how can i flush the content of....

zurron

how can i flush or empty the content of

$SERVER['PHP_AUTH_USER'],
$SERVER['PHP_AUTH_PW'].

Thanks

nnichols

Either unset or set it to null -

unset($_SERVER['PHP_AUTH_USER']);

// or

$_SERVER['PHP_AUTH_USER'] = NULL;

Hope this helps 😉

zurron

no, it does not work

it is my code

<?php
  function authenticate() {
    header('WWW-Authenticate: Basic realm="Test Authentication System"');
    header('HTTP/1.0 401 Unauthorized');
    echo "You must enter a valid login ID and password to access this resource\n";
    exit;
  }
 //* validete if the login exist using imap server*/
  function if_has_mail_account($login,$pass){
     if (($devuelve = @imap_open("{ip:port}INBOX",$login,$pass,OP_HALFOPEN))!=FALSE)
        {
                return 1;
        }
      return 0;
      }//end of the function

  if((if_has_mail_account($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))==1) {
   echo "<p>Welcome: {$_SERVER['PHP_AUTH_USER']}<br>";
       echo "<form action='{$_SERVER['PHP_SELF']}' METHOD='POST'>\n";
   echo "<input type='submit' value='Re Authenticate'>\n";
   echo "</form></p>\n";

   $_SERVER['PHP_AUTH_USER'] = NULL;
   $_SERVER['PHP_AUTH_PW']= NULL;
   }
  else authenticate();
?>

the basic idea is when i click the Re authenticate or reload button it will send againg the header.

but when i do it, the login password window does not appear
I don't know what to do, or what am i doing wrong

thanks

nnichols

Using the code I suggested will only null/unset the auth vars for the runtime of the script as the auth
details are automatically passed by the browser with every request.

To force the user to "Re Authenticate" you have to send the 401 header again. Try something like this -

if((if_has_mail_account($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))==1) {
	echo "<p>Welcome: {$_SERVER['PHP_AUTH_USER']}<br>";
	echo "<form action='{$_SERVER['PHP_SELF']}' METHOD='POST'>\n";
	echo "<input type='submit' name='re_auth' value='Re Authenticate'>\n";
	echo "</form></p>\n";
	}

and then add this to the top of your script -

if (isset($_POST['re_auth'])) {
	authenticate();
	}

Hope this helps 😉

zurron

it works....... but now the $_POST['re_auth'] is always set so it is calling authenticate() function over and over an do on,

so i tried to unset it with

unset($_POST['re_auth']);

but guess what....... it does not work,

can you explain to me which is the logical sequence of this script and if am i using the header properly

<?php
if (isset($_POST['re_auth'])) {
     authenticate();
    }

  function authenticate() {
    unset($_POST['re_auth']);
    header('WWW-Authenticate: Basic realm="Test Authentication System"');
    header('HTTP/1.0 401 Unauthorized'); 
    echo "You must enter a valid login ID and password to access this resource\n";
    exit;
  }
 //* validete if the login exist using imap server*/
  function if_has_mail_account($login,$pass){   

     if (($devuelve = @imap_open("{ip  port}INBOX",$login,$pass,OP_HALFOPEN))!=FALSE)
        {
                return 1;
        }
      return 0;
      }//end of the function


 if((if_has_mail_account($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))==1) {
   echo "<p>Welcome: {$_SERVER['PHP_AUTH_USER']}<br>";
   echo "<form action='{$_SERVER['PHP_SELF']}' METHOD='POST'>\n";
   echo "<input type='submit' name='re_auth' value='Re Authenticate'>\n";
   echo "</form></p>\n";
  echo "<input type='submit' name='re_auth' value='Re Authenticate'>\n";
   echo "</form></p>\n";
   }
  else authenticate();
?>


sorry if i made a stupid mistake

nnichols

I don't use 401 for auth as it is easier and more flexible to use your own authentication scheme.

One way round this would be to store the contents of the 2 auth vars in a session - and check the session vars instead of the auth vars. Then to re-auth the user you can unset the session vars.

What is the reason for needing to re-auth in this way?

Hope this helps 😉

Easier to use a separate script

zurron

I'm trying to request for the login and password each time.

but maybe is not the properly way.......

what do you advise to me.

nnichols

You want to require the users to re-login every time they refresh the page???

zurron

yes, at least this page

nnichols

WHY??? It doesn't make sense.

I can't think of anyway you can do it using 401 header.

Sorry 🙁

zurron

ok, ok. please don't be :mad:.

I just want that if the user click refresh or back button after a time the page ask for the login and password

🙁

nnichols

I would suggest searching some of the tutorials and here for authentication systems, or download an example from hotscripts. There are loads around (available for free) that expire logins.

Have a look and see what you find.

You will need to use sessions so you can track the user who is logged in and how long they have been logged in for. It might be worth looking at writing a custom session handler for this.

Let me know how you get on.

nnichols

Try this in place of your existing code -

<?
session_start();

$aDoAuth = True;
if(isset($PHP_AUTH_USER)) {
	if (if_has_mail_account($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])) {
		$aDoAuth = False;
		}
	}
if (isset($_SESSION['last_refresh'])) {
	if ((mktime()-$_SESSION['last_refresh'])>300){ // set to 300 seconds (5 mins)
		$aDoAuth = True;
		unset($_SESSION['last_refresh']);
	 	}
	}
if($aDoAuth == True) {
	header('WWW-Authenticate: Basic realm="Test Authentication System"');
	header('HTTP/1.0 401 Unauthorized'); 
	echo "You must enter a valid login ID and password to access this resource\n";
	exit;
	}

$_SESSION['last_refresh'] = mktime();

function if_has_mail_account($login,$pass) {

if (($devuelve = @imap_open("{ip<img src="images/smilies/tongue.gif" border="0" alt="">ort}INBOX",$login,$pass,OP_HALFOPEN))!=FALSE) {
	return 1;
        }
else {
	return 0;
	}

}//end of the function

echo "<p>Welcome: {$_SERVER['PHP_AUTH_USER']}<br>";
echo "<form action='{$_SERVER['PHP_SELF']}' METHOD='POST'>\n";
echo "<input type='submit' value='Re Authenticate'>\n";
echo "</form></p>\n";

?>

zurron

guess what..........it does not work
User Name: test
password : test

You must enter a valid login ID and password to access this resource

I don't what to do

😕