Return 403 instead of 401 for missing authentication

According to the RFC this is only useful for services that use HTTP's built in authentication schemes. We don't so we can't use this code. References: https://tools.ietf.org/html/rfc7235 Signed-off-by: Florian Pritz <bluewind@xinu.at>
author: Florian Pritz <bluewind@xinu.at> 2016-07-29 11:17:06 +0200
committer: Florian Pritz <bluewind@xinu.at> 2016-07-29 11:17:06 +0200
commit: 2e7269f566a0204dbc83d6c8f423886e27d60363 (patch)
tree: cd6dc0497039b2959a8ebb2fb8ca6e510a681e3f /application/controllers
parent: 0db79529d129dd4fe1e9b7bf823e07510c806bd4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php
index ab411d7d2..891ef9451 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -38,7 +38,7 @@ class User extends MY_Controller {
 		if ($this->muser->login($username, $password)) {
 			$this->output->set_status_header(204);
 		} else {
-			$this->output->set_status_header(401);
+			$this->output->set_status_header(403);
 		}
 	}
author	Florian Pritz <bluewind@xinu.at>	2016-07-29 11:17:06 +0200
committer	Florian Pritz <bluewind@xinu.at>	2016-07-29 11:17:06 +0200
commit	2e7269f566a0204dbc83d6c8f423886e27d60363 (patch)
tree	cd6dc0497039b2959a8ebb2fb8ca6e510a681e3f /application/controllers
parent	0db79529d129dd4fe1e9b7bf823e07510c806bd4 (diff)