Posted by Jerry Stuckle on 08/02/07 17:01

crazycooter@gmail.com wrote:
> This app has the developmestruction scheme (http://
> worsethanfailure.com/Articles/The_Developmestuction_Environment.aspx)
> so it took a while to find the right thing to comment out such that I
> was able to isolate the problem. The feed back above pointed me in the
> right direction and I found something I probably wouldn't have
> otherwise.
>
> I don't fully understand all the mechanics here and since the security
> model of the site will change I don't have time to dig and fix. It
> looks like broken authentication code, but maybe it really works.
> <shrugs/>
>
> Here it is...
>
> $auth_usr = $_SERVER['PHP_AUTH_USER'];
> $auth_pswd = $_SERVER['PHP_AUTH_PW'];
>
>
> if(!$auth_usr)
> { header('WWW-Authenticate: Basic realm="Auth"');
> }
> elseif(in_array(strtolower($auth_usr), $usr))
> { $access = 2;
> }
>
> If I comment this code out, I only get one email. If I leave this code
> in, I get five emails. I can only assume its bouncing back and forth
> to the client for the auth, each time causing the page to reload and
> running the mail code again.
>
> Debugging output didn't help (unless it would have been to a log file)
> since its only going to show output for the last request which
> actually rendered.
>
> Thanks all!
>
> CrazyCooter
>

Or, if you set up your webserver configuration properly, the user won't
even be able to get to this page unless he's authorized. The webserver
will stop them.

Then you don't even need this code.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]