发表新帖
发表新帖

PHP: HTTP Basic - Log off

前端 未结
关注
3 922
一生所求
一生所求 2021-01-06 04:25

I would to set it up where if someone sends in a request \"logout\" it will automatically take them to a page saying \"successful log out\". If the customer tries to press t

相关标签:
3条回答
  • 星月不相逢
    2021-01-06 04:52

    You can use the meta tag http-equiv="refresh" with a very short response time (e.g. content="1"). This refresh will clear any $_POST.

    if ( !isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!='myusername' || $_SERVER['PHP_AUTH_PW']!='mypassword' || isset($_POST['logout']) ) {
    header('WWW-Authenticate: Basic realm="My protected area"');
    header('HTTP/1.0 401 Unauthorized');
    echo '<html><head><title>401 Unauthorized</title><meta http-equiv="refresh" content="1"></head><body><h1>401 Unauthorized</h1><p>You are not allowed to see this page. Reload the page to try again.</p></body></html>';
    exit();
}
    0 讨论(0)
  • 佛祖请我去吃肉
    2021-01-06 04:56

    I've found a way around it.

    I have 2 files: index.php and logout.php

    Here is my 'index.php' code:

    # CHECK LOGIN.
if (!isset($_SESSION["loged"])) {
    $_SESSION["loged"] = false;
} else {
    if (isset( $_SERVER['PHP_AUTH_USER'] ) && isset($_SERVER['PHP_AUTH_PW'])) {
        if (($_SERVER['PHP_AUTH_USER'] == L_USER) && (md5($_SERVER['PHP_AUTH_PW']) == L_PASS)) {
            $_SESSION["loged"] = true;
        }
    }
}
if ($_SESSION["loged"] === false) {
    header('WWW-Authenticate: Basic realm="Need authorization"');
    header('HTTP/1.0 401 Unauthorized');
    die('<br /><br />
    <div style="text-align:center;">
       <h1 style="color:gray; margin-top:-30px;">Need authorization</h1>
    </div>');
}

    And here is my 'logout.php' code:

    session_start();
$_SESSION["loged"] = false; // We can't use unset($_SESSION) when using HTTP_AUTH.
session_destroy();
    0 讨论(0)
  • 难免孤独
    2021-01-06 05:05

    A rough idea to start you:

    <?php   
  session_start();

  if( isset( $_GET['logout'] ) )
  {
    session_destroy();
    header('Location: ../logout.php');
    exit;
  }

  if( !isset( $_SESSION['login'] ) )
  {
    if( !isset( $_SERVER['PHP_AUTH_USER'] ) || !isset( $_SERVER['PHP_AUTH_PW'] ) )
    {
      header("HTTP/1.0 401 Unauthorized");
      header("WWW-authenticate: Basic realm=\"Tets\"");
      header("Content-type: text/html");
      // Print HTML that a password is required
      exit;
    }
    else
    {
      // Validate the $_SERVER['PHP_AUTH_USER'] & $_SERVER['PHP_AUTH_PW']
      if( $_SERVER['PHP_AUTH_USER']!='TheUsername'
          || $_SERVER['PHP_AUTH_PW']!='ThePassword' )
      {
        // Invalid: 401 Error & Exit
        header("HTTP/1.0 401 Unauthorized");
        header("WWW-authenticate: Basic realm=\"Tets\"");
        header("Content-type: text/html");
        // Print HTML that a username or password is not valid
        exit;
      }
      else
      {
        // Valid
        $_SESSION['login']=true;
      }
    }
  }
?>
// The rest of the page is then displayed like normal
    0 讨论(0)
 看不清?
提交回复
热议问题