10 replies to this topic

[TavoxPeru]

Hi, i'm developing a web application which obviously requires a log in/log out script that i just implementing but i dont know why the log out script dont work fine.

The problem is related with the server variable $_SERVER['PHP_AUTH_USER'] which remains set even when in the log out script i unset it with the unset() function.

Does someone knows how can i reset or clear the server variable $_SERVER['PHP_AUTH_USER']???

Best regards,

[vicky99]

Dear TavoxPeru
I could not understand the meaning of the message which you tried to convey. Did you turned on the safe mode in the PHP configuration file, php.ini. You can find it under Windows folder if you are using Microsoft Windows. By default safe mode is turned off. The PHP safe mode is an attempt to solve the shared-server security problem. If this does not solve you problem then you must specify the error you are getting. Till then bye…

[Hercco]

I'm guessing that server always sets the variable. Even if the user is not authenticated (ie. has not typed anme and password) it sets the variable to empty string.

PHP itself gives a lot of liberties to the webserver regarding the _SERVER superglobal. In fact it allows to server to set none of the variables or set everything to empty or whatever. If you have access to the server configuration I'm sure you can change this behaviour. On the other hand, that wouldn't make for very portable code.

My suggestion is that, instead of checked whether the variable is set, you check whether it's an empty string or not. You could use strlen for example.

[Quatrux]

Well, using a login script with PHP Auth isn't the best method, but I had this problem too, I just did a simple login for one customer, I would do it differently for myself, I couldn't understand how to logout, the Authentication using this kind of way is saved in your browser I guess and server side, I never got into it, even changing the password on the script didn't help, I think that variable is created because the browser sends a http request with it. Anyway, I prefer to use sessions with cookies.

[TavoxPeru]

Vicky99:
No, i dont turned on the safe mode in the php config file, so i turn it on to check if this solve the problem but this dont solve it.

Hercco:
I will try your suggestion, i think it would work.

Quatrux:
If the suggestion made by Hercco dont work my last chance is to use sessions with cookies as you suggest.

Thanks a lot,

[TavoxPeru]

Well, finally my client decide not to use this approach. What i do is simply change it to a standard login script using a form with a text box and a password box and all works very fine, so sorry dudes, i hope sometime i could complete this approach.

For me, it is an incomplete task that i must finish soon.

Best regards,

PS: please admins let me know if i'm doing wrong when i post again and if the correct way was simply to include this in my previous post.

Edited by TavoxPeru, 24 August 2006 - 10:32 PM.

[Quatrux]

the $_SERVER['PHP_AUTH_USER']; is always set because your browser sends a http request containing this, so I never really got deeper into this, but this is the right way it should work, even though I think there needs to be a solution, because you can log off from CPanel, but I think they know better how to control http requests and stuff and I don't think that CPanel is written with PHP.

[minnieadkins]

I encountered this as well. I reset the password instead of resetting the auth I believe. I think that worked for me since you need a valid combo of auth/pass for my script to work.

Then as everyone else here stated I went with a standard input field login via post.