php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8220 When i give unset($PHP_AUTH_USER) it's not destroying the variable
Submitted: 2000-12-13 03:27 UTC Modified: 2000-12-13 03:39 UTC
From: kpsdevi at pol dot net dot in Assigned:
Status: Closed Package: *Function Specific
PHP Version: 4.0.3pl1 OS: Linux
Private report: No CVE-ID: None
 [2000-12-13 03:27 UTC] kpsdevi at pol dot net dot in
i included the following code in one file.

<?php
 if(!isset($PHP_AUTH_USER))
  {
    header('WWW-Authenticate: Basic Realm="Enter your login name and password"');
header('HTTP/1.0 401 Unauthorized');
    echo 'Authorization required';    exit;
  }      
  else  {    require("mysqlconn.inc");    
    $sql = "select password from users where username = '$PHP_AUTH_USER'";
    $result = mysql_query($sql,$conn);    $row = mysql_fetch_array($result);
   if($PHP_AUTH_PW != $row[0])
    {     header('WWW-Authenticate: Basic Realm="Authorization failed : Enter Username and password"');
    header('HTTP/1.0 401 Unauthorized');
     echo 'Authorization required';
     mysql_free_result($result);
     mysql_close();
     exit;
   } 
    mysql_free_result($result);
    mysql_close();
  }
?>


I have included the following code to logout the user

<?
unset($PHP_AUTH_USER);
?>

but it's not destroying the variable $PHP_AUTH_USER.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-12-13 03:39 UTC] rasmus@php.net
It is destroying it, but your browser is sending it again on the next request so PHP sets it again.  There is no way to tell the browser not to send this variable short of sending another 401 with a different realm.  This is a browser issue and has nothing to do with PHP.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC