/**
* Digest認証本体
* @static
*/
function auth_digest($realm, $auth_users)
{
// FIXME: なんかかっこ悪いロジックだぁ
if (!isset($_SERVER['PHP_AUTH_DIGEST']) || empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"');
// キャンセルボタンを押下
unset($_SERVER['PHP_AUTH_DIGEST']);
return FALSE;
}
if (isset($_SERVER['PHP_AUTH_DIGEST']) && !($data = auth::http_digest_parse($_SERVER['PHP_AUTH_DIGEST']))) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"');
// キャンセルボタンを押下
unset($_SERVER['PHP_AUTH_DIGEST']);
return FALSE;
}
list($scheme, $salt, $role) = auth::get_data($data['username'], $auth_users);
if ($scheme != '{x-digest-md5}') {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"');
// キャンセルボタンを押下
unset($_SERVER['PHP_AUTH_DIGEST']);
return FALSE;
}
// $A1 = md5($data['username'] . ':' . $realm . ':' . $auth_users[$data['username']]);
$A1 = $salt;
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
$valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
if ($data['response'] != $valid_response) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"');
// キャンセルボタンを押下
unset($_SERVER['PHP_AUTH_DIGEST']);
return FALSE;
}
return TRUE;
}
function auth_digest($auth_users)
{
if (!isset($_SERVER['PHP_AUTH_DIGEST']) || empty($_SERVER['PHP_AUTH_DIGEST'])) {
return false;
}
$data = auth::http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
if ($data === false) {
return false;
}
list($scheme, $salt, $role) = auth::get_data($data['username'], $auth_users);
if ($scheme != '{x-digest-md5}') {
return false;
}
// $A1 = md5($data['username'] . ':' . $realm . ':' . $auth_users[$data['username']]);
$A1 = $salt;
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
$valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
if ($data['response'] != $valid_response) {
return false;
}
return true;
}
