unset $_SERVER['PHP_AUTH_USER'] problems

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
duk
Forum Contributor
Posts: 199
Joined: Wed May 19, 2004 8:45 am
Location: London

unset $_SERVER['PHP_AUTH_USER'] problems

Post by duk »

hy,

im having problems to unset variables $_SERVER..

is a login system class and have a function like this

Code: Select all

function check_login($user,$pwd) {
       
     $sql = "select name,password,id from users where name='$user' and password='$pwd' ";
     $exec_sql = mysql_db_query(DB_NAME, $sql);
     $result = mysql_fetch_row($exec_sql);
     if ($result[2] != 0) {
echo $_SERVER['PHP_AUTH_USER'] . $_SERVER['PHP_AUTH_PW'];
          echo $result[0] . $result[1];
         $this->user_id = $result[2];
         return TRUE;
     } else {
         return FALSE;
     }
to do a logout, i have another page, that just destroy session variables, remove the cookie and try to unset the $_SERVER variables

like this:

Code: Select all

<?php
  session_destroy();
  setcookie("CINTRA", $_COOKIE['CINTRA'], time()-3600);
  $_SERVER['PHP_AUTH_USER'] = "";
  $_SERVER['PHP_AUTH_PW'] = "";
  unset($_SERVER['PHP_AUTH_USER']);
  unset($_SERVER['PHP_AUTH_PW']);

  ob_end_clean();
  exit;
  
?>
<meta http-equiv="refresh" content="2;url=http://localhost/">
to ask for the user and pwd:

Code: Select all

if (!isset($_COOKIE['CINTRA'])) {
   if (isset($_SERVER['PHP_AUTH_USER'] ) || isset($_SERVER['PHP_AUTH_PW']) ) {                                  
       
       
       
       

       $login = $obj_cookie->check_login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);       
        if ($login) {
            
            // set cookie
            $obj_cookie->set_cookie($_SERVER['PHP_AUTH_USER']);
        } else {
            
           header( 'WWW-Authenticate: Basic realm="Private"' );
           header( 'HTTP/1.0 401 Unauthorized' );
           echo 'Authorization Required.';  
           exit; 
        }    
   } else {
    header( 'WWW-Authenticate: Basic realm="Private"' );
    header( 'HTTP/1.0 401 Unauthorized' );
    echo 'Authorization Required.';  
    exit;
    }
}
but when goes again to localhost the index.php nothing happen and the script on echo $result[0] and echo $result[1] and the echo to PHP_AUTH is able to print the correct result that is in DB and the echo PHP_AUTH prints correctly to that means that $_SERVER['PHP_AUTH_USER'] and PW are set... i dont understand
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

those variables cannot be unset in the way you are thinking as those values are kept in the browser and sent with each page request after being set.
duk
Forum Contributor
Posts: 199
Joined: Wed May 19, 2004 8:45 am
Location: London

Post by duk »

that means i can not unset this variable.. just closing the browser ???

if so, maybe i need to register some session variable after the login and with session destroy will unset becouse i just have if (!isset($_COOKIE['CINTRA'])) and the best solution will be add if (!isset($_SESSION['logged']))
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

duk
Forum Contributor
Posts: 199
Joined: Wed May 19, 2004 8:45 am
Location: London

Post by duk »

wow nice

so how have you done your logout script ?? or have ou change for a POST method ?

im thinking if i cant unset this vars, i need to change to POST method...
Post Reply