Move login fallback to a distinct page to allow forced relogin.
<?php
require 'auth.inc.php';
-if ($editable) {
- http_response_code(307);
- header('Location: /');
+if (!$editable) {
+ require 'logout.php';
exit;
}
-header('WWW-Authenticate: Basic realm=""');
-http_response_code(401);
-
-// fallback page shown on authentication failure
-include 'head.inc.php';
-?>
-<h2>Inloggen mislukt</h2>
-<p>Geen geldige login voor sitebeheer.</p>
+http_response_code(307);
+header('Location: /');
--- /dev/null
+<?php
+header('WWW-Authenticate: Basic realm=""');
+http_response_code(401);
+
+// fallback page shown on authentication failure
+include 'head.inc.php';
+?>
+<h2>Niet ingelogd</h2>
+<p>Voor sitebeheer moet worden ingelogd met een gerechtigde gebruiker.</p>
+