PHP: HTTP Basic - Logout

Question

PHP: HTTP Basic - Logout

I would install it where, if someone sends a request to "log out", he will automatically transfer them to the page with the message "successful logout". If the client tries to click the "Back" button or go to a restricted area, it will again ask for HTTP confirmation.

What I still know:

example.com/restricted/index.php:

<?php   
    session_start();

    if(isset($_GET['logout']))
    {
        unset($_SESSION["login"]);
        header("location: ../logout.php");
        exit;
    }

    if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !isset($_SESSION["login"]))
    {

        header("HTTP/1.0 401 Unauthorized");
        header("WWW-authenticate: Basic realm=\"Tets\"");
        header("Content-type: text/html");
        $_SESSION["login"] = true;
        // Print HTML that a password is required
        exit;
    }
?>
// The rest of the page is then displayed like normal

example.com/logout.php, example.com/restricted/index.php?logout. , , HTTP- (???), (?), , .

, , : / , , login true... GET , logout.php... , , , , [login] .

PHP . , HTTP Basic SQL, meh. .

: MySQL, . MySQL PHP ()

+5

http php session

ParoX 16 . '10 4:43

3

.

2 : index.php logout.php

index.php:

# CHECK LOGIN.
if (!isset($_SESSION["loged"])) {
    $_SESSION["loged"] = false;
} else {
    if (isset( $_SERVER['PHP_AUTH_USER'] ) && isset($_SERVER['PHP_AUTH_PW'])) {
        if (($_SERVER['PHP_AUTH_USER'] == L_USER) && (md5($_SERVER['PHP_AUTH_PW']) == L_PASS)) {
            $_SESSION["loged"] = true;
        }
    }
}
if ($_SESSION["loged"] === false) {
    header('WWW-Authenticate: Basic realm="Need authorization"');
    header('HTTP/1.0 401 Unauthorized');
    die('<br /><br />
    <div style="text-align:center;">
       <h1 style="color:gray; margin-top:-30px;">Need authorization</h1>
    </div>');
}

logout.php:

session_start();
$_SESSION["loged"] = false; // We can't use unset($_SESSION) when using HTTP_AUTH.
session_destroy();

+1

RO-Daniel 21 . '13 11:19

You can use a meta tag http-equiv="refresh"with a very short response time (for example, content="1"). This update will clear everything $_POST.

if ( !isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!='myusername' || $_SERVER['PHP_AUTH_PW']!='mypassword' || isset($_POST['logout']) ) {
    header('WWW-Authenticate: Basic realm="My protected area"');
    header('HTTP/1.0 401 Unauthorized');
    echo '<html><head><title>401 Unauthorized</title><meta http-equiv="refresh" content="1"></head><body><h1>401 Unauthorized</h1><p>You are not allowed to see this page. Reload the page to try again.</p></body></html>';
    exit();
}

0

TCP May 28 '15 at 9:58

source share

Luke Stevenson · Accepted Answer · 2010-08-16T04:55:10+0000

:

<?php   
  session_start();

  if( isset( $_GET['logout'] ) )
  {
    session_destroy();
    header('Location: ../logout.php');
    exit;
  }

  if( !isset( $_SESSION['login'] ) )
  {
    if( !isset( $_SERVER['PHP_AUTH_USER'] ) || !isset( $_SERVER['PHP_AUTH_PW'] ) )
    {
      header("HTTP/1.0 401 Unauthorized");
      header("WWW-authenticate: Basic realm=\"Tets\"");
      header("Content-type: text/html");
      // Print HTML that a password is required
      exit;
    }
    else
    {
      // Validate the $_SERVER['PHP_AUTH_USER'] & $_SERVER['PHP_AUTH_PW']
      if( $_SERVER['PHP_AUTH_USER']!='TheUsername'
          || $_SERVER['PHP_AUTH_PW']!='ThePassword' )
      {
        // Invalid: 401 Error & Exit
        header("HTTP/1.0 401 Unauthorized");
        header("WWW-authenticate: Basic realm=\"Tets\"");
        header("Content-type: text/html");
        // Print HTML that a username or password is not valid
        exit;
      }
      else
      {
        // Valid
        $_SESSION['login']=true;
      }
    }
  }
?>
// The rest of the page is then displayed like normal

PHP: HTTP Basic - Logout

More articles: