Hi,
After applying "Cumulative Security Update for Internet Explorer
(832894)":
http://www.microsoft.com/technet/tre...n/ms04-004.asp
i am no longer able to authenticate users using this type of url:
https://un:pa**@www.blahblah.xyz
Reason for specifying un and pass in url is to stop transmitting
basic authentication in clear text but through https.
Code looks like:
<?
if ($HTTP_SERVER_VARS['HTTPS'] != 'on'){die("You must use HTTPS!");}
$un = $HTTP_POST_VARS['un'];
$pass = $HTTP_POST_VARS['pass'];
print ( "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=https://" .$un.
":" .$pass. "@www.blahblah.xyz/~" .$un. "/page.php\">");
?>
How can I do this in a different way?
Thanks in advance.
Tito