cookie or session authentication instead of HTTP Basic authentication makes it much easier for users to log out
if (pc_validate($_REQUEST['username'],$_REQUEST['password'])) {
$_SESSION['login'] =
$_REQUEST['username'].','.md5($_REQUEST['username'].$secret_word));
error_log('Session id '.session_id().' log in as '.$_REQUEST['username']);
}