468,247 Members | 1,441 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,247 developers. It's quick & easy.

authentication problem

I have installed the open source PHP Deadlock authentication system.
It uses .htpasswd and .htaccess files. This works well apart from it
doesn't allow user logout without closing their browser. The logout
script is shown below.

Any suggestions to make it work? Or any other php authentication
system that allows user registration, email confirmation, forgotten
password reminders, and logout.

<?
/
************************************************** ****************************
* This file is part of the Deadlock PHP User Management
System. *
*
*
* File Description: Logs a user out of the protected
area. *
*
*
* Deadlock is free software; you can redistribute it and/or
modify *
* it under the terms of the GNU General Public License as published
by *
* the Free Software Foundation; either version 2 of the License,
or *
* (at your option) any later
version. *
*
*
* Deadlock is distributed in the hope that it will be
useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty
of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the *
* GNU General Public License for more
details. *
*
*
* You should have received a copy of the GNU General Public
License *
* along with Deadlock; if not, write to the Free
Software *
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
02110-1301 USA *
************************************************** ****************************/

/*
Enter the path to deadlock that is relative to the document root
For example, if deadlock is at http://yoursite.com/deadlock/, here
you would
just enter the /deadlock/. Be sure to enter a trailing forward
slash!
*/
$deadlock_path = '/deadlock/';

/*
Below, you should specify the page to redirect to when the user has
been logged out.
*/
$redirect = 'http://yoursite.com/logged_out.html';

/* You do NOT need to modify below this line
-------------------------------------------------------------------------------------------
*/

require($_SERVER['DOCUMENT_ROOT'].$deadlock_path.'db_config.php');

mysql_connect($mysql['host'],$mysql['username'],$mysql['password']) or
die('Could not connect to mysql.');
mysql_select_db($mysql['database']) or die('Could not select mysql
database.');

if($result = mysql_query('SELECT * FROM '.$mysql['prefix'].'config'))
{
while (($row = mysql_fetch_array($result)) != false) {
$config[$row['option_name']] = $row['value'];
}
} else {
die('MySQL query failed. MySQL said: '.mysql_error());
}

if($config['digest_auth'] == 'true'){
die('The logout script does not support digest authentication.');
}

header("WWW-Authenticate: Basic realm=
\"{$config['protected_area_name']}\"");
header("Status: 401 Unauthorized");
header("HTTP-Status: 401 Unauthorized");
header("Location: ".$redirect);
exit;

?>

Apr 4 '07 #1
1 1442
ab**********@yahoo.com wrote:
I have installed the open source PHP Deadlock authentication system.
It uses .htpasswd and .htaccess files. This works well apart from it
doesn't allow user logout without closing their browser.
Yes - it can't - that's the way HTTP authentication was designed.
>
Any suggestions to make it work? Or any other php authentication
system that allows user registration, email confirmation, forgotten
password reminders, and logout.
Use PHP sessions.

And if you must send a password from the client...
die('The logout script does not support digest authentication.');
....always make sure its encrypted.

C.

Apr 9 '07 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

7 posts views Thread by Michael Foord | last post: by
4 posts views Thread by Paul M | last post: by
5 posts views Thread by Gavin Stevens | last post: by
4 posts views Thread by Chris Gatto | last post: by
6 posts views Thread by Ming Zhang | last post: by
3 posts views Thread by KNC | last post: by
2 posts views Thread by Frank Swarbrick | last post: by
4 posts views Thread by =?Utf-8?B?R3V1czEyMw==?= | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.