Oops, sent this message from the wrong email address, so the list rejected it.
Begin forwarded message:
> From: Stuart Dallas <stu...@3ft9.com>
> Subject: Re: [PHP] Basic Auth
> Date: 27 August 2013 16:36:27 BST
> To: jim.gi...@albanyhandball.com
> Cc: php-general@lists.php.net
>
> On 27 Aug 2013, at 15:59, Jim Giner <jim.gi...@albanyhandball.com> wrote:
>
>> On 8/27/2013 10:55 AM, Stuart Dallas wrote:
>>> On 27 Aug 2013, at 15:51, Jim Giner <jim.gi...@albanyhandball.com> wrote:
>>>
>>>> On 8/27/2013 10:39 AM, Stuart Dallas wrote:
>>>>> On 27 Aug 2013, at 15:18, Jim Giner <jim.gi...@albanyhandball.com> wrote:
>>>>>
>>>>>> On 8/27/2013 10:14 AM, Stuart Dallas wrote:
>>>>>>> It's not really confusing so long as you understand how PHP works. Each
>>>>>>> request is brand new - nothing is retained from previous requests. The
>>>>>>> two variable you're changing are set by PHP when the request comes in
>>>>>>> from the browser. The fact you changed them in a previous request is
>>>>>>> irrelevant because 1) that change was not communicated to the browser
>>>>>>> in any way, and 2) PHP doesn't retain any data between requests [1].
>>>>>>>
>>>>>>> If you've been coding assuming that changes you make to global
>>>>>>> variables are retained between requests you must have been having some
>>>>>>> pretty frustrating times!
>>>>>>>
>>>>>>> -Stuart
>>>>>>>
>>>>>> Not really - this is the first time I've had something not work as
>>>>>> expected.
>>>>> That was said with my tongue very much firmly in my cheek, and so is this:
>>>>>
>>>>> I've been playing with dynamite since I was 4 - hey, it must be a safe,
>>>>> proper thing to do!
>>>>>
>>>>> Just because nothing has blown up in your face yet doesn't mean it won't,
>>>>> and I'm concerned that you might not actually see how important it is to
>>>>> make sure you're using the tool correctly.
>>>>>
>>>>> -Stuart
>>>>>
>>>> This may very well be the first time with this problem because I haven't
>>>> tried anything like this before.
>>>>
>>>> That said - can you give me some pointers on how to do the JS solution?
>>>> I'm calling a script that is similar to the one I used to signon. It
>>>> sends out something like:
>>>>
>>>> header("WWW-Authenticate: Basic realm=$realm");
>>>> header('HTTP/1.0 401 Unauthorized');
>>>> echo "<h3>You have entered invalid credentials<br>";
>>>> echo "Click <a href='$return_url'> here </a> to return to the menu.";
>>>> exit();
>>>>
>>>> when it doesn't detect the PHP_AUTH_USER or it is an invalid value.
>>>>
>>>> So - to effect a signoff, what does one do? You said to use an invalid
>>>> value, but what do I do with that? How do I ignore the 401? Now I'm
>>>> getting the signin dialog and I'm stuck.
>>> You don't need to do anything on the server-side. You simply need a JS
>>> function that sends a request to a URL that requires basic auth, with an
>>> Authenticate header that contains an invalid username and password. Then,
>>> when your server responds with a 401 Authentication required (which it
>>> should already do for an invalid request) you can set location.href to
>>> whatever URL you want the logged out user to see.
>>>
>>> If you don't know how to make a request from Javascript -- commonly known
>>> as an AJAX request -- then google for it. I'd recommend the jquery library
>>> if you want a very easy way to do it.
>>>
>>> -Stuart
>>>
>> I am familiar with an ajax request (xmlhttprequest) and I have a function
>> ready to call a script to effect this signoff. I just don't know what to
>> put in that php script I'm calling. From what you just wrote I'm guessing
>> that my headers as shown previously may be close - I"m confused about your
>> mention of "contains an invalid username...". As you can see from my sample
>> I don't include such a thing.
>
> For the last time: YOU DO NOT NEED TO MAKE ANY CHANGES SERVER-SIDE.
>
> From the Javascript, request any URL that requires authentication - it
> doesn't matter. When you make the AJAX request, pass an Authentication header
> that contains an invalid username and password. If you don't know what I mean
> by that, please google how HTTP Basic Auth works.
>
> -Stuart
>
> --
> Stuart Dallas
> 3ft9 Ltd
> http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
