How to unset global variable in php?

Question

I know very basic of php and web programming. Here is my php code. I have seen couple of similar questions. They unset global variable with unset function. I want every time user open the url, a username and password prompt and after entering username password if it is correct download the file and delete username and password and if is wrong delete username and password and again prompt for username password.

<?php    
    function destroy_foo()
    {
        if (isset($_SERVER['PHP_AUTH_USER'])) {
            unset($_SERVER['PHP_AUTH_USER']);       
        }
        if (isset($_SERVER['PHP_AUTH_PW'])) {
            unset($_SERVER['PHP_AUTH_PW']);
        }
    }

    if (!isset($_SERVER['PHP_AUTH_USER'])) {

        header('WWW-Authenticate: Basic realm="My Realm"');
        header('HTTP/1.0 401 Unauthorized');
        echo 'Text to send if user hits Cancel button';
        exit;
    } else {

        echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
        echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";

        $file = 'welcome.txt';
        if($_SERVER['PHP_AUTH_PW'] == "admin" && $_SERVER['PHP_AUTH_USER'] =="admin"){
            destroy_foo();

            if (file_exists($file)) {

               //Do some task
                destroy_foo();
                exit;
            }
        }
        else
        {
            //Do some task
            destroy_foo();

        }
    }
    ?>

At the moment username and password stays in the global variables for some reason. I'd appreciate if you could give suggestion or hint.

EDIT

This did not work either:

function destroy_foo()
{

    if (isset($_SERVER['PHP_AUTH_USER'])) {

        unset($_SERVER['PHP_AUTH_USER']);
        $_SERVER['PHP_AUTH_USER'] = null;

    }

   if (isset($_SERVER['PHP_AUTH_PW'])) {

       unset($_SERVER['PHP_AUTH_PW']);
       $_SERVER['PHP_AUTH_PW'] = null;

   }
}

Link to file: http://behzadgarekani.net16.net/

The $_SERVER variables in PHP are just a copy of the CGI environment variables from your webserver. Once a Basic HTTP handshake was completed, the client will resend them on *every* request. Triggering that authorization popup on every quest is unfeasible, and certainly the wrong approach. Why should the user have to be pestered this way? — mario, Sep 12 '14 at 21:32
@mario Thanks for your reply. I think you are right.I did all the answers down but it did not work. As you said, once the password is correct it will be saved and next time without password it is downloading. But I need high security for this file and client computer is in hospital which is shared by nurses. So we do not want to save user and password. — Bernard, Sep 12 '14 at 21:39

Rodrigo Techera · Accepted Answer · 2014-09-12T21:35:59.620

I think you are doing it good with unset() function but I am seeing a little unordered code. I think that in this way you will can do that you wanted:

function destroy_foo() {
    if(isset($_SERVER['PHP_AUTH_USER']))
        unset($_SERVER['PHP_AUTH_USER']);       

    if (isset($_SERVER['PHP_AUTH_PW']))
        unset($_SERVER['PHP_AUTH_PW']);
}

if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER']=='admin' && isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW']=='admin') {
    //download the file

    destroy_foo();
} else {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
}

I have found one can't unset server variables (Running Linux/Apache) — Aba, Jul 20 '17 at 21:19

score 1 · Answer 2 · edited May 23 '17 at 12:31

1

set them to null

see here How to unset global variables.

edited May 23 '17 at 12:31

Community

1
1

answered Sep 12 '14 at 21:14

user3151681

45
11

score 1 · Answer 3 · answered Sep 12 '14 at 21:24

1

Use $GLOBALS

$GLOBALS — References all variables available in global scope

Description ¶

An associative array containing references to all variables which are currently defined in the global scope of the script. The variable names are the keys of the array.

You can use this as

unset($GLOBALS[_SERVER]);

answered Sep 12 '14 at 21:24

Tushar Gupta

15,504
1
29
47

1

My problem is when I enter user pass I download the file. And the when I click again on url link it has still somewhere username password and without prompting for user and password again download the file! – Bernard Sep 12 '14 at 21:29

MB_18 · Answer 4 · 2021-09-25T15:23:36.930

The following condition is executed if $_SERVER['PHP_AUTH_USER'] is not set or is empty.

 if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']=="") {
     header('WWW-Authenticate: Basic realm="My Realm"');
     header('HTTP/1.0 401 Unauthorized');
     echo 'Text to send if user hits Cancel button';
     exit;
}

To empty the $_SERVER['PHP_AUTH_USER'], use the following function:

function destroy_foo() {
     $_SERVER['PHP_AUTH_USER']="";
}

How to unset global variable in php?

4 Answers4