Fixed HTTP authentication logout function.

Logout is still pretty clumsy, but such is the nature of http auth...


git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@2570 f5dc347c-c33d-0410-90a0-b07cc1902cb9

config_defaults_inc.php

@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: config_defaults_inc.php,v 1.166 2004-05-24 13:50:47 vboctor Exp $
+	# $Id: config_defaults_inc.php,v 1.167 2004-05-26 00:59:27 int2str Exp $
 	# --------------------------------------------------------
 
 
@@ -904,6 +904,7 @@
 	$g_project_cookie		= $g_cookie_prefix.'_PROJECT_COOKIE';
 	$g_view_all_cookie		= $g_cookie_prefix.'_VIEW_ALL_COOKIE';
 	$g_manage_cookie		= $g_cookie_prefix.'_MANAGE_COOKIE';
+	$g_logout_cookie		= $g_cookie_prefix.'_LOGOUT_COOKIE';
 
 	#######################################
 	# Mantis Filter Variables
@@ -1151,4 +1152,4 @@
 		UNREAD       => 'unread.gif'
 	);
 	# --------------------
-?>
+?>

core/authentication_api.php

@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: authentication_api.php,v 1.38 2004-05-25 23:43:48 int2str Exp $
+	# $Id: authentication_api.php,v 1.39 2004-05-26 00:59:27 int2str Exp $
 	# --------------------------------------------------------
 
 	### Authentication API ###
@@ -372,10 +372,21 @@ function auth_http_prompt() {
 		exit;
 	}
 
-	function auth_http_logout() {
-		$_SERVER['PHP_AUTH_USER'] = "";
-		$_SERVER['PHP_AUTH_PW'] = "";
+	function auth_http_set_logout_pending( $p_pending ) {
+		$t_cookie_name = config_get( 'logout_cookie' );
 
-		auth_http_prompt();
+		if ( $p_pending ) {
+			gpc_set_cookie( $t_cookie_name, "1", false );
+		} else {
+			$t_cookie_path = config_get( 'cookie_path' );
+			gpc_clear_cookie( $t_cookie_name, $t_cookie_path );
+		}
+	}
+
+	function auth_http_is_logout_pending() {
+		$t_cookie_name = config_get( 'logout_cookie' );
+		$t_cookie = gpc_get_cookie( $t_cookie_name, '' );
+
+		return( $t_cookie > '' );
 	}
 ?>

login.php

@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: login.php,v 1.30 2004-05-25 23:43:48 int2str Exp $
+	# $Id: login.php,v 1.31 2004-05-26 00:59:27 int2str Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -19,17 +19,23 @@
 	$f_password		= gpc_get_string( 'password', '' );
 	$f_perm_login	= gpc_get_bool( 'perm_login' );
 	$f_return		= gpc_get_string( 'return', 'main_page.php' );
+	$f_from			= gpc_get_string( 'from', '' );
 
 	if ( BASIC_AUTH == config_get( 'login_method' ) ) {
 		$f_username = $_SERVER['REMOTE_USER'];
 		$f_password = $_SERVER['PHP_AUTH_PW'];
  	}
 
     if ( HTTP_AUTH == config_get( 'login_method' ) ) {
-		if ( isset( $_SERVER['PHP_AUTH_USER'] ) )
-			$f_username = $_SERVER['PHP_AUTH_USER'];
-		if ( isset( $_SERVER['PHP_AUTH_PW'] ) )
-			$f_password = $_SERVER['PHP_AUTH_PW'];
+		if ( !auth_http_is_logout_pending() )
+		{
+			if ( isset( $_SERVER['PHP_AUTH_USER'] ) )
+				$f_username = $_SERVER['PHP_AUTH_USER'];
+			if ( isset( $_SERVER['PHP_AUTH_PW'] ) )
+				$f_password = $_SERVER['PHP_AUTH_PW'];
+		} else {
+			auth_http_set_logout_pending( false );
+		}
 	}
 
 	if ( auth_attempt_login( $f_username, $f_password, $f_perm_login ) ) {

logout_page.php

@@ -6,7 +6,7 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Id: logout_page.php,v 1.15 2004-05-25 23:43:48 int2str Exp $
+	# $Id: logout_page.php,v 1.16 2004-05-26 00:59:27 int2str Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -18,7 +18,7 @@
 	auth_logout();
 
 	if ( HTTP_AUTH == config_get( 'login_method' ) ) {
-		auth_http_logout();
+		auth_http_set_logout_pending( true );
 	}
 
 	print_header_redirect( config_get( 'logout_redirect_page' ) );