--- htusers_header.php	2001/09/26 13:57:42	1.1
+++ htusers_header.php	2001/09/26 14:44:54	1.3
@@ -50,15 +50,15 @@
 				$remote_hostname=substr($remote_hostname,0,strpos($remote_hostname,"."));
 				if ($tmp[1] == $remote_hostname) $login_allowed=1;
 			} elseif (stristr($tmp[0],"http_referer")) {
-				error_log("$tmp[0]: $tmp[1] ?? $GLOBALS[HTTP_REFERER]",0);
+				//error_log("$tmp[0]: $tmp[1] ?? $GLOBALS[HTTP_REFERER]",0);
 				if (isset($GLOBALS[HTTP_REFERER]) && stristr($GLOBALS[HTTP_REFERER],$tmp[1])) {
 					setcookie($cookie_name,$cookie_val,time()+3600);
 					$login_allowed=1;
-					error_log("$tmp[0]: $tmp[1] == $GLOBALS[HTTP_REFERER]",0);
+					//error_log("$tmp[0]: $tmp[1] == $GLOBALS[HTTP_REFERER]",0);
 				}
 
 			}
-			if ($login_allowed) {
+			if ($login_allowed && !isset($PHP_AUTH_PW)) {
 				$gblUserName=$user[1];
 				// make fake login credentials
 				$PHP_AUTH_PW=$PHP_AUTH_USER=$user[0];