Richard Lynch wrote:
On Sun, February 10, 2008 9:09 pm, Robert Cox wrote:
Is it possible to use the "$_SERVER['PHP_AUTH_USER'];" construct in a
URL
forwarded site? I am trying to find the authorised user id so that I
can
access an SQL database with it. Anyone got some ideas?
If you do a Location: with a FULL URL then the browser will forward
POST and I think AUTH data.
Auth info is not "passed on" as such. HTTP authentication details are
applied to all URLs where the browser already knows them (i.e. on the
same domain where they have already authenticated). The redirect does
not have anything to do with this.
And I don't know where you're getting the idea that POST data is
persisted when redirecting with the location header. This is certainly
not the case in all browsers I've ever worked with. If it was then a
fair number of scripts I've written over the years would not work correctly.
One security note for the OP: it's generally a bad idea for the user
credentials for your website to be the same as those used to access the
database. I can think of few ideas where it would make the slightest bit
of logical sense and most of those involve web-based DB admin such as
phpMyAdmin. You might want to rethink your design from a security point
of view.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
