[Please reply to the list rather than to me privately.]
Ashish Gupta wrote on 13 May:
> Thanks for explaining the login process. It looks like you make use of
> Basic Auth for the login.
The PHP includes statements like this:
if (!isset($_SERVER["PHP_AUTH_USER"])
Does that confirm what you say about "Basic Auth"? Is that something
that resides on the server as a resource for customers like me? (As
you can see, my knowledge of PHP is minimal; this routine was written
for me by somebody else.)
> I think you should be able to destroy the saved state if you login
> using another username and password.
> Could you try doing this ?
> Open this URL, http://username:password@yoursite.com in netsurf.
Did that, using a different valid username as part of the URL, as you
suggest. Got in without seeing a login box.
> Could you try a couple of cases ?
> One, a username password which is valid but different from the saved one.
> A different (invalid) username password combo.
> I am hoping the invalid combo forces the login window next time (or
> locks you out).
Did those tests too. In all cases, I got in without seeing a login
box.
Then downloaded the log file which the PHP generates on the server and
checked it. These login tests do NOT appear on the log.
--
Jim Nagel www.archivemag.co.uk
No comments:
Post a Comment