-
-
Save graste/d21877281b87a6748ff537a50e8f8710 to your computer and use it in GitHub Desktop.
Ways to make a browser clear its cached HTTP basic auth credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
function require_auth() { | |
$AUTH_USER = 'admin'; | |
$AUTH_PASS = 'admin'; | |
header('Cache-Control: no-cache, must-revalidate, max-age=0'); | |
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW'])); | |
$is_not_authenticated = ( | |
!$has_supplied_credentials || | |
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER || | |
$_SERVER['PHP_AUTH_PW'] != $AUTH_PASS | |
); | |
if ($is_not_authenticated) { | |
header('HTTP/1.1 401 Authorization Required'); | |
header('WWW-Authenticate: Basic realm="Access denied"'); | |
exit; | |
} | |
} | |
if (array_key_exists('logout', $_REQUEST)) { | |
header('HTTP/1.1 401 Authorization Required'); | |
header('WWW-Authenticate: Basic realm="Access denied"'); | |
exit(); | |
} | |
require_auth(); | |
?><p>You're in!</p> | |
<p><a href="?logout=401">Log out via 401</a></p> | |
<p><a href="//nosuchuser@<?php echo $_SERVER['HTTP_HOST']; echo $_SERVER['REQUEST_URI']; ?>">Log out via username in URL</a></p> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment