authentication problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have installed the open source PHP Deadlock authentication system.
It uses .htpasswd and .htaccess files. This works well apart from it
doesn't allow user logout without closing their browser. The logout
script is shown below.

Any suggestions to make it work? Or any other php authentication
system that allows user registration, email confirmation, forgotten
password reminders, and logout.

* This file is part of the Deadlock PHP User Management
System.               *
* File Description: Logs a user out of the protected
area.                    *
* Deadlock is free software; you can redistribute it and/or
modify            *
* it under the terms of the GNU General Public License as published
by        *
* the Free Software Foundation; either version 2 of the License,
or           *
* (at your option) any later
version.                                         *
* Deadlock is distributed in the hope that it will be
useful,                 *
* but WITHOUT ANY WARRANTY; without even the implied warranty
of              *
the               *
* GNU General Public License for more
details.                                *
* You should have received a copy of the GNU General Public
License           *
* along with Deadlock; if not, write to the Free
Software                     *
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
02110-1301  USA  *

   Enter the path to deadlock that is relative to the document root
   For example, if deadlock is at /, here
you would
   just enter the /deadlock/. Be sure to enter a trailing forward
$deadlock_path = '/deadlock/';

   Below, you should specify the page to redirect to when the user has
been logged out.
$redirect = ' ';

/* You do NOT need to modify below this line


mysql_connect($mysql['host'],$mysql['username'],$mysql['password']) or
die('Could not connect to mysql.');
mysql_select_db($mysql['database']) or die('Could not select mysql

if($result = mysql_query('SELECT * FROM '.$mysql['prefix'].'config'))
   while (($row = mysql_fetch_array($result)) != false) {
      $config[$row['option_name']] = $row['value'];
} else {
   die('MySQL query failed. MySQL said: '.mysql_error());

if($config['digest_auth'] == 'true'){
   die('The logout script does not support digest authentication.');

header("WWW-Authenticate: Basic realm=
header("Status: 401 Unauthorized");
header("HTTP-Status: 401 Unauthorized");
header("Location: ".$redirect);


Re: authentication problem wrote:

Quoted text here. Click to load it

Yes - it can't - that's the way HTTP authentication was designed.

Quoted text here. Click to load it

Use PHP sessions.

And if you must send a password from the client...  
Quoted text here. Click to load it
...always make sure its encrypted.


Site Timeline