On Mon, 26 Feb 2001, Chris Aitken wrote:
>
> Okay, I got a bit of a curley one that I havent been able to solve by
> looking at the archives and in the manual. Its kind of a PHP/Apache
> question.
>
> I have a system where a user logs in through .htaccess, it queries my
> mysql database, sets a cookie which logs their username and access
> level number.
>
> What I want to be able to do it this.......... Give the option to "Log
> Out" which will clear the cookie, and also make htaccess re-request a
> login. Once it logs in again, the current scripts do their thang and
> log the new user in.
>
> Is there any direction anyone can point me to start looking cause I
> have a feeling im off the track on what im searching for in TFM and in
> TFA.
I've got a setup similar to this, but it doesn't use htaccess for
authentication. If you send a 401 back at the client, it will void its
cached username/password. You could do this at the top of your code:
header("WWW-Authenticate: Basic realm=\"stuff\"");
header("HTTP/1.0 401 Unauthorized");
exit;
..if 1) the login cookie is not present, and 2) the user is not currently
logging in (trying to get the cookie) on that hit.
If you want to do it quietly, just unset the cookie and bounce them to
somewhere outside of the realm of your htaccess protection. Next time
they enter, the cookie will not exist, so they'll be forced to re-login
anyway.
--
Douglas R. Winslow III
MetroNet Internet Services, Inc.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
