adding http digest authentication to php5

21 years ago by Rui Hirokawa — view source

unread

Hi,

I just made a patch to add http digest authentication for php5
based on RFC2617.
It is not tested well yet, the attached sample script
'digest-auth.php' works with Mozilla Firebird 0.7.

It is useful or not ?

Rui

21 years ago by Rui Hirokawa — view source

unread

I forgot to attach a sample script.

Rui

Hi,

I just made a patch to add http digest authentication for php5
based on RFC2617.
It is not tested well yet, the attached sample script
'digest-auth.php' works with Mozilla Firebird 0.7.

It is useful or not ?

Rui

21 years ago by Rui Hirokawa — view source

unread

Can I attach a php script ?

<?php // a sample for digest authentication
$realm="php-users";
$uri = $_SERVER['REQUEST_URI'];
$nonce = time();

$username = "taro";
$password = "secret";

function auth_func() {
global $realm, $nonce;

header('HTTP/1.0 401 Unauthorized');
header("WWW-authenticate: Digest realm="$realm" nonce="$nonce"");
die('password or user name is invalid.');
}

if (empty($_SERVER['PHP_AUTH_USER'])) {
auth_func();
} else {
$username = $_SERVER['PHP_AUTH_USER'];
$response = $_SERVER['PHP_AUTH_PW'];
$nonce = $_SERVER['PHP_AUTH_NONCE'];

// response based on RFC2617
$a1 = md5("$username:$realm:$password");
$a2 = md5("GET:$uri");
$response0 = md5("$a1:$nonce:$a2");

print "response1:$response ";
print "response0:$response0 ";
print "nonce:$nonce";
if ($response == $response0) {
print "authenticated. ";
} else {
print "not authenticated. ";
}
}
?

21 years ago by Pierre-Alain Joye — view source

unread

On Sun, 01 Feb 2004 23:36:47 +0900
Rui Hirokawa rui_hirokawa@ybb.ne.jp wrote:

Can I attach a php script ?

.txt only :)

pierre

21 years ago by Rui Hirokawa — view source

unread

I reallized this patch is not useful,
because

http 1.1 based client authentication method (qop, cnonce, nc) is
not supported yet.
array $_SERVER['PHP_AUTH_DIGEST'] having the elementes
'nonce','qop','cnonce','nc' should be defined.
the order of parameters should be unknown.

I will use Thomas Pike's excellent implementation now.

Rui

Rui Hirokawa wrote:

Hi,

I just made a patch to add http digest authentication for php5
based on RFC2617.
It is not tested well yet, the attached sample script
'digest-auth.php' works with Mozilla Firebird 0.7.

It is useful or not ?

Rui