Page 1 of 1

unset $_SERVER['PHP_AUTH_USER'] problems

Posted: Tue Feb 07, 2006 4:39 am
by duk
hy,

im having problems to unset variables $_SERVER..

is a login system class and have a function like this

Code: Select all

function check_login($user,$pwd) {
       
     $sql = "select name,password,id from users where name='$user' and password='$pwd' ";
     $exec_sql = mysql_db_query(DB_NAME, $sql);
     $result = mysql_fetch_row($exec_sql);
     if ($result[2] != 0) {
echo $_SERVER['PHP_AUTH_USER'] . $_SERVER['PHP_AUTH_PW'];
          echo $result[0] . $result[1];
         $this->user_id = $result[2];
         return TRUE;
     } else {
         return FALSE;
     }
to do a logout, i have another page, that just destroy session variables, remove the cookie and try to unset the $_SERVER variables

like this:

Code: Select all

<?php
  session_destroy();
  setcookie("CINTRA", $_COOKIE['CINTRA'], time()-3600);
  $_SERVER['PHP_AUTH_USER'] = "";
  $_SERVER['PHP_AUTH_PW'] = "";
  unset($_SERVER['PHP_AUTH_USER']);
  unset($_SERVER['PHP_AUTH_PW']);

  ob_end_clean();
  exit;
  
?>
<meta http-equiv="refresh" content="2;url=http://localhost/">
to ask for the user and pwd:

Code: Select all

if (!isset($_COOKIE['CINTRA'])) {
   if (isset($_SERVER['PHP_AUTH_USER'] ) || isset($_SERVER['PHP_AUTH_PW']) ) {                                  
       
       
       
       

       $login = $obj_cookie->check_login($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);       
        if ($login) {
            
            // set cookie
            $obj_cookie->set_cookie($_SERVER['PHP_AUTH_USER']);
        } else {
            
           header( 'WWW-Authenticate: Basic realm="Private"' );
           header( 'HTTP/1.0 401 Unauthorized' );
           echo 'Authorization Required.';  
           exit; 
        }    
   } else {
    header( 'WWW-Authenticate: Basic realm="Private"' );
    header( 'HTTP/1.0 401 Unauthorized' );
    echo 'Authorization Required.';  
    exit;
    }
}
but when goes again to localhost the index.php nothing happen and the script on echo $result[0] and echo $result[1] and the echo to PHP_AUTH is able to print the correct result that is in DB and the echo PHP_AUTH prints correctly to that means that $_SERVER['PHP_AUTH_USER'] and PW are set... i dont understand

Posted: Tue Feb 07, 2006 9:00 am
by feyd
those variables cannot be unset in the way you are thinking as those values are kept in the browser and sent with each page request after being set.

Posted: Tue Feb 07, 2006 10:11 am
by duk
that means i can not unset this variable.. just closing the browser ???

if so, maybe i need to register some session variable after the login and with session destroy will unset becouse i just have if (!isset($_COOKIE['CINTRA'])) and the best solution will be add if (!isset($_SESSION['logged']))

Posted: Tue Feb 07, 2006 10:23 am
by jayshields

Posted: Tue Feb 07, 2006 10:29 am
by duk
wow nice

so how have you done your logout script ?? or have ou change for a POST method ?

im thinking if i cant unset this vars, i need to change to POST method...