Doodigestauth PHP (background) Authorization Management class Web browser authorization, PHP website background webshell_php Tutorial

Doodigestauth PHP (background) Authorization Management class Web browser authorization, PHP website backend Webshell

1 
 Php2 /**3 * Doodigestauth class file.4  *5 * @author Leng Sheng Hong 
    6 * @link http://www.doophp.com/7 * @copyright copyright©2009 Leng Sheng Hong8 * @license Http://www.doophp.com/license9  */Ten  One /** A * Handles HTTP Digest Authentication -  * -  *
HTTP Digest authentication can be used with the URI router.  * HTTP Digest is much more recommended over the use of HTTP Basic auth which doesn ' t provide any encrypt Ion.   * If You is running PHP on Apache in cgi/fastcgi mode, you would need to   + * Add The following line to your htaccess-digest auth to work correctly.
 -  * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] +  * -  *
This class is tested under Apache 2.2 and Cherokee Web server. It should work in both mod_php and CGI mode.
 +  * A * @author Leng Sheng Hong 
     at * @version $Id: doodigestauth.php 2009-07-7 18:27:22 - * @package Doo.auth - * @since 1.0 -  */ - classdoodigestauth{ -  in     /** - * Authenticate against a list of username and passwords. to      * + *
HTTP Digest authentication doesn ' t work with PHP in CGI mode,  the * you has to add the to your. HTACC ESS RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] 
 the      * * * @param string $realm Name of the authentication session $ * @param array $users An assoc array of username and Password:array (' uname1 ' = ' pwd1 ', ' uname2 ' = ' pwd2 ') Panax Notoginseng * @param string $fail _msg Message to be displayed if the User cancel the login - * @param string $fail _url URL to be redirect if the User cancel the login the * @return String The username if login success. +      */ A      Public Static functionHttp_auth ($realm,$users,$fail _msg=NULL,$fail _url=NULL){ the         $realm= "Restricted area-$realm"; +  -         //user = password $ //$users = Array (' admin ' = = ' 1234 ', ' guest ' = ' guest '); $         if(!Empty($_server[' Redirect_http_authorization ']) &&Strpos($_server[' Redirect_http_authorization '], ' Digest ') ===0){ -             $_server[' php_auth_digest '] =$_server[' Redirect_http_authorization ']; -         } the  -         if(Empty($_server[' Php_auth_digest '])) {Wuyi             Header(' Www-authenticate:digest realm= '.$realm. the' ", qop=" auth ", nonce=" '.uniqid(). ' ", opaque=" '.MD5($realm).'"'); -             Header(' http/1.1 401 Unauthorized '); Wu             if($fail _msg!=NULL) -                  die($fail _msg); About             if($fail _url!=NULL) $                  die(""); -             Exit; -         } -  A         //analyze the php_auth_digest variable +         if(! ($data= Self::http_digest_parse ($_server[' Php_auth_digest '])) || !isset($users[$data[' username ']])){ the             Header(' Www-authenticate:digest realm= '.$realm. -' ", qop=" auth ", nonce=" '.uniqid(). ' ", opaque=" '.MD5($realm).'"'); $             Header(' http/1.1 401 Unauthorized '); the             if($fail _msg!=NULL) the                  die($fail _msg); the             if($fail _url!=NULL) the                  die(""); -             Exit; in         } the  the         //generate the valid response About         $A 1=MD5($data[' username ']. ':' .$realm. ':' .$users[$data[' username ']]); the         $A 2=MD5($_server[' Request_method ']. ': '.$data[' URI ']); the         $valid _response=MD5($A 1.':'.$data[' nonce ']. ': '.$data[' NC ']. ': '.$data[' Cnonce ']. ': '.$data[' Qop ']. ': '.$A 2); the  +         if($data[' response ']! =$valid _response){ -             Header(' http/1.1 401 Unauthorized '); the             Header(' Www-authenticate:digest realm= '.$realm.Bayi' ", qop=" auth ", nonce=" '.uniqid(). ' ", opaque=" '.MD5($realm).'"'); the             if($fail _msg!=NULL) the                  die($fail _msg); -             if($fail _url!=NULL) -                  die(""); the             Exit; the         } the  the         //OK, valid username & password -         return $data[' username ']; the     } the  the     /**94 * Method to parse the HTTP Auth header, works with IE. the      * the * Internet Explorer returns a qop= "Xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do. the      *98 * @param string $txt header string to parse About * @return Array An assoc array of the Digest auth session -      */101     Private Static functionHttp_digest_parse ($txt)102     {103         $res=Preg_match("/username=\" ([^\ "]+) \"/I ",$txt,$match);104         $data[' username '] = (isset($match[1])?$match[1]:NULL; the         $res=Preg_match('/nonce=\ ' ([^\ "]+) \"/I ",$txt,$match);106         $data[' nonce '] =$match[1];107         $res=Preg_match('/nc= ([0-9]+)/I ',$txt,$match);108         $data[' NC '] =$match[1];109         $res=Preg_match('/cnonce=\ ' ([^\ "]+) \"/I ",$txt,$match); the         $data[' cnonce '] =$match[1];111         $res=Preg_match('/qop= ([^,]+)/I ',$txt,$match); the         $data[' qop '] =Str_replace('"','',$match[1]);113         $res=Preg_match('/uri=\ ' ([^\ "]+) \"/I ",$txt,$match); the         $data[' uri '] =$match[1]; the         $res=Preg_match('/response=\ ' ([^\ "]+) \"/I ",$txt,$match); the         $data[' response '] =$match[1];117         return $data;118     }119  - 121}

Call Method:

1 require_once (dirname(__file__). " /doodigestauth.php "); 2 Array (' admin ' = ' 123456789 '));

Phpweb authorized login to prevent background brute force

Download Address: Http://files.cnblogs.com/files/func/DooDigestAuth.zip

http://www.bkjia.com/PHPjc/1053806.html www.bkjia.com true http://www.bkjia.com/PHPjc/1053806.html techarticle doodigestauth PHP (background) Authorization Management class Web browser authorization, PHP website backend webshell 1? PHP 2/* * 3 * Doodigestauth class file. 4 * 5 * @author Leng Sheng Hong Darkredz@gmai ...

