Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 44
  • Last Modified:

Why is this happening

Trying to do a "logout" while being authenticated via "htaccess" authorization:

The code works however I have to click logout.php twice....

The first time I click it, it just redirects to /crm, the second time I click it, it works (shows an authentication box)

Script: logout.php
<?php

	session_start();
	
	if ($_SESSION['logout']) {
		$_SESSION['logout'] = false;
		header('Location: /crm/');
	}
	
	else {
		header('HTTP/1.0 401 Unauthorised');
		header('WWW-Authenticate: Basic realm="Employee and Agents Only"');
		$_SESSION['logout'] = true;
	}
	// Set "escape" (message when you hit escape) message here.
	echo "Logged out. <a href='/crm'>Return to CRM</a>";

?>

Open in new window

0
Mark
Asked:
Mark
  • 2
1 Solution
 
Ray PaseurCommented:
As I look at the code snippet, it looks more like PHP client authentication.  I'm missing the part about .htaccess.  And without seeing the rest of the login/logout logic, I'm not sure I can tell you exactly what might be awry.  I can tell you that this article describes a design pattern that works well for PHP client authentication.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html 

Here is the code annotated with comments to try to explain what is going on.  Not sure if that helps, but maybe...
<?php
error_reporting(E_ALL);

// START THE SESSION AND RECOVER ANY DATA THAT WAS ALREADY THERE
session_start();

// IF THERE IS ANYTHING NOT "FALSY" IN THE 'logout' FIELD
if ($_SESSION['logout']) {
    // SET THE 'logout' FIELD TO FALSE
    $_SESSION['logout'] = false;
    // REDIRECT THE BROWSER, THEN KEEP RIGHT ON RUNNING THIS PHP SCRIPT
    header('Location: /crm/');
}

// THE SESSION 'logout' FIELD CONTAINED A FALSE, EMPTY, UNSET, ZERO, ETC...
else {
    // WRITE SOME HTTP HEADERS
    header('HTTP/1.0 401 Unauthorised');
    header('WWW-Authenticate: Basic realm="Employee and Agents Only"');
    // SET THE 'logout' FIELD TO A NON-FALSY VALUE
    $_SESSION['logout'] = true;
}

// AFTER THE IF/ELSE CONTROL STRUCTURE, UNCONDITIONALLY EXECUTE THIS CODE
// Set "escape" (message when you hit escape) message here.
echo "Logged out. <a href='/crm'>Return to CRM</a>";

?>

Open in new window

0
 
MarkProgrammerAuthor Commented:
I am using HTTP Basic Authentication. The directory where logout.php is located is protected by the Basic Authentication.

I am trying to provide a "logout" mechanism, the snippet I supplied came from the web. It works, however I have to click logout.php twice (call logout.php twice) before it works.

Perhaps you have a better option?

Changing from HTTP Basic Authentication is not an option in this case
0
 
Ray PaseurCommented:
Sorry, but I'm at the PHP[World] conference all this week and don't have enough time to delve into the details of this problem, so I can't give you the timely answer you deserve.  You might want to engage the services of a professional programmer who can get hands-on in the code and make direct tests on your server.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now