> I've done further investigation and it seems that if I go with the
approach
> of looking for a REMOTE_USER value, I'll have to do the following:
>
> Since Apache only fills out the REMOTE_USER if the file is in a protected
> directory, I have to make a symbolic link within a protected directory to
> the non-protected script. Then Apache will require authentication for the
> file. Thus, both non-authenticated and authenticated users are running the
> same script.
>
> Any problems with this approach? My worry is that if the user passes
> $REMOTE_USER="FooledYou" in the url, it'll fool my script into thinking
> Apache sent it. I'll have to check into that one.
>
> Any better ideas?
Yep - have a look at the manual here:
http://www.php.net/manual/en/language.variables.external.php
and here:
http://www.php.net/manual/en/configuration.php (search for 'gpc_order')
jason
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
