<?php
/* For licensing terms, see /license.txt */
/**
 * @package chamilo.webservices
 */
$realm = 'The batcave';

// Just a random id
$nonce = uniqid();

// Get the digest from the http header
$digest = getDigest();

// If there was no digest, show login
if (is_null($digest)) requireLogin($realm,$nonce);

$digestParts = digestParse($digest);

$validUser = 'admin';
$validPass = 'admin';

// Based on all the info we gathered we can figure out what the response should be
$A1 = md5("{$digestParts['username']}:{$realm}:{$validPass}");
$A2 = md5("{$_SERVER['REQUEST_METHOD']}:{$digestParts['uri']}");

$validResponse = md5("{$A1}:{$digestParts['nonce']}:{$digestParts['nc']}:{$digestParts['cnonce']}:{$digestParts['qop']}:{$A2}");

if ($digestParts['response'] != $validResponse)
  requireLogin($realm,$nonce);
else {
  // We're in!
  echo 'a7532ae474e5e66a0c16eddab02e02a7';
  die();
}

// This function returns the digest string
function getDigest() {

    // mod_php
    if (isset($_SERVER['PHP_AUTH_DIGEST'])) {
        $digest = $_SERVER['PHP_AUTH_DIGEST'];
    // most other servers
    }
    elseif (isset($_SERVER['HTTP_AUTHENTICATION'])) {
      if (strpos(strtolower($_SERVER['HTTP_AUTHENTICATION']),'digest')===0)
        $digest = substr($_SERVER['HTTP_AUTHORIZATION'], 7);
    }
    elseif (isset($_SERVER['HTTP_WWW_AUTHENTICATE'])) {
      $digest = $_SERVER['HTTP_WWW_AUTHENTICATE'];
    }
    return $digest;

}

// This function forces a login prompt
function requireLogin($realm,$nonce) {
    header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth",nonce="' . $nonce . '",opaque="' . md5($realm) . '"');
    header('HTTP/1.1 401');
    echo 'Authentication Canceled';
    die();
}

// This function extracts the separate values from the digest string
function digestParse($digest) {
    // protect against missing data
    $needed_parts = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
    $data = array();

    preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $digest, $matches, PREG_SET_ORDER);

    foreach ($matches as $m) {
        $data[$m[1]] = $m[2] ? $m[2] : $m[3];
        unset($needed_parts[$m[1]]);
    }
    return $needed_parts ? false : $data;
}