Jump to content

Logging out from an HTTP Authorization

ferrins

By ferrins
in PHP Coding Help

 Share

Recommended Posts

ferrins Newbie

ferrins

Posted
Posted
Hi everybody! A friend of mine gave me a hand to finish the script that follows, it works ok so, of course, feel free to use it in your sites. Now the problem is that I can't log out!!! I've tried to unset the $_SERVER['PHP_AUTH_USER'])) and the $_SERVER['PHP_AUTH_PW'])) but I can't figure out why it doesn't log out. So here you have the script to log in, any idea to log put will be much appreciated!!!

<?php
session_start();
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="admin"');
header('HTTP/1_0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
$nick = $_SERVER['PHP_AUTH_USER'];
$passwd = $_SERVER['PHP_AUTH_PW'];

$sql = "SELECT nick,passwd,id_admin FROM admin WHERE nick='$nick' AND passwd='$passwd'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($res);
if( $row['nick']==$nick && $row['passwd']==$passwd ){
$_SESSION['id_admin']=$row['id_admin'];
/* redirect id the username or pass are correct */
$redirect = "admin/index.php";
header("Location: {$redirect}");
die("If the page doesn't redirect click <a href='{$redirect}'>here</a>");
}else{
    echo 'Text to send if user entered incorect username or password!';
    exit;
}
}
?>
***************
Link to comment
Share on other sites
xyn Advanced Member

xyn

Posted
Posted
well when all web browsers are closed it will automatically log-out,
as you're using sessions, you could use the simple javascript...
javascript:close.window();

otherwise you could use a function...
function AccountExit(){
$nick = $_SERVER['PHP_AUTH_USER'];
$passwd = $_SERVER['PHP_AUTH_PW'];
$admin_id = $_SESSION['id_admin'];
session_unset ("$nick,$passwd,$admin_id");
echo 'logged out';
}
Link to comment
Share on other sites
printf Newbie

printf

Posted
Posted
[b]xyn[/b], idea of the closing window is good, with maybe a information alert() or maybe a logout link with information on the logout page would also work. Apache, and most other servers do not have any implementation of logging out of a server based authorized session. There are hacks, like putting a different username and password into a URL string and sending them to a page and catching the login error and redirecting them. But that will not work in IE, as IE removed that option, it does work in every other browser that I have tested. As for the server implementation, only Sambar, both Linux and Window versions, supports logging out of a server controlled authorized session, because it has a built in session handler.

me!
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.