/** * Digest認証本体 * @static */ function auth_digest($realm, $auth_users) { // FIXME: なんかかっこ悪いロジックだぁ if (!isset($_SERVER['PHP_AUTH_DIGEST']) || empty($_SERVER['PHP_AUTH_DIGEST'])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"'); // キャンセルボタンを押下 unset($_SERVER['PHP_AUTH_DIGEST']); return FALSE; } if (isset($_SERVER['PHP_AUTH_DIGEST']) && !($data = auth::http_digest_parse($_SERVER['PHP_AUTH_DIGEST']))) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"'); // キャンセルボタンを押下 unset($_SERVER['PHP_AUTH_DIGEST']); return FALSE; } list($scheme, $salt, $role) = auth::get_data($data['username'], $auth_users); if ($scheme != '{x-digest-md5}') { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"'); // キャンセルボタンを押下 unset($_SERVER['PHP_AUTH_DIGEST']); return FALSE; } // $A1 = md5($data['username'] . ':' . $realm . ':' . $auth_users[$data['username']]); $A1 = $salt; $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); if ($data['response'] != $valid_response) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"'); // キャンセルボタンを押下 unset($_SERVER['PHP_AUTH_DIGEST']); return FALSE; } return TRUE; }
function auth_digest($auth_users) { if (!isset($_SERVER['PHP_AUTH_DIGEST']) || empty($_SERVER['PHP_AUTH_DIGEST'])) { return false; } $data = auth::http_digest_parse($_SERVER['PHP_AUTH_DIGEST']); if ($data === false) { return false; } list($scheme, $salt, $role) = auth::get_data($data['username'], $auth_users); if ($scheme != '{x-digest-md5}') { return false; } // $A1 = md5($data['username'] . ':' . $realm . ':' . $auth_users[$data['username']]); $A1 = $salt; $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); if ($data['response'] != $valid_response) { return false; } return true; }