> The difficulty is trying to find a solution that would limit > access and do all the fancy stuff that we had discussed, > without interfering with the pre-existing authentication > system. How about taking the auth status of a user from the headers and then performing additional verification (such as IP checks - although I would discourage that for previously mentioned reasons, or the display of a new password for the next session and use system calls to modify the password through htpasswd) and then storing a session var to say that the additional auth had been passed? Regards, Mikry -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
