Solved

Why is this happening

Posted on 2014-11-11
3
39 Views
Last Modified: 2014-12-01
Trying to do a "logout" while being authenticated via "htaccess" authorization:

The code works however I have to click logout.php twice....

The first time I click it, it just redirects to /crm, the second time I click it, it works (shows an authentication box)

Script: logout.php
<?php

	session_start();
	
	if ($_SESSION['logout']) {
		$_SESSION['logout'] = false;
		header('Location: /crm/');
	}
	
	else {
		header('HTTP/1.0 401 Unauthorised');
		header('WWW-Authenticate: Basic realm="Employee and Agents Only"');
		$_SESSION['logout'] = true;
	}
	// Set "escape" (message when you hit escape) message here.
	echo "Logged out. <a href='/crm'>Return to CRM</a>";

?>

Open in new window

0
Comment
Question by:Mark
  • 2
3 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40435636
As I look at the code snippet, it looks more like PHP client authentication.  I'm missing the part about .htaccess.  And without seeing the rest of the login/logout logic, I'm not sure I can tell you exactly what might be awry.  I can tell you that this article describes a design pattern that works well for PHP client authentication.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html 

Here is the code annotated with comments to try to explain what is going on.  Not sure if that helps, but maybe...
<?php
error_reporting(E_ALL);

// START THE SESSION AND RECOVER ANY DATA THAT WAS ALREADY THERE
session_start();

// IF THERE IS ANYTHING NOT "FALSY" IN THE 'logout' FIELD
if ($_SESSION['logout']) {
    // SET THE 'logout' FIELD TO FALSE
    $_SESSION['logout'] = false;
    // REDIRECT THE BROWSER, THEN KEEP RIGHT ON RUNNING THIS PHP SCRIPT
    header('Location: /crm/');
}

// THE SESSION 'logout' FIELD CONTAINED A FALSE, EMPTY, UNSET, ZERO, ETC...
else {
    // WRITE SOME HTTP HEADERS
    header('HTTP/1.0 401 Unauthorised');
    header('WWW-Authenticate: Basic realm="Employee and Agents Only"');
    // SET THE 'logout' FIELD TO A NON-FALSY VALUE
    $_SESSION['logout'] = true;
}

// AFTER THE IF/ELSE CONTROL STRUCTURE, UNCONDITIONALLY EXECUTE THIS CODE
// Set "escape" (message when you hit escape) message here.
echo "Logged out. <a href='/crm'>Return to CRM</a>";

?>

Open in new window

0
 

Author Comment

by:Mark
ID: 40438124
I am using HTTP Basic Authentication. The directory where logout.php is located is protected by the Basic Authentication.

I am trying to provide a "logout" mechanism, the snippet I supplied came from the web. It works, however I have to click logout.php twice (call logout.php twice) before it works.

Perhaps you have a better option?

Changing from HTTP Basic Authentication is not an option in this case
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40439030
Sorry, but I'm at the PHP[World] conference all this week and don't have enough time to delve into the details of this problem, so I can't give you the timely answer you deserve.  You might want to engage the services of a professional programmer who can get hands-on in the code and make direct tests on your server.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question