PHP Address Book / Bugs / #61 server authentication and logout

#61 server authentication and logout

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2012-06-07

Created: 2010-11-19

Creator:

Private: No

From login.inc.php (v6.2.3 r400):

$user    = (isset($_POST['user'])  ? $_POST['user']
            : (isset($_GET['user'])   ? $_GET['user']
            : (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER']
            : "")));

(and similar for password)

This has an undesirable side effect: if a user uses the same username/password to authenticate through .htaccess/.htpasswd AND php addressbook, it is impossible to logout of php addressbook, for instance to switch to a different user. It took me a good while to figure out why I couldn't logout.:-/

Discussion

chatelao - 2010-12-13

So, you get "Single-Sign-On" nearly for free :-).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous - 2011-02-10

I see your point, but it’s kind of impractical if you want to log in and out with multiple user acounts. Forces you to quit and launch the browser every time.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous

server authentication and logout

Simple, web-based address & phone book

Group

Searches

Help

#61 server authentication and logout

Discussion