!PHP authentication was working on iis4

Anon

I set up a secure backend that uses PHP sessions to authenticate user.
the user logs in, a script gets his info from the data and records it in to session variables.
1. the user name
2. the user security access level.

it was working fine, and I also managed to implement a log out procedure so the variables get set to "" at end of session.

Anyhow, it was all working, but now... the php is getting processed but there is no security. Anyone can enter the websites without any session initialization required.

here is a copy of the security script included on the pages:
admin.php

<?
session_start();

if(!session_is_registered("SECURITY"))
{
header("Location:NotAuth.html");
exit;
}
if($SECURITY != 1)
{
header("Location:NotAuth.html");
exit;
}
?>

what could possibly be wrong, besides the fact that I have an iis server.

Anon

I think that it has to do with the way php its being parsed.
if you are including a php include command that might be your problem

ame12

Try

header("Location: ...url...");

with a space between the colon character and the URL.

Dave

=====================================
http://badblue.com - Fast, free file-

sharing web server for PHP and more