From cabd9e947dc9284b893640c8e833cd23083e352f Mon Sep 17 00:00:00 2001
From: Devops <sys@15gifts.com>
Date: Tue, 4 Apr 2017 15:05:18 +0100
Subject: [PATCH] www/dbq/dbq.php

---
 www/dbq/dbq.php | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/www/dbq/dbq.php b/www/dbq/dbq.php
index 30723237..c3496dec 100644
--- a/www/dbq/dbq.php
+++ b/www/dbq/dbq.php
@@ -694,13 +694,38 @@ EOF;
       unset($_SERVER['PHP_AUTH_PW']);
       unset($_SERVER['REMOTE_USER']);
       unset($_SERVER['REMOTE_PASSWORD']);
-      #header('HTTP/1.1 401 Access Denied');
+      unset($_SERVER["PHP_AUTH_DIGEST"]);
+      #header('Content-type: text/html');
       if (empty($_REQUEST['realm'])) header('WWW-Authenticate: Basic');
       else header('WWW-Authenticate: Basic realm="'.$_REQUEST['realm'].'"');
+      header('HTTP/1.1 401 Access Denied');
+      header('HTTP/1.1 401 Unauthorized');
+      if (0) echo <<<EOF
+<!DOCTYPE html>
+<html>
+<head>
+<title>401</title>
+<script type="text/javascript">
+function logout(url){
+    var str = url;
+    str = str.replace("http://", "http://" + new Date().getTime() + "@");
+    str = str.replace("https://", "https://" + new Date().getTime() + "@");
+    var xmlhttp = (window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP"));
+    xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4) location.reload(); };
+    xmlhttp.open("GET",str,true);
+    xmlhttp.setRequestHeader("Authorization","Basic YXNkc2E6");
+    xmlhttp.send();
+    return false;
+}
+</script>
+</head>
+</html>
+EOF;
+      #echo '<html><head><title>401 Unauthorized</title><script type="text/javascript">var a,b="You should be logged out now.";try{a=document.execCommand("ClearAuthenticationCache")}catch(d){}a||((a=window.XMLHttpRequest?new window.XMLHttpRequest:window.ActiveXObject?new ActiveXObject("Microsoft.XMLHTTP"):void 0)?(a.open("HEAD",c||location.href,!0,"logout",(new Date).getTime().toString()),a.send(""),a=1):a=void 0);a||(b="Your browser is too old or too weird to support log out functionality. Close all windows and restart the browser.");alert(b)})</script></head></html>';
+      #javascript:(function(c){var a,b="You should be logged out now.";try{a=document.execCommand("ClearAuthenticationCache")}catch(d){}a||((a=window.XMLHttpRequest?new window.XMLHttpRequest:window.ActiveXObject?new ActiveXObject("Microsoft.XMLHTTP"):void 0)?(a.open("HEAD",c||location.href,!0,"logout",(new Date).getTime().toString()),a.send(""),a=1):a=void 0);a||(b="Your browser is too old or too weird to support log out functionality. Close all windows and restart the browser.");alert(b)})(/*pass safeLocation here if you need*/);uI#
       #echo '<html><head><title>401 Unauthorized</title><meta http-equiv="refresh" content="1"></head><body><h1>401 Unauthorized</h1><p>You are not allowed to see this page. Reload the page to try again.</p></body></html>';
-      header('HTTP/1.0 401 Unauthorized');
-      #header('Location: '.str_replace('//','//@',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/')));
-      header('Content-type: text/html');
+      #if (empty($_REQUEST['user'])) header('Location: '.str_replace('//','//'.$_REQUEST['user'].'@',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/')));
+      #header('Location: '.(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/'));
       echo '<meta http-equiv="refresh" content="0; url='.(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/').'">';
       #if (!empty($_SERVER['PHP_AUTH_USER'])) header('Location: '.str_replace('//','//@',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/')));
       exit;
-- 
2.47.3