Alessio Focardi wrote:
The is_user_in() call looks in the credentials for the user_id, and that user_id is used for a lookup in the grp table for a grp with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially forged.
ok, is not safe, I know it .... but why is not working ?
is_user_in uses the Authorization: credentials, not the From:!!!
is_user_in(): No authorized credentials found (error in scripts)
what script ?
The same script you have the is_user_in() call. Put www_authorize() above is_user_in() as I described.
---greg
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers