Well, I think it's easy to make authentification works correctly. I use a session var to force authentication everytime a user visit the logging area.
<?php
if (!isset ($_SESSION['firstauthenticate'])) {
session_start();
}
function authenticate() {
header('WWW-Authenticate: Basic realm="Sistema autentificaci?n UnoAutoSur"');
header('HTTP/1_0 401 Unauthorized');
echo "Unauthorized\n";
exit;
}
if (!isset($_SERVER['PHP_AUTH_USER']) || strcmp ($_SERVER['PHP_AUTH_USER'],$user)!=0 ||
!isset ($_SERVER['PHP_AUTH_PW']) || strcmp($_SERVER['PHP_AUTH_PW'],$pass)!=0 || !isset ($_SESSION['firstauthenticate']) || !$_SESSION['firstauthenticate']) {
$_SESSION['firstauthenticate']=true;
authenticate();
} else {
session_unset();
}
?>
