Replying to How To Reset The Server Variable Php_auth_user

How To Reset The Server Variable Php_auth_user
Hi, Just put unset($_SERVER['PHP_AUTH_USER']); unset($_SERVER['PHP_AUTH_PW']);BEFORE THE AUTENTIFICATION CHECK! IT'S IMPORTANT, 'case else it doesn't work...
-reply by CRISTI

How To Reset The Server Variable Php_auth_user
How To Reset The Server Variable Php_auth_user

Simply in logout function you have to change the value of $_SERVER['PHP_AUTH_USER'];.And check again loin function. If user name will not matched that was set in $_SERVER['PHP_AUTH_USER'] variable automatically it will call header.(I have done it).

-reply by sana ullah

I have same problem, Only close browser is the solution for that:) use window.Close () for the clear the sever variable.

I encountered this as well. I reset the password instead of resetting the auth I believe. I think that worked for me since you need a valid combo of auth/pass for my script to work.

Then as everyone else here stated I went with a standard input field login via post.

the $_SERVER['PHP_AUTH_USER']; is always set because your browser sends a http request containing this, so I never really got deeper into this, but this is the right way it should work, even though I think there needs to be a solution, because you can log off from CPanel, but I think they know better how to control http requests and stuff and I don't think that CPanel is written with PHP.

Well, finally my client decide not to use this approach. What i do is simply change it to a standard login script using a form with a text box and a password box and all works very fine, so sorry dudes, i hope sometime i could complete this approach.

For me, it is an incomplete task that i must finish soon.

Best regards,

PS: please admins let me know if i'm doing wrong when i post again and if the correct way was simply to include this in my previous post.

Vicky99:
No, i dont turned on the safe mode in the php config file, so i turn it on to check if this solve the problem but this dont solve it.

Hercco:
I will try your suggestion, i think it would work.

Quatrux:
If the suggestion made by Hercco dont work my last chance is to use sessions with cookies as you suggest.

Thanks a lot,

Well, using a login script with PHP Auth isn't the best method, but I had this problem too, I just did a simple login for one customer, I would do it differently for myself, I couldn't understand how to logout, the Authentication using this kind of way is saved in your browser I guess and server side, I never got into it, even changing the password on the script didn't help, I think that variable is created because the browser sends a http request with it. Anyway, I prefer to use sessions with cookies.

I'm guessing that server always sets the variable. Even if the user is not authenticated (ie. has not typed anme and password) it sets the variable to empty string.

PHP itself gives a lot of liberties to the webserver regarding the _SERVER superglobal. In fact it allows to server to set none of the variables or set everything to empty or whatever. If you have access to the server configuration I'm sure you can change this behaviour. On the other hand, that wouldn't make for very portable code.

My suggestion is that, instead of checked whether the variable is set, you check whether it's an empty string or not. You could use strlen for example.

Dear TavoxPeru
I could not understand the meaning of the message which you tried to convey. Did you turned on the safe mode in the PHP configuration file, php.ini. You can find it under Windows folder if you are using Microsoft Windows. By default safe mode is turned off. The PHP safe mode is an attempt to solve the shared-server security problem. If this does not solve you problem then you must specify the error you are getting. Till then bye…