Oops, sent this message from the wrong email address, so the list rejected it.

Begin forwarded message:

> From: Stuart Dallas <stu...@3ft9.com>
> Subject: Re: [PHP] Basic Auth
> Date: 27 August 2013 16:36:27 BST
> To: jim.gi...@albanyhandball.com
> Cc: php-general@lists.php.net
> On 27 Aug 2013, at 15:59, Jim Giner <jim.gi...@albanyhandball.com> wrote:
>> On 8/27/2013 10:55 AM, Stuart Dallas wrote:
>>> On 27 Aug 2013, at 15:51, Jim Giner <jim.gi...@albanyhandball.com> wrote:
>>>> On 8/27/2013 10:39 AM, Stuart Dallas wrote:
>>>>> On 27 Aug 2013, at 15:18, Jim Giner <jim.gi...@albanyhandball.com> wrote:
>>>>>> On 8/27/2013 10:14 AM, Stuart Dallas wrote:
>>>>>>> It's not really confusing so long as you understand how PHP works. Each 
>>>>>>> request is brand new - nothing is retained from previous requests. The 
>>>>>>> two variable you're changing are set by PHP when the request comes in 
>>>>>>> from the browser. The fact you changed them in a previous request is 
>>>>>>> irrelevant because 1) that change was not communicated to the browser 
>>>>>>> in any way, and 2) PHP doesn't retain any data between requests [1].
>>>>>>> If you've been coding assuming that changes you make to global 
>>>>>>> variables are retained between requests you must have been having some 
>>>>>>> pretty frustrating times!
>>>>>>> -Stuart
>>>>>> Not really - this is the first time I've had something not work as 
>>>>>> expected.
>>>>> That was said with my tongue very much firmly in my cheek, and so is this:
>>>>>  I've been playing with dynamite since I was 4 - hey, it must be a safe, 
>>>>> proper thing to do!
>>>>> Just because nothing has blown up in your face yet doesn't mean it won't, 
>>>>> and I'm concerned that you might not actually see how important it is to 
>>>>> make sure you're using the tool correctly.
>>>>> -Stuart
>>>> This may very well be the first time with this problem because I haven't 
>>>> tried anything like this before.
>>>> That said - can you give me some pointers on how to do the JS solution?  
>>>> I'm calling a script that is similar to the one I used to signon.  It 
>>>> sends out something like:
>>>>       header("WWW-Authenticate: Basic realm=$realm");
>>>>       header('HTTP/1.0 401 Unauthorized');
>>>>       echo "<h3>You have entered invalid credentials<br>";
>>>>       echo "Click <a href='$return_url'> here </a> to return to the menu.";
>>>>       exit();
>>>> when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
>>>> So - to effect a signoff, what does one do?   You said to use an invalid 
>>>> value, but what do I do with that?  How do I ignore the 401?   Now I'm 
>>>> getting the signin dialog and I'm stuck.
>>> You don't need to do anything on the server-side. You simply need a JS 
>>> function that sends a request to a URL that requires basic auth, with an 
>>> Authenticate header that contains an invalid username and password. Then, 
>>> when your server responds with a 401 Authentication required (which it 
>>> should already do for an invalid request) you can set location.href to 
>>> whatever URL you want the logged out user to see.
>>> If you don't know how to make a request from Javascript -- commonly known 
>>> as an AJAX request -- then google for it. I'd recommend the jquery library 
>>> if you want a very easy way to do it.
>>> -Stuart
>> I am familiar with an ajax request (xmlhttprequest) and I have a function 
>> ready to call a script to effect this signoff.  I just don't know what to 
>> put in that php script I'm calling.  From what you just wrote I'm guessing 
>> that my headers as shown previously  may be close - I"m confused about your 
>> mention of "contains an invalid username...".  As you can see from my sample 
>> I don't include such a thing.
> From the Javascript, request any URL that requires authentication - it 
> doesn't matter. When you make the AJAX request, pass an Authentication header 
> that contains an invalid username and password. If you don't know what I mean 
> by that, please google how HTTP Basic Auth works.
> -Stuart
> -- 
> Stuart Dallas
> 3ft9 Ltd
> http://3ft9.com/

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to