View Single Post
Old 02-03-2004, 08:17 PM   #7
vinyl-junkie
Purple Mole
 
Join Date: Jan 2004
Posts: 694
Quote:
Originally posted by CCC
The problem can be traced to use of $_SERVER in auth.php. This appears to be another point where the values returned by MS IIS differ from Apache.
True. In fact, what I found by setting an echo statement in the code is that the $_SERVER variables aren't even getting set in IIS!

I have an idea on modifying the code that I think will work with IIS as well as Apache, and will likely be more secure to boot. I'm working on it right now, but haven't had much time so not much progress.

Basically, I'm going to create a form within auth.php and require the user to enter username and password there. Then I created another database with just a single table with usernames and passwords. The idea is to compare the form entry to the database to authenticate the user.

As an added measure of security, the user will get 3 tries to enter the information correctly. If they fail, they will be redirected to my home page. Hopefully, that's all it will take to have the necessary security.

If I'm successful, I'll post the code in the Mod Submissions forum. Wish me luck!
vinyl-junkie is offline   Reply With Quote