Home > Developer > PHP

DooDigestAuthphp (background) authorization management web browser authorization

Source: Internet
Author: User
Tags http digest authentication
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
: This article mainly introduces DooDigestAuthphp (background) authorization management web browser Authorization. if you are interested in PHP tutorials, refer to it. 
  1 
   6 * @link http://www.doophp.com/  7 * @copyright Copyright © 2009 Leng Sheng Hong  8 * @license http://www.doophp.com/license  9*/ 10 11/** 12 * Handles HTTP digest authentication 13 * 14 * 
HTTP digest authentication can be used with the URI router. 15 * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption. 16 * If you are running PHP on Apache in CGI/FastCGI mode, you would need to 17 * add the following line to your .htaccess for digest auth to work correctly.
 18 * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] 19 * 20 * 
This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.
 21 * 22 * @author Leng Sheng Hong 
 
   23 * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22 24 * @package doo.auth 25 * @since 1.0 26*/ 27class DooDigestAuth{ 28 29/** 30     * Authenticate against a list of username and passwords. 31     * 32     * 
  
HTTP Digest Authentication doesn't work with PHP in CGI mode, 33     * you have to add this into your .htaccess RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
 34     * 35     * @param string $realm Name of the authentication session 36     * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2') 37     * @param string $fail_msg Message to be displayed if the User cancel the login 38     * @param string $fail_url URL to be redirect if the User cancel the login 39     * @return string The username if login success. 40*/ 41publicstaticfunction http_auth($realm, $users, $fail_msg=NULL, $fail_url=NULL){ 42$realm = "Restricted area - $realm"; 43 44//user => password 45        //$users = array('admin' => '1234', 'guest' => 'guest'); 46if(!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0){ 47$_SERVER['PHP_AUTH_DIGEST'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; 48        } 49 50if (empty($_SERVER['PHP_AUTH_DIGEST'])) { 51header('WWW-Authenticate: Digest realm="'.$realm. 52                    '",qop="auth",n>uniqid().'",opaque="'.md5($realm).'"'); 53header('HTTP/1.1 401 Unauthorized'); 54if($fail_msg!=NULL) 55die($fail_msg); 56if($fail_url!=NULL) 57die("《script》window.location.href = '$fail_url'《script》"); 58exit; 59        } 60 61// analyze the PHP_AUTH_DIGEST variable 62if (!($data = self::http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']])){ 63header('WWW-Authenticate: Digest realm="'.$realm. 64                    '",qop="auth",n>uniqid().'",opaque="'.md5($realm).'"'); 65header('HTTP/1.1 401 Unauthorized'); 66if($fail_msg!=NULL) 67die($fail_msg); 68if($fail_url!=NULL) 69die("《script》window.location.href = '$fail_url'《script》"); 70exit; 71        } 72 73// generate the valid response 74$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); 75$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); 76$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); 77 78if ($data['response'] != $valid_response){ 79header('HTTP/1.1 401 Unauthorized'); 80header('WWW-Authenticate: Digest realm="'.$realm. 81                    '",qop="auth",n>uniqid().'",opaque="'.md5($realm).'"'); 82if($fail_msg!=NULL) 83die($fail_msg); 84if($fail_url!=NULL) 85die("《script》window.location.href = '$fail_url'《script》"); 86exit; 87        } 88 89// ok, valid username & password 90return$data['username']; 91    } 92 93/** 94     * Method to parse the http auth header, works with IE. 95     * 96     * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do. 97     * 98     * @param string $txt header string to parse 99     * @return array An assoc array of the digest auth session100*/101privatestaticfunction http_digest_parse($txt)102    {103$res = preg_match("/username=\"([^\"]+)\"/i", $txt, $match);104$data['username'] = (isset($match[1]))?$match[1]:null;105$res = preg_match('/n/i', $txt, $match);106$data['nonce'] = $match[1];107$res = preg_match('/nc=([0-9]+)/i', $txt, $match);108$data['nc'] = $match[1];109$res = preg_match('/cn/i', $txt, $match);110$data['cnonce'] = $match[1];111$res = preg_match('/qop=([^,]+)/i', $txt, $match);112$data['qop'] = str_replace('"','',$match[1]);113$res = preg_match('/uri=\"([^\"]+)\"/i', $txt, $match);114$data['uri'] = $match[1];115$res = preg_match('/resp/i', $txt, $match);116$data['response'] = $match[1];117return$data;118    }119120121 }

Call method:

1require_once(dirname(__FILE__)."/DooDigestAuth.php");2 DooDigestAuth::http_auth('example.com', array('admin'=>"123456789"));

PHP web authorized logon effectively prevents brute-force cracking in the background

: Http://files.cnblogs.com/files/func/DooDigestAuth.zip

The above introduces DooDigestAuth php (background) authorization management web browser authorization, including content, hope to be helpful to friends interested in PHP tutorials.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
authorization php biometric authorization http header proxy authorization authorization header example http authorization header format proxy authorization example aws api gateway authorization

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More