12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- <?php
- /* For licensing terms, see /license.txt */
- /**
- * @package chamilo.webservices
- */
- $realm = 'The batcave';
- // Just a random id
- $nonce = uniqid();
- // Get the digest from the http header
- $digest = getDigest();
- // If there was no digest, show login
- if (is_null($digest)) requireLogin($realm,$nonce);
- $digestParts = digestParse($digest);
- $validUser = 'admin';
- $validPass = 'admin';
- // Based on all the info we gathered we can figure out what the response should be
- $A1 = md5("{$digestParts['username']}:{$realm}:{$validPass}");
- $A2 = md5("{$_SERVER['REQUEST_METHOD']}:{$digestParts['uri']}");
- $validResponse = md5("{$A1}:{$digestParts['nonce']}:{$digestParts['nc']}:{$digestParts['cnonce']}:{$digestParts['qop']}:{$A2}");
- if ($digestParts['response'] != $validResponse)
- requireLogin($realm,$nonce);
- else {
- // We're in!
- echo 'a7532ae474e5e66a0c16eddab02e02a7';
- die();
- }
- // This function returns the digest string
- function getDigest() {
- // mod_php
- if (isset($_SERVER['PHP_AUTH_DIGEST'])) {
- $digest = $_SERVER['PHP_AUTH_DIGEST'];
- // most other servers
- }
- elseif (isset($_SERVER['HTTP_AUTHENTICATION'])) {
- if (strpos(strtolower($_SERVER['HTTP_AUTHENTICATION']),'digest')===0)
- $digest = substr($_SERVER['HTTP_AUTHORIZATION'], 7);
- }
- elseif (isset($_SERVER['HTTP_WWW_AUTHENTICATE'])) {
- $digest = $_SERVER['HTTP_WWW_AUTHENTICATE'];
- }
- return $digest;
- }
- // This function forces a login prompt
- function requireLogin($realm,$nonce) {
- header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth",nonce="' . $nonce . '",opaque="' . md5($realm) . '"');
- header('HTTP/1.1 401');
- echo 'Authentication Canceled';
- die();
- }
- // This function extracts the separate values from the digest string
- function digestParse($digest) {
- // protect against missing data
- $needed_parts = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
- $data = array();
- preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $digest, $matches, PREG_SET_ORDER);
- foreach ($matches as $m) {
- $data[$m[1]] = $m[2] ? $m[2] : $m[3];
- unset($needed_parts[$m[1]]);
- }
- return $needed_parts ? false : $data;
- }
|