Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton P.2018-02-12 19:15:21
PHP
Anton P., 2018-02-12 19:15:21

HTTP authentication in PHP, what could be the problem?

It was required in the next project to use HTTP authentication. Google brought to the website of the documentation php.net/manual/ru/features.http-auth.php. Great, I thought, there is already a ready-made example, take it and use it.

<?php
$realm = 'Запретная зона';

//user => password
$users = array('admin' => 'mypass', 'guest' => 'guest');


if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: Digest realm="'.$realm.
           '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');

    die('Текст, отправляемый в том случае, если пользователь нажал кнопку Cancel');
}


// анализируем переменную PHP_AUTH_DIGEST
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
    !isset($users[$data['username']]))
    die('Неправильные данные!');


// генерируем корректный ответ
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

if ($data['response'] != $valid_response)
    die('Неправильные данные!');

// все хорошо, логин и пароль верны
echo 'Вы вошли как: ' . $data['username'];


// функция разбора заголовка http auth
function http_digest_parse($txt)
{
    // защита от отсутствующих данных
    $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
    $data = array();
    $keys = implode('|', array_keys($needed_parts));

    preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);

    foreach ($matches as $m) {
        $data[$m[1]] = $m[3] ? $m[3] : $m[4];
        unset($needed_parts[$m[1]]);
    }

    return $needed_parts ? false : $data;
}
?>

But it was not there. Whatever I enter into the authorization window and whatever I do, the server responds in such a way that it is as if I clicked on the Cancel / Cancel box.
What can I do to make everything work?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2018-02-12
@dimonchik2013

catch
https://httpbin.org/

Similar questions
H
hypero2020-02-25 20:27:35
Changing the quantity of a Woocommerce item? 1Reply
N
Nastya2020-02-27 13:37:29
How to assign a post of a custom type as the parent page of a post of another custom type, or what to do if you have no experience and half the brain? 4Reply
B
bobs322020-02-29 02:16:43
How to convert Russian time to datetime correctly? 3Reply
E
Erl2017-10-26 12:36:26
How to make change for all elements? 4Reply
J
jugger12020-03-13 19:54:45
How to change the class of an element when clicking on another element using js? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question