Re: [PHP] HTTP authentication : logout!!!

2001-05-08 Thread Mauricio Souza Lima 


Cool, you have found another way!
So the realm make diference? A user loged in a realm isn't the same in
other realm? Very cool...
Explain better your solution to us.

Regards,

Don Read wrote:
> 
> On 07-May-01 Mauricio Souza Lima wrote:
> 
> > And you have to inform the user to clean the password field, click ok,
> > then the pop-up will open again, then user click in cancel.
> >
> > I just know that way to do. If anyone know another way, Postit!
> >
> 
> create a tmp directory
> 
> 
> logoff.php3:
> 
> require('secure.php3');
> authuser("Logoff"); // validate user (possible Dos attack here)
> 
> $fname="tmp/$PHP_AUTH_USER";
> touch($fname);
> Header("Location: http://www.mydomain.com/index.html";);
> 
> -
> 
> secure.php3:
> 
> function checklogin($user,$pass='',$realm='') {
> if (! dbInit()) {
> echo "\n\n";
> die("Unable to contact database server");
> }
> 
> $fname="tmp/$user";
> if (file_exists($fname)) {
> unlink($fname);
> return(false);
> }
> $query="select login from users
>   where login='$user' and password=PASSWORD('$pass')";
> // echo $query .'';
> $result = mysql_query( $query);
> $row = mysql_fetch_object($result);
> if ($row) {
> return(true);
> }
> return(false);
> }
> 
> function authheader($realm) {
> Header('WWW-authenticate: basic realm="'.$realm .'"');
> Header('HTTP/1.0 401 Unauthorized');
> echo "\n\n";
> }
> 
> function authuser($realm='Access') {
> global $PHP_AUTH_USER, $PHP_AUTH_PW;
> 
> if (! (isset($PHP_AUTH_USER)) ) {
> authheader($realm);
> exit;
> }
> if (! (checklogin($PHP_AUTH_USER, $PHP_AUTH_PW, $realm)) ) {
> authheader($realm);
> echo 'Failed Login';
> exit;
> }
> }
> 
> Regards,
> --
> Don Read   [EMAIL PROTECTED]
> -- It's always darkest before the dawn. So if you are going to
>steal the neighbor's newspaper, that's the time to do it.

-- 
Mauricio Souza Lima
Programador - Catho ONLINE
[EMAIL PROTECTED] www.catho.com.br
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] HTTP authentication : logout!!!

2001-05-07 Thread Mauricio Souza Lima 

It dont work, what you have to do is that:
In the logout.php:
--


Logout Sucessful

--

And you have to inform the user to clean the password field, click ok, 
then the pop-up will open again, then user click in cancel.

I just know that way to do. If anyone know another way, Postit!




elias wrote:
> 
> Never tried it though...but can you try to empty or unset the
> $PHP_AUTH_USER/PWD ?
> 
> -elias
> http://www.eassoft.cjb.net
> 
> ""Thomas Edison Jr."" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > i'm using http authentication for my php pages
> > (members area). Once you login correctly, than you can
> > access anypage as the authentication box doesn't
> > pop-up.
> >
> > Now i woul like to create a logout link after clicking
> > on which, whenever you click on a page using auth, the
> > auth box should pop-up again and you must feed in your
> > user/pass. What should this logout page contain? what
> > coding do i have to do?
> > From what i understand, there is a $auth which is
> > "False" by default. When auth is succesfull, it
> > contains "True". And once it's true, the auth box
> > doesn't pop-up. I understand that probably clicking on
> > this "logout" link should again make $auth false. But
> > then $auth is on a lot of pages, how does this $auth
> > on logout.php3 make all the other $auth's false?
> >
> > or is there some other way?
> >
> > the code i'm using for auth is :
> >
> > ***
> >  > $auth = false; // Assume user is not authenticated
> > if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
> >
> > mysql_connect('localhost','root') or die (
> > 'Unable to connect to server.' );
> > mysql_select_db( 'skynet' ) or die ( 'Unable
> > to select database.' );
> >
> > // Formulate the query
> >
> > $sql = "SELECT * FROM register WHERE
> > username = '$PHP_AUTH_USER' AND
> > password = '$PHP_AUTH_PW'";
> >
> > // Execute the query and put results in $result
> >
> > $result = mysql_query( $sql ) or die ( 'Unable to
> > execute query.' );
> >
> > // Get number of rows in $result.
> > $num = mysql_numrows( $result );
> > if ( $num != 0 ) {
> >
> > // A matching row was found - the user is
> > authenticated.
> >
> > $auth = true;
> > }
> > }
> >
> > if ( ! $auth ) {
> >
> > header( 'WWW-Authenticate: Basic realm="Private"'
> > );
> > header( 'HTTP/1.0 401 Unauthorized' );
> > echo 'Authorization Required.';
> > exit;
> >
> > } else {
> >
> > %%stuff 2 do%%
> >
> > }
> > ?>
> > ***
> >
> > Regards,
> > T. Edison jr.
> >
> >
> >
> > =
> > Rahul S. Johari (Director)
> > **
> > Abraxas Technologies Inc.
> > Homepage : http://www.abraxastech.com
> > Email : [EMAIL PROTECTED]
> > Tel : 91-4546512/4522124
> > ***
> >
> > __
> > Do You Yahoo!?
> > Yahoo! Auctions - buy the things you want at great prices
> > http://auctions.yahoo.com/
> >

-- 
Mauricio Souza Lima
Programador - Catho ONLINE
[EMAIL PROTECTED] www.catho.com.br
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]