[Phpmyadmin-devel] [Fwd: Better logout]

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Sun Apr 18 13:34:01 CEST 2004


Olivier Mueller a écrit :

>got this on a private mail account:  (no time to look at it now,
>will check during the week).
>
>regards,
>Olivier
>
>-------- Forwarded Message --------
>From: Ing. Jozef Sakalos <jsakalos at aariadne.com>
>Subject: Better logout
>Date: Sun, 18 Apr 2004 19:37:05 +0200
>Mailer: KMail/1.6.51
>
>Hi Olivier,
>
>I just downloaded and installed CVS version of phpMyAdmin and I found 
>that you've added the logout button to the left frame.
>
>The drawback is that if you click it you cannot login with the same name 
>and password. You've probably used example from PHP documentation.
>  
>
He is talking about 'http' auth_type only. This is the old limitation
documented in FAQ 3.1.

>I've been working on the logout feature too, and I found the better 
>solution (see code snippet at the end of this e-mail). 
>
>I use logout button that POSTs cmd=logout to the PHP code. When logout 
>command is processed I set cookie (well, this is browser settings 
>dependent) to prevent infinite loop of log-in dialogs.
>  
>
If the browser needs to accept cookies for this, I am not sure
it's a good general solution.
Anyway, he should not just check $logging_out but use $_COOKIE
and friends.

Marc

>Once the user authenticates, I delete the cookie. 
>
>This way I can log-in with the same name/password.
>
>Use this if you want and let me know your opinion.
>
>Best Regards,
>Ing. Jozef Sakalos
>jsakalos at aariadne.com
>
>
><?
>if(!isset($_SERVER["PHP_AUTH_USER"]) || ("logout" == $cmd && !
>$logging_out)) {
>	if("logout" == $cmd) {
>		setcookie("logging_out", "1");
>	}
>	header('WWW-Authenticate: Basic realm="Theseus"');
>	header('HTTP/1.0 401 Unauthorized');
>	header("Status: 401 Unauthorized");
>	echo "You have to authenticate<br>";
>	exit;
>}
>
>setcookie("logging_out", "", time() - 3600);
>
>echo "Hello: $PHP_AUTH_USER<br>";
>echo "Your password is: $PHP_AUTH_PW";
>
>echo <<<eot
><html><head></head><body>
><br>
><br>
><form action="$PHP_SELF" method="post">
><input type="hidden" name="cmd" value="logout">
><input type="submit" value="Logout">
></form>
>cmd=$cmd
>eot;
>echo "</body></html>";
>?>
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: IBM Linux Tutorials
>Free Linux tutorial presented by Daniel Robbins, President and CEO of
>GenToo technologies. Learn everything from fundamentals to system
>administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
>_______________________________________________
>Phpmyadmin-devel mailing list
>Phpmyadmin-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
>
>  
>





More information about the Developers mailing list