-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.php
77 lines (56 loc) · 2.06 KB
/
auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
/* This file is part of PHP Kochbuch
Copyright (C) 2013-2016 Thomas Tuerk <[email protected]>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
*/
function auth_fail () {
global $REALM;
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$REALM.
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($REALM).'"');
die('Keine Berechtigung! <a href="index.php">Anmelden</a>');
}
function http_digest_parse($txt)
{
// protect against missing data
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
$data = array();
$keys = implode('|', array_keys($needed_parts));
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
return $needed_parts ? false : $data;
}
function getUserPassword($username) {
global $AUTHORS;
return ($AUTHORS[$username][0]);
}
function isValidUser($username) {
global $AUTHORS;
return (isset($AUTHORS[$username]));
}
function login() {
global $REALM;
if (isset ($_GET['logout'])) {
unset ($_SERVER['PHP_AUTH_DIGEST']);
}
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
auth_fail();
}
// analyze the PHP_AUTH_DIGEST variable
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']))) auth_fail();
if (!(isValidUser($data['username']))) auth_fail();
// generate the valid response
$A1 = md5($data['username'] . ':' . $REALM . ':' . getUserPassword($data['username']));
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
if ($data['response'] != $valid_response)
auth_fail();
return ($data['username']);
}
?>