Reet. This is my problem.
I have HTTP authentication in my application, this is in a script called login.php.
login.php:
Code: Select all
<?php
//Start the session
session_start();
//If the username session isn't set
if(!isset($_SESSION['username'])) {
//If the submitted username and password do not match those required
if($_SERVER['PHP_AUTH_USER'] !== SITE_USER || $_SERVER['PHP_AUTH_PW'] !== SITE_PASS) {
//Prompt for login
header('WWW-Authenticate: Basic realm="Wright & Shields Vehicle Management System"');
//Show an unauthorized page if cancel is clicked
header('HTTP/1.0 401 Unauthorized');
} else {
//Log the user in
$_SESSION['username'] = $_SERVER['PHP_AUTH_USER'];
}
}
?>Anyway, pages I want to protect start like this:
index.php
Code: Select all
<?php
//Get the config
require('includes/config.php');
//Show the login
require('includes/php/login.php');
//Set the page title and include the HTML header
$page_title = 'Welcome';
include('includes/html/header.html');
//Show some jibberish introduction
echo '<b><u>' . $_SESSION['username'] . '</u>, Welcome to the Wright & Shields Vehicle Management System!</b><br />
<br />
Please navigate the system using the links at the top.<br />';
//Include the HTML footer
include('includes/html/footer.html');
?>Now, if I click logout.
logout.php
Code: Select all
<?php
//Start the session
session_start();
//Show the HTML header
echo '
<html>
<head>
<title>Wright & Shields Vehicle Management System: Log Out</title>
<link rel="StyleSheet" href="includes/css/style.css" />
</head>
<body>
<center>
<a href="index.php"><img src="images/logo.jpg" border="0" alt="Wright & Shields Vehicle Management System" /></a><br />
<br />';
//If the user is logged in
if(isset($_SESSION['username'])) {
//Log them out
$_SESSION = array(); //Clear the session array
session_destroy(); //Destroy the session
setcookie('PHPSESSID', '', time()-300, '/', '', 0); //Wipe the users cookie
unset($_SERVER['PHP_AUTH_USER']); //Unset the username
unset($_SERVER['PHP_AUTH_PW']); //Unset the password
//Show a success msg
echo 'You are now logged out.';
} else {
//Show an error
echo 'You aren\'t logged in.';
}
//Show the HTML footer
echo '
<br />
<br />
<a href="index.php">Go Back</a><br />
<br />
© Copyright <a href="http://www.wrightandshields.co.uk">Wright & Shields</a> 2006.
</center>
</body>
</html>';
?>I must be missing something, but I don't know what it is.
Help!!