Example #1
0
function force_login()
{
    $realm = defined('AUTH_REALM') ? AUTH_REALM : null;
    $validUser = defined('AUTH_USER') ? AUTH_USER : null;
    $validPass = defined('AUTH_PASS') ? AUTH_PASS : null;
    if (empty($realm)) {
        return;
    }
    if (empty($validUser)) {
        return;
    }
    if (empty($validPass)) {
        return;
    }
    // Just a random id
    $nonce = uniqid();
    // Get the digest from the http header
    $digest = getDigest();
    // If there was no digest, show login
    if (is_null($digest)) {
        requireLogin($realm, $nonce);
    }
    $digestParts = digestParse($digest);
    // Based on all the info we gathered we can figure out what the response should be
    $A1 = md5("{$validUser}:{$realm}:{$validPass}");
    $A2 = md5("{$_SERVER['REQUEST_METHOD']}:{$digestParts['uri']}");
    $validResponse = md5("{$A1}:{$digestParts['nonce']}:{$digestParts['nc']}:{$digestParts['cnonce']}:{$digestParts['qop']}:{$A2}");
    if ($digestParts['response'] != $validResponse) {
        requireLogin($realm, $nonce);
    }
}
Example #2
0
<?php

/* For licensing terms, see /license.txt */
/**
 * @package chamilo.webservices
 */
$realm = 'The batcave';
// Just a random id
$nonce = uniqid();
// Get the digest from the http header
$digest = getDigest();
// If there was no digest, show login
if (is_null($digest)) {
    requireLogin($realm, $nonce);
}
$digestParts = digestParse($digest);
$validUser = '******';
$validPass = '******';
// Based on all the info we gathered we can figure out what the response should be
$A1 = md5("{$digestParts['username']}:{$realm}:{$validPass}");
$A2 = md5("{$_SERVER['REQUEST_METHOD']}:{$digestParts['uri']}");
$validResponse = md5("{$A1}:{$digestParts['nonce']}:{$digestParts['nc']}:{$digestParts['cnonce']}:{$digestParts['qop']}:{$A2}");
if ($digestParts['response'] != $validResponse) {
    requireLogin($realm, $nonce);
} else {
    // We're in!
    echo 'a7532ae474e5e66a0c16eddab02e02a7';
    die;
}
// This function returns the digest string
function getDigest()
Example #3
0
function digestVerify($realm, $A1, $authtype)
{
    if ($authtype == 'basic') {
        if (!isset($_SERVER['PHP_AUTH_USER'])) {
            header('WWW-Authenticate: Basic realm="' . $realm . '"');
            header('HTTP/1.1 401 Unauthorized');
            echo 'AUTHORIZATION FAILED';
            die;
        }
        return $A1 === md5($_SERVER['PHP_AUTH_USER'] . ':' . $realm . ':' . $_SERVER['PHP_AUTH_PW']);
    } else {
        $nonce = uniqid();
        $digest = getDigest($authtype);
        if (!$digest) {
            header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth",nonce="' . $nonce . '",opaque="' . md5($realm) . '"');
            header('HTTP/1.1 401 Unauthorized');
            echo 'AUTHORIZATION FAILED';
            die;
        }
        $digestParts = digestParse($digest, $authtype);
        $A2 = md5("{$_SERVER['REQUEST_METHOD']}:{$digestParts['uri']}");
        $validResponse = md5("{$A1}:{$digestParts['nonce']}:{$digestParts['nc']}:{$digestParts['cnonce']}:{$digestParts['qop']}:{$A2}");
        return $digestParts['response'] === $validResponse;
    }
}