Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton P.2018-02-12 19:15:21
PHP
Anton P., 2018-02-12 19:15:21

HTTP authentication in PHP, what could be the problem?

It was required in the next project to use HTTP authentication. Google brought to the website of the documentation php.net/manual/ru/features.http-auth.php. Great, I thought, there is already a ready-made example, take it and use it.

<?php
$realm = 'Запретная зона';

//user => password
$users = array('admin' => 'mypass', 'guest' => 'guest');


if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: Digest realm="'.$realm.
           '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');

    die('Текст, отправляемый в том случае, если пользователь нажал кнопку Cancel');
}


// анализируем переменную PHP_AUTH_DIGEST
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
    !isset($users[$data['username']]))
    die('Неправильные данные!');


// генерируем корректный ответ
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

if ($data['response'] != $valid_response)
    die('Неправильные данные!');

// все хорошо, логин и пароль верны
echo 'Вы вошли как: ' . $data['username'];


// функция разбора заголовка http auth
function http_digest_parse($txt)
{
    // защита от отсутствующих данных
    $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
    $data = array();
    $keys = implode('|', array_keys($needed_parts));

    preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);

    foreach ($matches as $m) {
        $data[$m[1]] = $m[3] ? $m[3] : $m[4];
        unset($needed_parts[$m[1]]);
    }

    return $needed_parts ? false : $data;
}
?>

But it was not there. Whatever I enter into the authorization window and whatever I do, the server responds in such a way that it is as if I clicked on the Cancel / Cancel box.
What can I do to make everything work?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2018-02-12
@dimonchik2013

catch
https://httpbin.org/

Similar questions
T
tgarl2017-07-10 13:23:18
Smpp sending sms - how to get the correct answer? 2Reply
A
Alexey Chernov2015-08-14 10:31:16
There is no "Add topic" button, where can I find it? 3Reply
K
Kostylev20212021-06-03 16:13:45
How to remove unwanted lines? 4Reply
P
programmist_derevo2017-07-24 17:50:25
How to block new line transition on pressing Enter in RichTextBox(multiline)? 4Reply
S
Sasha2015-08-24 11:21:31
How to do font smoothing in firefox? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question