On 07-May-01 Mauricio Souza Lima wrote:
<snip>
> And you have to inform the user to clean the password field, click ok,
> then the pop-up will open again, then user click in cancel.
>
> I just know that way to do. If anyone know another way, Postit!
>
create a tmp directory
--------
logoff.php3:
require('secure.php3');
authuser("Logoff"); // validate user (possible Dos attack here)
$fname="tmp/$PHP_AUTH_USER";
touch($fname);
Header("Location: http://www.mydomain.com/index.html";);
---------
secure.php3:
function checklogin($user,$pass='',$realm='') {
if (! dbInit()) {
echo "\n\n<BODY><CENTER>";
die("<P><H2>Unable to contact database server</H2>");
}
$fname="tmp/$user";
if (file_exists($fname)) {
unlink($fname);
return(false);
}
$query="select login from users
where login='$user' and password=PASSWORD('$pass')";
// echo $query .'<BR>';
$result = mysql_query( $query);
$row = mysql_fetch_object($result);
if ($row) {
return(true);
}
return(false);
}
function authheader($realm) {
Header('WWW-authenticate: basic realm="'.$realm .'"');
Header('HTTP/1.0 401 Unauthorized');
echo "\n\n";
}
function authuser($realm='Access') {
global $PHP_AUTH_USER, $PHP_AUTH_PW;
if (! (isset($PHP_AUTH_USER)) ) {
authheader($realm);
exit;
}
if (! (checklogin($PHP_AUTH_USER, $PHP_AUTH_PW, $realm)) ) {
authheader($realm);
echo '<CENTER>Failed Login';
exit;
}
}
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
