[Phpmyadmin-devel] [Fwd: Better logout]

got this on a private mail account: (no time to look at it now, will check during the week). regards, Olivier -------- Forwarded Message -------- From: Ing. Jozef Sakalos <jsakalos@aariadne.com> Subject: Better logout Date: Sun, 18 Apr 2004 19:37:05 +0200 Mailer: KMail/1.6.51 Hi Olivier, I just downloaded and installed CVS version of phpMyAdmin and I found that you've added the logout button to the left frame. The drawback is that if you click it you cannot login with the same name and password. You've probably used example from PHP documentation. I've been working on the logout feature too, and I found the better solution (see code snippet at the end of this e-mail). I use logout button that POSTs cmd=logout to the PHP code. When logout command is processed I set cookie (well, this is browser settings dependent) to prevent infinite loop of log-in dialogs. Once the user authenticates, I delete the cookie. This way I can log-in with the same name/password. Use this if you want and let me know your opinion. Best Regards, Ing. Jozef Sakalos jsakalos@aariadne.com <? if(!isset($_SERVER["PHP_AUTH_USER"]) || ("logout" == $cmd && ! $logging_out)) { if("logout" == $cmd) { setcookie("logging_out", "1"); } header('WWW-Authenticate: Basic realm="Theseus"'); header('HTTP/1.0 401 Unauthorized'); header("Status: 401 Unauthorized"); echo "You have to authenticate<br>"; exit; } setcookie("logging_out", "", time() - 3600); echo "Hello: $PHP_AUTH_USER<br>"; echo "Your password is: $PHP_AUTH_PW"; echo <<<eot <html><head></head><body> <br> <br> <form action="$PHP_SELF" method="post"> <input type="hidden" name="cmd" value="logout"> <input type="submit" value="Logout"> </form> cmd=$cmd eot; echo "</body></html>"; ?>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi On Sunday 18 of April 2004 19:53, Olivier Mueller wrote:
if(!isset($_SERVER["PHP_AUTH_USER"]) || ("logout" == $cmd && ! $logging_out)) { if("logout" == $cmd) { setcookie("logging_out", "1"); } header('WWW-Authenticate: Basic realm="Theseus"'); header('HTTP/1.0 401 Unauthorized'); header("Status: 401 Unauthorized"); echo "You have to authenticate<br>"; exit; }
Do I understand that this is logout for HTTP mode that uses cookies? - -- Regards Michal Čihař http://cihar.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAgtq53DVS6DbnVgQRAnzxAJ9/SojXguk4M7WpGPsMsW9gngOZ4ACeJtHt sUji3hM0ClZUvW5Bqc93tcg= =sP17 -----END PGP SIGNATURE-----

Olivier Mueller a écrit :
got this on a private mail account: (no time to look at it now, will check during the week).
regards, Olivier
-------- Forwarded Message -------- From: Ing. Jozef Sakalos <jsakalos@aariadne.com> Subject: Better logout Date: Sun, 18 Apr 2004 19:37:05 +0200 Mailer: KMail/1.6.51
Hi Olivier,
I just downloaded and installed CVS version of phpMyAdmin and I found that you've added the logout button to the left frame.
The drawback is that if you click it you cannot login with the same name and password. You've probably used example from PHP documentation.
He is talking about 'http' auth_type only. This is the old limitation documented in FAQ 3.1.
I've been working on the logout feature too, and I found the better solution (see code snippet at the end of this e-mail).
I use logout button that POSTs cmd=logout to the PHP code. When logout command is processed I set cookie (well, this is browser settings dependent) to prevent infinite loop of log-in dialogs.
If the browser needs to accept cookies for this, I am not sure it's a good general solution. Anyway, he should not just check $logging_out but use $_COOKIE and friends. Marc
Once the user authenticates, I delete the cookie.
This way I can log-in with the same name/password.
Use this if you want and let me know your opinion.
Best Regards, Ing. Jozef Sakalos jsakalos@aariadne.com
<? if(!isset($_SERVER["PHP_AUTH_USER"]) || ("logout" == $cmd && ! $logging_out)) { if("logout" == $cmd) { setcookie("logging_out", "1"); } header('WWW-Authenticate: Basic realm="Theseus"'); header('HTTP/1.0 401 Unauthorized'); header("Status: 401 Unauthorized"); echo "You have to authenticate<br>"; exit; }
setcookie("logging_out", "", time() - 3600);
echo "Hello: $PHP_AUTH_USER<br>"; echo "Your password is: $PHP_AUTH_PW";
echo <<<eot <html><head></head><body> <br> <br> <form action="$PHP_SELF" method="post"> <input type="hidden" name="cmd" value="logout"> <input type="submit" value="Logout"> </form> cmd=$cmd eot; echo "</body></html>"; ?>
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
participants (3)
-
Marc Delisle
-
Michal Čihař
-
Olivier Mueller