On 04-Mar-01 Ken wrote:
> Thanks for the idea, John.
>
> I know about the auth logout. Unfortunately, that means that when a user
> clicks "logout", he gets a "log in" prompt! And, in IE, he has to
> deliberately blank out the password field, THEN hit enter, THEN the prompt
> will come again, and he has to hit escape.
<snip>
> Any suggestions?
>
I'm still playing with this but ...
My script handles the authentication against a MySQL table;
and this might (probably) have to get tweaked to play well with .htaccess
The logout script creates a "mark" (tmpfile, db entry, whatever)
then redirects to a non-protected page.
On entry to a protected script:
function authuser($realm) {
global $PHP_AUTH_USER, $PHP_AUTH_PW;
if (isset($PHP_AUTH_USER)) {
if (markset($PHP_AUTH_USER)) {
markunset($PHP_AUTH_USER);
// send a 401 to force re-authenticate
Header('WWW-authenticate: basic realm="'.$realm .'"');
Header('HTTP/1.0 401 Unauthorized');
echo "\n\n";
echo '<META HTTP-EQUIV="Refresh" CONTENT="1; URL='.SITEHOME.'/">';
exit;
}
if (! (validlogin($PHP_AUTH_USER,$PHP_AUTH_PW, $realm))) {
Header('WWW-authenticate: basic realm="'.$realm .'"');
Header('HTTP/1.0 401 Unauthorized');
echo '<META HTTP-EQUIV="Refresh" CONTENT="1; URL='.SITEHOME.'/">';
echo '<CENTER>Failed Login<P>Invalid name or password';
exit;
}
}
return(true);
}
Regards,
--
Don Read [EMAIL PROTECTED]
-- If you are going to sin, sin against God, not the bureaucracy.
God will forgive you but the bureaucrats won't.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
