On 27 Aug 2013, at 15:51, Jim Giner <jim.gi...@albanyhandball.com> wrote:

> On 8/27/2013 10:39 AM, Stuart Dallas wrote:
>> On 27 Aug 2013, at 15:18, Jim Giner <jim.gi...@albanyhandball.com> wrote:
>>> On 8/27/2013 10:14 AM, Stuart Dallas wrote:
>>>> It's not really confusing so long as you understand how PHP works. Each 
>>>> request is brand new - nothing is retained from previous requests. The two 
>>>> variable you're changing are set by PHP when the request comes in from the 
>>>> browser. The fact you changed them in a previous request is irrelevant 
>>>> because 1) that change was not communicated to the browser in any way, and 
>>>> 2) PHP doesn't retain any data between requests [1].
>>>> If you've been coding assuming that changes you make to global variables 
>>>> are retained between requests you must have been having some pretty 
>>>> frustrating times!
>>>> -Stuart
>>> Not really - this is the first time I've had something not work as expected.
>> That was said with my tongue very much firmly in my cheek, and so is this:
>>   I've been playing with dynamite since I was 4 - hey, it must be a safe, 
>> proper thing to do!
>> Just because nothing has blown up in your face yet doesn't mean it won't, 
>> and I'm concerned that you might not actually see how important it is to 
>> make sure you're using the tool correctly.
>> -Stuart
> This may very well be the first time with this problem because I haven't 
> tried anything like this before.
> That said - can you give me some pointers on how to do the JS solution?  I'm 
> calling a script that is similar to the one I used to signon.  It sends out 
> something like:
>        header("WWW-Authenticate: Basic realm=$realm");
>        header('HTTP/1.0 401 Unauthorized');
>        echo "<h3>You have entered invalid credentials<br>";
>        echo "Click <a href='$return_url'> here </a> to return to the menu.";
>        exit();
> when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
> So - to effect a signoff, what does one do?   You said to use an invalid 
> value, but what do I do with that?  How do I ignore the 401?   Now I'm 
> getting the signin dialog and I'm stuck.

You don't need to do anything on the server-side. You simply need a JS function 
that sends a request to a URL that requires basic auth, with an Authenticate 
header that contains an invalid username and password. Then, when your server 
responds with a 401 Authentication required (which it should already do for an 
invalid request) you can set location.href to whatever URL you want the logged 
out user to see.

If you don't know how to make a request from Javascript -- commonly known as an 
AJAX request -- then google for it. I'd recommend the jquery library if you 
want a very easy way to do it.


Stuart Dallas
3ft9 Ltd

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to