Maximum number of links (persistent + non-persistent).
-1 means no limit.
ifx.max_links = -1
; If on, select statements return the contents of a text
blob instead of its id.
ifx.textasvarchar = 0
; If on, select statements return the contents of a byte
blob instead of its id.
ifx.byteasvarchar = 0
; Trailing blanks are stripped from fixed-length char
columns. May help the
; life of Informix SE users.
ifx.charasvarchar = 0
; If on, the contents of text and byte blobs are dumped to
a file instead of
; keeping them in memory.
ifx.blobinfile = 0
; NULL's are returned as empty strings, unless this is set
to 1. In that case,
; NULL's are returned as string 'NULL'.
ifx.nullformat = 0
[Session]
; Handler used to store/retrieve data.
session.save_handler = files
; Argument passed to save_handler. In the case of files,
this is the path
; where data files are stored.
session.save_path = /tmp
; Whether to use cookies.
session.use_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
; Initialize session on request startup.
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is
restarted.
session.cookie_lifetime = 0
; The path for which the cookie is valid.
session.cookie_path = /
; The domain for which the cookie is valid.
session.cookie_domain =
; Handler used to serialize data. php is the standard
serializer of PHP.
session.serialize_handler = php
; Percentual probability that the 'garbage collection'
process is started
; on every session initialization.
session.gc_probability = 1
; After this number of seconds, stored data will be seen
as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440
; Check HTTP Referer to invalidate externally stored URLs
containing ids.
session.referer_check =
; How many bytes to read from the file.
session.entropy_length = 0
; Specified here to create the session id.
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public} to determine HTTP
caching aspects.
session.cache_limiter = nocache
; Document expires after n minutes.
session.cache_expire = 180
; use transient sid support if enabled by compiling with
--enable-trans-sid.
session.use_trans_sid = 1
url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
; Allow or prevent persistent links.
mssql.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
mssql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1
means no limit.
mssql.max_links = -1
; Minimum error severity to display.
mssql.min_error_severity = 10
; Minimum message severity to display.
mssql.min_message_severity = 10
; Compatability mode with old versions of PHP 3.0.
mssql.compatability_mode = Off
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textlimit = 4096
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textsize = 4096
; Limits the number of records in each bach. 0 = all
records in one batch.
;mssql.batchsize = 0
[Assertion]
; Assert(expr); active by default.
;assert.active = On
; Issue a PHP warning for each failed assertion.
;assert.warning = On
; Don't bail out by default.
;assert.bail = Off
; User-function to be called if an assertion fails.
;assert.callback = 0
; Eval the expression with current error_reporting(). Set
to true if you want
; error_reporting(0) around the eval().
;assert.quiet_eval = 0
[Ingres II]
; Allow or prevent persistent links.
ingres.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
ingres.max_persistent = -1
; Maximum number of links, including persistents. -1
means no limit.
ingres.max_links = -1
; Default database (format:
[node_id::]dbname[/srv_class]).
ingres.default_database =
; Default user.
ingres.default_user =
; Default password.
ingres.default_password =
[Verisign Payflow Pro]
; Default Signio server.
pfpro.defaulthost = "test.signio.com"
; Default port to connect to.
pfpro.defaultport = 443
; Default timeout in seconds.
pfpro.defaulttimeout = 30
; Default proxy IP address (if required).
;pfpro.proxyaddress =
; Default proxy port.
;pfpro.proxyport =
; Default proxy logon.
;pfpro.proxylogon =
; Default proxy password.
;pfpro.proxypassword =
[Sockets]
; Use the system read() function instead of the php_read()
wrapper.
sockets.use_system_read = On
[com]
; path to a file containing GUIDs, IIDs or filenames of
files with TypeLibs
;com.typelib_file =
; allow Distributed-COM calls
;com.allow_dcom = true
Done with php.ini file (ignore the hard return marks).
Script that causes error:
<?
if ((!$username) || (!$password)) {
header("Location: http://localhost/show_login.html";);
exit;
}
$db_name = "testDB";
$table_name = "auth_users";
$connection = @mysql_connect("localhost", "sandman",
"tQ9472b")
or die("Couldn't connect.");
$db = mysql_select_db($db_name, $connection)
or die("Couldn't select database.");
$sql = "SELECT * FROM $table_name
WHERE username = \"$username\" AND password =
password(\"$password\")
";
$result = mysql_query($sql)
or die ("Can't execute query.");
$num = mysql_numrows($result);
if ($num != 0) {
$cookie_name = "auth";
$cookie_value = "ok";
$cookie_expire = "";
$cookie_domain = "";
setcookie($cookie_name, $cookie_value, $cookie_expire, "/"
, $cookie_domain, 0);
$display_block = "
<p><strong>Secret Menu:</strong></p>
<ul>
<li><a href=\"secretA.php\">secret page A</a>
<li><a href=\"secretB.php\">secret page B</a>
</ul>
";
} else {
header("Location: http://localhost/show_login.html";);
exit;
}
?>
<HTML>
<HEAD>
<TITLE>Secret Area</TITLE>
</HEAD>
<BODY>
<? echo "$display_block"; ?>
</BODY>
</HTML>
End of error script.
Here are the two scripts that co-work with the first:
Script 1:
<?
if ($auth == "ok") {
$msg = "<P>Welcome to secret page A, authorized
user!</p>";
} else {
header( "Location: http://localhost/show_login.html";);
exit;
}
?>
<HTML>
<HEAD>
<TITLE>Secret Page A</TITLE>
</HEAD>
<BODY>
<? echo "$msg"; ?>
</BODY>
</HTML>
Script 2:
<?
if ($auth == "ok") {
$msg = "<P>Welcome to secret page B, authorized
user!</p>";
} else {
header( "Location: http://localhost/show_login.html";);
exit;
}
?>
<HTML>
<HEAD>
<TITLE>Secret Page B</TITLE>
</HEAD>
<BODY>
<? echo "$msg"; ?>
</BODY>
</HTML>
End of scripts.
I am using Apache version 1.3.2 (or whatever one comes
right before v2.0beta. I am not using any modules except
for the newest PHP module.
--
Edit Bug report at: http://bugs.php.net/?id=11450&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
