Thanks, Stuart.
I'll admit I don't "fully" I understand register_globals. Beyond that, I am
sure I am not clear on the value of NOT using register_globals. I am wading
through the docs constantly. Haven't quite finished.
Regardless, thanks for the assist.
Mike
----- Original Message -----
From: "Stuart Dallas" <[EMAIL PROTECTED]>
To: "Mike P" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, May 11, 2002 10:03 PM
Subject: Re: [PHP] Authentication with register_globals OFF
On Sat, 11 May 2002 21:21:27 -0400, you wrote:
>Trying to get accustomed to PHP 4.2.0 and PHP's preference for
>register_globals off, I have register_globals off.
>
>However, when I try to use $PHP_AUTH_USER and $PHP_AUTH_PW, my script fails
>(attempting to validate username and password credectials against
MySQL...no
>error message and my login failure message does not show up, even after
>three unsuccessful challenge responses.
>
>When I set register_globals on, I am successful in gaining authorization
>(ie, the header('WWW-Auth....' is correct, the script works, the MySQL
>connection works and the query works).
>
>How, then do I define th $PHP_AUTH_USER and $PHP_AUTH_PW variables up front
>with register_globals off?
They are in the $_SERVER superglobal. Change your references to them
to...
$_SERVER['PHP_AUTH_USER']
and
$_SERVER['PHP_AUTH_PW']
You might want to read up on what register_globals actually does since
it's clear that you don't fully understand it yet:
http://www.php.net/manual/en/security.registerglobals.php
--
Stuart
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
