Problem with $_SERVER variables

Re: Problem with $_SERVER variables

millertimebjm@y ahoo.com wrote:
[color=blue]
> I have a login that uses header information to authenticate users.
>
> header('WWW-Authenticate: Basic realm="my site", FALSE');
>
> These values go into the php_auth_user and PHP_AUTH_PW in $_SERVER work
> just fine. But when I try to unset($_SERVER['PHP_AUTH_USER']) or PW
> and go to a different page they are just reset to the way they were
> before.
>
> If you need more information let me know. Do I have to do more than
> just unset to reset them to null or to blank?[/color]

There's really not a lot you can do here --- once a client browser
determines that a set of credentials work for HTTP Basic Authentication on
a site, they are sent with ALL requests to that site from then on. Only
closing the browser appears to get it to stop doing this.

A better question would be to ask what you are trying to accomplish by
unsetting them in the $_SERVER array. Are you trying to Log the user out?
If so, you might want to implement your own authentication scheme.

good ruck!
mark.



--
I am not an ANGRY man. Remove the rage from my email to reply.

Re: Problem with $_SERVER variables

> A better question would be to ask what you are trying to accomplish
by[color=blue]
> unsetting them in the $_SERVER array. Are you trying to Log the user[/color]
out?[color=blue]
> If so, you might want to implement your own authentication scheme.[/color]

You can't log out using the basic PHP authentication tutorial? :(

Implement my own authentication scheme? Ouch, didn't read that one in
the tutorial.

Thanks,
Brandon

Re: Problem with $_SERVER variables

millertimebjm@y ahoo.com wrote:
[color=blue][color=green]
>> A better question would be to ask what you are trying to accomplish[/color]
> by[color=green]
>> unsetting them in the $_SERVER array. Are you trying to Log the user[/color]
> out?[color=green]
>> If so, you might want to implement your own authentication scheme.[/color]
>
> You can't log out using the basic PHP authentication tutorial? :([/color]

HTTP Basic Authentication (whicah you can use from within PHP) is simply
designed to provide a most BASIC level of security to a set of resources
via HTTP. It's not particularly secure (plain passwords are transmitted
over the internet) and lacks many of the features that one would want from
a full user management system, such as more robust account management and
.... the ability to log users out.
[color=blue]
> Implement my own authentication scheme? Ouch, didn't read that one in
> the tutorial.[/color]

implementing your own doesn't tend to be all THAT bad -- most of the
larger PHP books at which i have looked in the last year or so all come
with solutions.

barring that, going to a place like PEAR or phpclasses.net should give you
a pretty decent solution. i bet a google search would even reveal some
decent commercial classes for little money that would be worth it.

good ruck!
mark.



--
I am not an ANGRY man. Remove the rage from my email to reply.