faqts : Computers : Programming : Languages : PHP : Common Problems : Tips and Tricks

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

45 of 73 people (62%) answered Yes
Recently 6 of 10 people (60%) answered Yes

Entry

How can I reset $PHP_AUTH_USER to log out a user?

May 23rd, 2000 06:04
Vincent Vatter, Nathan Wallace, Richard Lynch
 


Make the user quit the browser.

Unfortunately, the only other option rumored to work is to change 
realm 
out from under the user, while keeping track of who's who on the 
server, 
and what realm[s] they have used.  This is so funky, that nobody 
has 
documented it very well how to do it.

---------------

Here is a code chunk I use all the time.  It essentially puts 
authentication in the database server's hands.  To log out a user, 
just send the headers in the auth() function.

<?php

function auth() {
  header('WWW-Authenticate: Basic realm="THIS_REALM"');
  header('HTTP/1.0 401 Unathorized');
  echo '<html>';
  echo '<meta http-equiv="refresh" 
content="0;URL=THIS_PAGE_URL">';
  echo "You're username and password must be incorrect.  Please 
wait and you will be prompted again.";
  echo '</html>';
  exit;
}

if (!isset($PHP_AUTH_USER)) {
  // if empty, send header causing popup login box
  auth();
} else {
  // now they are authenticated.  we'll just use their username and 
password for MySQL to see if they have the correct password
  // @ symbol means to supress errors
  // notice the "or auth()", if the connection fails this causes the user 
to be prompted for their information again
  $connection = 
@mysql_connect("localhost",$PHP_AUTH_USER,$PHP_AUTH_P
W) or auth();
}

// now just go on like normal

?>