Jump to content

Archived

This topic is now archived and is closed to further replies.

ferrins

Logging out from an HTTP Authorization

Recommended Posts

Hi everybody! A friend of mine gave me a hand to finish the script that follows, it works ok so, of course, feel free to use it in your sites. Now the problem is that I can't log out!!! I've tried to unset the $_SERVER['PHP_AUTH_USER'])) and the $_SERVER['PHP_AUTH_PW'])) but I can't figure out why it doesn't log out. So here you have the script to log in, any idea to log put will be much appreciated!!!

<?php
session_start();
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="admin"');
header('HTTP/1_0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
$nick = $_SERVER['PHP_AUTH_USER'];
$passwd = $_SERVER['PHP_AUTH_PW'];

$sql = "SELECT nick,passwd,id_admin FROM admin WHERE nick='$nick' AND passwd='$passwd'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($res);
if( $row['nick']==$nick && $row['passwd']==$passwd ){
$_SESSION['id_admin']=$row['id_admin'];
/* redirect id the username or pass are correct */
$redirect = "admin/index.php";
header("Location: {$redirect}");
die("If the page doesn't redirect click <a href='{$redirect}'>here</a>");
}else{
    echo 'Text to send if user entered incorect username or password!';
    exit;
}
}
?>
***************

Share this post


Link to post
Share on other sites
well when all web browsers are closed it will automatically log-out,
as you're using sessions, you could use the simple javascript...
javascript:close.window();

otherwise you could use a function...
function AccountExit(){
$nick = $_SERVER['PHP_AUTH_USER'];
$passwd = $_SERVER['PHP_AUTH_PW'];
$admin_id = $_SESSION['id_admin'];
session_unset ("$nick,$passwd,$admin_id");
echo 'logged out';
}

Share this post


Link to post
Share on other sites
[b]xyn[/b], idea of the closing window is good, with maybe a information alert() or maybe a logout link with information on the logout page would also work. Apache, and most other servers do not have any implementation of logging out of a server based authorized session. There are hacks, like putting a different username and password into a URL string and sending them to a page and catching the login error and redirecting them. But that will not work in IE, as IE removed that option, it does work in every other browser that I have tested. As for the server implementation, only Sambar, both Linux and Window versions, supports logging out of a server controlled authorized session, because it has a built in session handler.

me!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.