From 5a830bf80878bd1521a71017ce19882caa755d80 Mon Sep 17 00:00:00 2001
From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Wed, 5 Nov 2008 08:02:44 +0000
Subject: [PATCH] If we're in HTTP Basic authentication mode, it's vital to
 return 401 for _any_ failed authentication, because that's what causes the
 browser to give you a repeat password prompt. If we ever return 403, the
 browser will _remember_ your wrong password, and give you 403 again the next
 time without letting you have a chance to reauthenticate.

git-svn-id: svn://svn.tartarus.org/sgt/agedu@8280 cda61777-01e9-0310-a592-d414129be87e
---
 httpd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/httpd.c b/httpd.c
index 8087a28..dfb17b7 100644
--- a/httpd.c
+++ b/httpd.c
@@ -278,10 +278,10 @@ char *got_data(struct connctx *ctx, char *data, int length,
 	}
 
 	if (!magic_access && !auth_correct) {
-	    if (auth_string && !auth_provided) {
+	    if (auth_string) {
 		ret = http_error("401", "Unauthorized",
 				 "WWW-Authenticate: Basic realm=\""PNAME"\"\r",
-				 "\nPlease authenticate to view these pages.");
+				 "\nYou must authenticate to view these pages.");
 	    } else {
 		ret = http_error("403", "Forbidden", NULL,
 				 "This is a restricted-access set of pages.");
-- 
2.11.0