|
|
Posted by Rik on 08/02/07 15:13
On Thu, 02 Aug 2007 17:07:24 +0200, <crazycooter@gmail.com> wrote:
> This app has the developmestruction scheme (http://
> worsethanfailure.com/Articles/The_Developmestuction_Environment.aspx)
> so it took a while to find the right thing to comment out such that I
> was able to isolate the problem. The feed back above pointed me in the=
> right direction and I found something I probably wouldn't have
> otherwise.
>
> I don't fully understand all the mechanics here and since the security=
> model of the site will change I don't have time to dig and fix. It
> looks like broken authentication code, but maybe it really works.
> <shrugs/>
>
> Here it is...
>
> $auth_usr =3D $_SERVER['PHP_AUTH_USER'];
> $auth_pswd =3D $_SERVER['PHP_AUTH_PW'];
>
>
> if(!$auth_usr)
> { header('WWW-Authenticate: Basic realm=3D"Auth"');
echo 'unauthorised';
exit;
> }
> elseif(in_array(strtolower($auth_usr), $usr))
> { $access =3D 2;
> }
>
> If I comment this code out, I only get one email. If I leave this code=
> in, I get five emails. I can only assume its bouncing back and forth
> to the client for the auth, each time causing the page to reload and
> running the mail code again.
Yup, exit after an auth header, possibly supplying a 'not authorised' pa=
ge =
just before. If you don't, the code could be run anyway.
-- =
Rik Wasmus
Navigation:
[Reply to this message]
|