urs:pass seems to be the problem
Thanks for testing this out. Unfortunately, I have not been able to reproduce this issue yet.
I tested this feature by creating a password protected folder on a website (through cPanel, htaccess, etc.). When I called $urlget() with the correct user:pass, it downloaded the page. When I called it with the wrong user:pass or none at all, it failed.
If I use SmarSniff
to look at the packets sent/recieved, it shows the correct Authorization Basic header being sent.
If I then send the header using /bset, as in your example, it sends the same header.
Both methods work for me. The difference is that $urlget() currently uses WinInet to handle the authorization.
Which version of Windows are you using?