|
|
Posted by Terje Bonvik on 08/03/05 17:52
John skrev:
> Hi,
>
> I athenticate my usres thanks to http identification.
> It works fine... still, I can't diconnect them.
> the 2 vars _SERVER["PHP_AUTH_USER"] and _SERVER["PHP_AUTH_PW"] are set and I
> can't get rid of them !!
> can you help me ?
>
> thanks,
>
> --
> john
>
>
This seems to work, uses a db to check user/pass and is probably not the
best way to do it. The user have to press cancel when "forced" to see
the login-screen again to logout.
I'm pretty new in this fun world of php, so my coding might not be the
best :)
- Terje
<?php
function auth() {
header( 'WWW-Authenticate: Basic realm="Private - press cancel to
logout"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.<br />';
echo '<a href="index.php">Login</a>';
exit;
}
$auth = false; // Assume user is not authenticated
// Check if logging out - force login window
if ( isset($_GET['logout']) && $_GET['logout'] == true) {
auth();
}
if (isset( $_SERVER['PHP_AUTH_USER'] ) && isset($_SERVER['PHP_AUTH_PW'])) {
// Connect to MySQL
mysql_connect( 'localhost', 'user', 'pass' ) or die ( 'Unable to
connect to server.' );
// Select database on MySQL server
mysql_select_db( 'testdb' ) or die ( 'Unable to select database.' );
// Formulate the query
$sql = "SELECT * FROM auth WHERE username = '$_SERVER[PHP_AUTH_USER]'
AND password = '$_SERVER[PHP_AUTH_PW]'";
// Execute the query and put results in $result
$result = mysql_query( $sql ) or die ( 'Unable to execute query.' );
// Get number of rows in $result
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
$auth = true;
}
}
if ( !$auth ) {
auth();
} else {
echo 'You are authorized!<br />';
echo '<a href="index.php?logout=true">Logout</a>';
}
?>
Navigation:
[Reply to this message]
|