php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8220 When i give unset($PHP_AUTH_USER) it's not destroying the variable
Submitted: 2000-12-13 03:27 UTC Modified: 2000-12-13 03:39 UTC
From: kpsdevi at pol dot net dot in Assigned:
Status: Closed Package: *Function Specific
PHP Version: 4.0.3pl1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: kpsdevi at pol dot net dot in
New email:
PHP Version: OS:

 

 [2000-12-13 03:27 UTC] kpsdevi at pol dot net dot in
i included the following code in one file.

<?php
 if(!isset($PHP_AUTH_USER))
  {
    header('WWW-Authenticate: Basic Realm="Enter your login name and password"');
header('HTTP/1.0 401 Unauthorized');
    echo 'Authorization required';    exit;
  }      
  else  {    require("mysqlconn.inc");    
    $sql = "select password from users where username = '$PHP_AUTH_USER'";
    $result = mysql_query($sql,$conn);    $row = mysql_fetch_array($result);
   if($PHP_AUTH_PW != $row[0])
    {     header('WWW-Authenticate: Basic Realm="Authorization failed : Enter Username and password"');
    header('HTTP/1.0 401 Unauthorized');
     echo 'Authorization required';
     mysql_free_result($result);
     mysql_close();
     exit;
   } 
    mysql_free_result($result);
    mysql_close();
  }
?>


I have included the following code to logout the user

<?
unset($PHP_AUTH_USER);
?>

but it's not destroying the variable $PHP_AUTH_USER.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-12-13 03:39 UTC] rasmus@php.net
It is destroying it, but your browser is sending it again on the next request so PHP sets it again.  There is no way to tell the browser not to send this variable short of sending another 401 with a different realm.  This is a browser issue and has nothing to do with PHP.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Mar 22 16:01:26 2019 UTC