note 66898 added to features.http-auth

Thread: note 66898 added to features.http-auth

Search this list only Search all lists
note 66898 added to features.http-auth
	2006-05-31 18:04:36
Below code shows whats needed for safemode and PHP version < 5.x <?php // source for digest mode copied and adapted for SafeMode // and PHP 4.3.x. // 060531 Henrik Laurell www.Laurells.net //user => password $users = array('admin' => 'mypass', 'guest' => 'guest'); // tip from below examples. $headers = apache_request_headers(); $_SERVER['PHP_AUTH_DIGEST'] = $headers['Authorization']; $realm = "Test"; $uniqid = uniqid(""); // this function must have a param // in PHP < 5.x $uid = getmyuid(); // importent, system adds this // to realm string if(empty($_SERVER['PHP_AUTH_DIGEST'])) Authenticate(); // call stops here // analyze the PHP_AUTH_DIGEST variable if(!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) \|\| !isset($users[$data['username']])) die('Wrong Credentials !'); // generate the valid response // (IMPORTENT: I added '-'.$uid for safemode) $A1 = md5($data['username'].':' . $realm.'-'.$uid.':' . $users[$data['username']]); $A2 = md5($_SERVER['REQUEST_METHOD'].':'. $data['uri']); $valid_response = md5($A1.':'.$data['nonce'].':'. $data['nc'].':'. $data['cnonce'].':'. $data['qop'].':'.$A2); if ($data['response'] != $valid_response) die("Wrong Credentials !!<br>\n". "response = ".$data['response']."<br>\n". "compare = ".$valid_response."<br>\n". "UID = ".$uid."<br>\n". "uniqID = ".$uniqid); // extra values for testing only // ok, valid username & password print "You'r logged in as: " . $data['username']; phpinfo(); // for testing only, for example checking // the PHP_AUTH_DIGEST var. function Authenticate() { global $realm,$uniqid,$uid; header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.$realm. '",qop="auth",nonce="'.$uniqid. '",opaque="'.md5($realm).'"'); die('Wrong user or password.'); } function http_digest_parse($txt) { // protect against missing data $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); $data = array(); preg_match_all('(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2', $txt, $matches, PREG_SET_ORDER); foreach ($matches as $m) { $data[$m[1]] = $m[3]; unset($needed_parts[$m[1]]); } return $needed_parts ? false : $data; } ?> ---- Server IP: 193.27.201.10 (proxied: 193.27.201.10 1.0 www1.shellkonto.se:3128 (squid/2.5.STABLE4)) Probable Submitter: 81.227.122.50 ---- X-Spam-Status: No, hits=3.3 required=5.0 tests=DATE_MISSING,FROM_NO_LOWER, HTML_MESSAGE autolearn=no version=2.64 ---- Manual Page -- h ttp://www.php.net/manual/en/features.http-auth.php Edit -- http://master.p hp.net/note/edit/66898 Del: integrated -- ht tp://master.php.net/note/delete/66898/integrated Del: useless -- http: //master.php.net/note/delete/66898/useless Del: bad code -- http ://master.php.net/note/delete/66898/bad+code Del: spam -- http://m aster.php.net/note/delete/66898/spam Del: non-english -- h ttp://master.php.net/note/delete/66898/non-english Del: in docs -- http: //master.php.net/note/delete/66898/in+docs Del: other reasons-- http://master .php.net/note/delete/66898 Reject -- http://master .php.net/note/reject/66898 Search -- http://ma ster.php.net/manage/user-notes.php -- PHP Notes Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

note 66898 deleted from features.http-auth by bjori
	2006-05-31 18:30:07
Note Submitter: Henrik Laurell Reason: useless ---- Below code shows whats needed for safemode and PHP version < 5.x <?php // source for digest mode copied and adapted for SafeMode // and PHP 4.3.x. // 060531 Henrik Laurell www.Laurells.net //user => password $users = array('admin' => 'mypass', 'guest' => 'guest'); // tip from below examples. $headers = apache_request_headers(); $_SERVER['PHP_AUTH_DIGEST'] = $headers['Authorization']; $realm = "Test"; $uniqid = uniqid(""); // this function must have a param // in PHP < 5.x $uid = getmyuid(); // importent, system adds this // to realm string if(empty($_SERVER['PHP_AUTH_DIGEST'])) Authenticate(); // call stops here // analyze the PHP_AUTH_DIGEST variable if(!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) \|\| !isset($users[$data['username']])) die('Wrong Credentials !'); // generate the valid response // (IMPORTENT: I added '-'.$uid for safemode) $A1 = md5($data['username'].':' . $realm.'-'.$uid.':' . $users[$data['username']]); $A2 = md5($_SERVER['REQUEST_METHOD'].':'. $data['uri']); $valid_response = md5($A1.':'.$data['nonce'].':'. $data['nc'].':'. $data['cnonce'].':'. $data['qop'].':'.$A2); if ($data['response'] != $valid_response) die("Wrong Credentials !!<br>\n". "response = ".$data['response']."<br>\n". "compare = ".$valid_response."<br>\n". "UID = ".$uid."<br>\n". "uniqID = ".$uniqid); // extra values for testing only // ok, valid username & password print "You'r logged in as: " . $data['username']; phpinfo(); // for testing only, for example checking // the PHP_AUTH_DIGEST var. function Authenticate() { global $realm,$uniqid,$uid; header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.$realm. '",qop="auth",nonce="'.$uniqid. '",opaque="'.md5($realm).'"'); die('Wrong user or password.'); } function http_digest_parse($txt) { // protect against missing data $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); $data = array(); preg_match_all('(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2', $txt, $matches, PREG_SET_ORDER); foreach ($matches as $m) { $data[$m[1]] = $m[3]; unset($needed_parts[$m[1]]); } return $needed_parts ? false : $data; } ?> -- PHP Notes Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )