log out from $PHP_AUTH_USER

Anon

Hi,

I have a simple question, but I can't find the answer anywhere:

I have a series of page secured with the well known script here below.

However, the only way for the browser to forget the user/password
combination is to quit the browser. Is there another way and if yes, which
one.?

Ideally I would like to create a button or link on the secured pages which
says <log-out> after which the user is brought back to the non-secured
wellcome page (via javascript for instance).

Any suggestion is welcome. Thanks in advance!

Herman

// File Name: auth.php

// Check to see if $PHP_AUTH_USER already contains info

if (!isset($PHP_AUTH_USER)) {

// If empty, send header causing dialog box to appear

header('WWW-Authenticate: Basic realm="Infonomics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorisation required.';
exit;

} elseif (isset($PHP_AUTH_USER)) {

if (($PHP_AUTH_USER == "user1" and $PHP_AUTH_PW != "password1")
or ($PHP_AUTH_USER == "user2" and $PHP_AUTH_PW != "password2")) {

header('WWW-Authenticate: Basic realm="Infonomics"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorisation required.';
exit;

}

}
?>

--
International Institute of Infonomics
PO Box 2606
NL-6401 DC Heerlen
the Netherlands

tel: +31 45 570 76 90
fax: +31 45 570 62 62
web: http://www.infonomics.nl

For a free weekly digest of ICT news delivered directly to your email box,
go to http://www.infonomics.nl/subscribe_ict.htm and subscribe to "ICT
Weekly".

bunka

Make a link for them to logoff and you could try setting the $PHP_AUTH_USER to ""

<?
//logoff.php
//set value of variable to null so show box

if($PHP_AUTH_USER != "")
//if $PHP_AUTH_USER does not equal null,
//set it to null and show them as logged off
{
$PHP_AUTH_USER = "";
echo "You logged off!";
}
else
//if it is already null, tell them they are
//already logged off
{
echo "You are already logged off!";
}

That should work, I'm kinda tired so don't blame me if it doesn't! hehe 😛

bunka

Make a link for them to logoff and you could try setting the $PHP_AUTH_USER to ""

(Sorry forgot to take off show box..told you I was tired 😛)

<?
//logoff.php
//set value of variable to null

That should work, I'm kinda tired so don't blame me if it doesn't! hehe 😛

Anon

Thanks Bob 🙂 That was real helpful

but I have a small doubt. When I press the back button of he browser, it goes back to the same page and i am able to access its features (It shows I am still logged in!), which means technically I have not logged off .. Is there anyway to prevent this ??? I am working on it and I would appreciate if anyone could post on this..

Thanks and regards
smitha

PS: I'll definitely let all know if I get it to work 🙂

blackmamba

Try bob's script again but this time set $PHP_AUTH_USER = null; , seen as an empty string is still a value, null is no value. And to test it use isset ( $PHP_AUTH_USER )