in trying to authenticate a user, i use a session.
i include a file in all the files i want protected. file looks like :
?
if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))
|| ( $PHP_AUTH_USER != 'news' ) || ( $PHP_AUTH_PW != 'letmein2send' ) ) {
header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
?>
<form action=index.php method=post>
User Name : <input type=text name=PHP_AUTH_USER><br>
Password : <input type=password name=PHP_AUTH_PW><br>
<input type=hidden name=startsession value=1>
<input type=submit value=Authenticate>
</form>
<?
exit;
}
else if ($startsession == 1){
#header("Content-type: text/html");
$seshpath = ".\sessions";
session_save_path($seshpath);
session_start();
session_register("PHP_AUTH_USER");
session_register("PHP_AUTH_PW");
$startsession = 0;
session_register("startsession");
}
else {
echo "Logged in";
#something to logout maybe
}
?>
creates the session fine in a directory i define myself. problem is when i go to another page, i get sent to the authentication part instead of the session being recognised. what am i missing?
thanks for any help
-powlow
