10 Feb
2004
10 Feb
'04
6:39 p.m.
Alessio Focardi wrote:
is_user_in uses the Authorization: credentials, not the From:!!!
The same script you have the is_user_in() call. Put www_authorize()
above is_user_in() as I described.
---greg
The is_user_in() call looks in the credentials for the user_id,
and that user_id is used for a lookup in the grp table for a grp
with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially
forged.
ok, is not safe, I know it .... but why is not working ? is_user_in(): No authorized credentials found
(error in scripts)
what script ?
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers