Oops, sent this message from the wrong email address, so the list rejected it.
Begin forwarded message: > From: Stuart Dallas <stu...@3ft9.com> > Subject: Re: [PHP] Basic Auth > Date: 27 August 2013 16:36:27 BST > To: jim.gi...@albanyhandball.com > Cc: php-general@lists.php.net > > On 27 Aug 2013, at 15:59, Jim Giner <jim.gi...@albanyhandball.com> wrote: > >> On 8/27/2013 10:55 AM, Stuart Dallas wrote: >>> On 27 Aug 2013, at 15:51, Jim Giner <jim.gi...@albanyhandball.com> wrote: >>> >>>> On 8/27/2013 10:39 AM, Stuart Dallas wrote: >>>>> On 27 Aug 2013, at 15:18, Jim Giner <jim.gi...@albanyhandball.com> wrote: >>>>> >>>>>> On 8/27/2013 10:14 AM, Stuart Dallas wrote: >>>>>>> It's not really confusing so long as you understand how PHP works. Each >>>>>>> request is brand new - nothing is retained from previous requests. The >>>>>>> two variable you're changing are set by PHP when the request comes in >>>>>>> from the browser. The fact you changed them in a previous request is >>>>>>> irrelevant because 1) that change was not communicated to the browser >>>>>>> in any way, and 2) PHP doesn't retain any data between requests [1]. >>>>>>> >>>>>>> If you've been coding assuming that changes you make to global >>>>>>> variables are retained between requests you must have been having some >>>>>>> pretty frustrating times! >>>>>>> >>>>>>> -Stuart >>>>>>> >>>>>> Not really - this is the first time I've had something not work as >>>>>> expected. >>>>> That was said with my tongue very much firmly in my cheek, and so is this: >>>>> >>>>> I've been playing with dynamite since I was 4 - hey, it must be a safe, >>>>> proper thing to do! >>>>> >>>>> Just because nothing has blown up in your face yet doesn't mean it won't, >>>>> and I'm concerned that you might not actually see how important it is to >>>>> make sure you're using the tool correctly. >>>>> >>>>> -Stuart >>>>> >>>> This may very well be the first time with this problem because I haven't >>>> tried anything like this before. >>>> >>>> That said - can you give me some pointers on how to do the JS solution? >>>> I'm calling a script that is similar to the one I used to signon. It >>>> sends out something like: >>>> >>>> header("WWW-Authenticate: Basic realm=$realm"); >>>> header('HTTP/1.0 401 Unauthorized'); >>>> echo "<h3>You have entered invalid credentials<br>"; >>>> echo "Click <a href='$return_url'> here </a> to return to the menu."; >>>> exit(); >>>> >>>> when it doesn't detect the PHP_AUTH_USER or it is an invalid value. >>>> >>>> So - to effect a signoff, what does one do? You said to use an invalid >>>> value, but what do I do with that? How do I ignore the 401? Now I'm >>>> getting the signin dialog and I'm stuck. >>> You don't need to do anything on the server-side. You simply need a JS >>> function that sends a request to a URL that requires basic auth, with an >>> Authenticate header that contains an invalid username and password. Then, >>> when your server responds with a 401 Authentication required (which it >>> should already do for an invalid request) you can set location.href to >>> whatever URL you want the logged out user to see. >>> >>> If you don't know how to make a request from Javascript -- commonly known >>> as an AJAX request -- then google for it. I'd recommend the jquery library >>> if you want a very easy way to do it. >>> >>> -Stuart >>> >> I am familiar with an ajax request (xmlhttprequest) and I have a function >> ready to call a script to effect this signoff. I just don't know what to >> put in that php script I'm calling. From what you just wrote I'm guessing >> that my headers as shown previously may be close - I"m confused about your >> mention of "contains an invalid username...". As you can see from my sample >> I don't include such a thing. > > For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE. > > From the Javascript, request any URL that requires authentication - it > doesn't matter. When you make the AJAX request, pass an Authentication header > that contains an invalid username and password. If you don't know what I mean > by that, please google how HTTP Basic Auth works. > > -Stuart > > -- > Stuart Dallas > 3ft9 Ltd > http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php