PHP :: Bug #8220 :: When i give unset($PHP_AUTH_USER) it's not destroying the variable

Bug #8220	When i give unset($PHP_AUTH_USER) it's not destroying the variable
Submitted:	2000-12-13 03:27 UTC	Modified:	2000-12-13 03:39 UTC
From:	kpsdevi at pol dot net dot in	Assigned:
Status:	Closed	Package:	*Function Specific
PHP Version:	4.0.3pl1	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	kpsdevi at pol dot net dot in
New email:
PHP Version:		OS:

New Comment:

[2000-12-13 03:27 UTC] kpsdevi at pol dot net dot in

i included the following code in one file.

<?php
 if(!isset($PHP_AUTH_USER))
  {
    header('WWW-Authenticate: Basic Realm="Enter your login name and password"');
header('HTTP/1.0 401 Unauthorized');
    echo 'Authorization required';    exit;
  }      
  else  {    require("mysqlconn.inc");    
    $sql = "select password from users where username = '$PHP_AUTH_USER'";
    $result = mysql_query($sql,$conn);    $row = mysql_fetch_array($result);
   if($PHP_AUTH_PW != $row[0])
    {     header('WWW-Authenticate: Basic Realm="Authorization failed : Enter Username and password"');
    header('HTTP/1.0 401 Unauthorized');
     echo 'Authorization required';
     mysql_free_result($result);
     mysql_close();
     exit;
   } 
    mysql_free_result($result);
    mysql_close();
  }
?>


I have included the following code to logout the user

<?
unset($PHP_AUTH_USER);
?>

but it's not destroying the variable $PHP_AUTH_USER.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-12-13 03:39 UTC] rasmus@php.net

It is destroying it, but your browser is sending it again on the next request so PHP sets it again.  There is no way to tell the browser not to send this variable short of sending another 401 with a different realm.  This is a browser issue and has nothing to do with PHP.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 05:01:27 2024 UTC