Yeah i tried that too Adam, and then i took it out......what i did was 
actually assign the null value to PHP_AUTH_USER and PHP_AUTH_PW after a 
successful authentication against the databse and even then the browser 
(both IE and NS) did not prompt a username/pass dialog box....is there 
soemthing i can tweak or disable on my Apache server perhaps?


> I think you need to blow out the value of PHP_AUTH_USER and PHP_AUTH_PW.
> 
> I think that is what it is....
> 
> man, my mind is NOT working up to par lately.
> 
> 
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: <guru@i...>
> To: "professional php" <pro_php@p...>
> Sent: Sunday, July 15, 2001 4:10 AM
> Subject: [pro_php] Re: Mega Headaches!!!
> 
> 
> > > Post the code you are using that displays the login.
> > >
> > > Adam Lang
> > > Systems Engineer
> > > Rutgers Casualty Insurance Company
> > > http://www.rutgersinsurance.com
> > > ----- Original Message -----
> > > From: "Elliott" <guru@i...>
> > > To: "professional php" <pro_php@p...>
> > > Sent: Thursday, July 12, 2001 10:50 PM
> > > Subject: [pro_php] Mega Headaches!!!
> > >
> > >
> >
> > This is the code i use....
> >
> >
> > <?php
> > header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the 
past
> > header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
> > header ("Cache-Control: no-cache, must-revalidate, max_age=0");  //
> > HTTP/1.1
> > header ("Pragma: no-cache");
> > header ("Expires: 0");
> >
> > include "common_db.php";
> >
> > session_start();
> >
> > $auth = false; // Assume user is not authenticated
> > $admin ="F"; // Assume User is not administrator
> > $userid = ""; // Users ID
> >
> >
> > if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW))
> > {
> >
> >     // Connect to MySQL
> >
> >     $link_id = db_connect();
> >     if(!$link_id) die(sql_error());
> >
> >     // Formulate the query
> >
> >     $sql = "SELECT ID,Admin FROM guests WHERE
> >             UserID = '$PHP_AUTH_USER' AND
> >             Password = '$PHP_AUTH_PW'";
> >
> >     // Execute the query and put results in $result
> >
> >     $result = mysql_query( $sql )
> >         or die (sql_error());
> >
> >     // Get number of rows in $result.
> >
> >     $num = mysql_numrows( $result );
> >
> >     if ( $num == 1 )
> >     {
> >         // A matching row was found - the user is authenticated.
> >
> > $row = mysql_fetch_array($result) ;
> > $admin = $row["Admin"];
> >
> > if (($admin == "T") or ($admin == "F"))
> > {
> > $auth = true;
> >                 $userid = $row["ID"];
> >
> >                 $uid =  $userid;
> >                 $adid = $admin;
> >
> >                 session_register(uid);
> >                 session_register(adid);
> > }
> >     }
> >
> > }
> >
> > if ( ! $auth )
> > {
> >     session_destroy();
> >     header( "WWW-Authenticate: Basic realm=\"Protected Guest Area\"" );
> >     header( "HTTP/1.0 401 Unauthorized" );
> > ?>
> > <HTML>
> > <HEAD>
> > <TITLE>Authorization Failed</TITLE>
> > </HEAD>
> > <BODY>
> > <H1>Authorization Failed ON Gatekeeper Secure Server</H1>
> > <P>Without a valid username and password,
> > access to this page cannot be granted.
> > Please click 'reload' and enter a
> > username and password when prompted.  </P>
> > </BODY>
> > </HTML>
> > <?php
> >
> >     exit;
> >
> > }
> > else
> > {
> >
> >  if (($admin == "T") or ($admin == "F"))
> >  {
> >   header( 'Location: restrict.php' );
> >   exit;
> >  }
> >  else
> >  {
> >      session_destroy();
> >      echo("<P> An error occured, Please contact the site administrator
> > </P>");       exit;
> >  }
> >
> > }
> > ?>
> >
> >
> > Thats the code which pops up the login dialog box and then the code 
checks
> > the user/pasword against the database.....
> >
> >
> > Any suggestions or constructive comments etc are welcome...
> >
> >
> >
> > Thanks
> > Elliott
> >
> >
>