WWW-Authenticate, logout

jadams1023

I am trying to make a page that requires user login and allow them to also log out.
What i have works.. but requires the user to attempt to log back in with an incorrect username and password for it to actually save the cleared values for

$_SERVER['PHP_AUTH_USER']

I put a // note in code where im having the trouble.

<?php
session_start();
ini_set("session.gc_maxlifetime","1440");

require_once('db_login.php');
set_include_path('.:/home/content/r/e/d/redpanda/html/PEAR/PEAR/');
require_once 'DB.php';

$connection  =  DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if  (DB::isError($connection)){
die  ("Could  not  connect  to  the  database:  <br  />".  DB::errorMessage($connection));
}

//LOGOUT
//This works but user has to submit a blank username and password
if(isset($_GET['session'])){
 $session = $_GET['session'];
 if($session == "logout") {
 unset($_SESSION['user_id']);
 unset($_SESSION['username']);
 unset($_SESSION['name']);
 unset($_SERVER['PHP_AUTH_USER']);
 unset($_SERVER['PHP_AUTH_PW']);
 header('WWW-Authenticate: Basic realm="Admin Area"');
 header("HTTP/1.1 401 Unauthorized");
 echo "You are logged out!";
 exit;
}}
// END OF LOGOUT

if(empty($_SESSION['user_id'])) {
	if (!isset($_SERVER['PHP_AUTH_USER']) ||
	!isset($_SERVER['PHP_AUTH_PW'])) {
	header('WWW-Authenticate: Basic realm="Admin Area"');
	header("HTTP/1.1 401 Unauthorized");
	echo "You must enter in a username and password combination!";
	exit;
}

$username = mysql_real_escape_string($_SERVER['PHP_AUTH_USER']);
$password = mysql_real_escape_string($_SERVER['PHP_AUTH_PW']);
$query = "SELECT * FROM `admin` WHERE `username` = '".$username."' AND `password` = MD5('".$password."') LIMIT 1";
$result = $connection->query($query); 



if(!$row = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
	header('WWW-Authenticate: Basic realm="Admin Area"');
	header("HTTP/1.1 401 Unauthorized");
	echo "Your username and password combination was incorrect!";
	exit;
}

$_SESSION['user_id'] = $row['user_id'];
$_SESSION['username'] = $row['username'];
$_SESSION['name'] = $row['name'];



$connection->disconnect();

}
?>