DooDigestAuth

Handles HTTP digest authentication.

Defined (1)

The class is defined in the following location(s).

/lib/Minify/DooDigestAuth.php  
  1. class DooDigestAuth{ 
  2.  
  3. /** 
  4. * Authenticate against a list of username and passwords. 
  5. * <p>HTTP Digest Authentication doesn't work with PHP in CGI mode,  
  6. * you have to add this into your .htaccess <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}, L]</code></p> 
  7. * @param string $realm Name of the authentication session 
  8. * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2') 
  9. * @param string $fail_msg Message to be displayed if the User cancel the login 
  10. * @param string $fail_url URL to be redirect if the User cancel the login 
  11. * @return string The username if login success. 
  12. */ 
  13. public static function http_auth($realm, $users, $fail_msg=NULL, $fail_url=NULL) { 
  14. $realm = "Restricted area - $realm"; 
  15.  
  16. //user => password 
  17. //$users = array('admin' => '1234', 'guest' => 'guest'); 
  18. if(!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0) { 
  19. $_SERVER['PHP_AUTH_DIGEST'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; 
  20.  
  21. if (empty($_SERVER['PHP_AUTH_DIGEST'])) { 
  22. header('WWW-Authenticate: Digest realm="'.$realm. 
  23. '", qop="auth", nonce="'.uniqid().'", opaque="'.md5($realm).'"'); 
  24. header('HTTP/1.1 401 Unauthorized'); 
  25. if($fail_msg!=NULL) 
  26. die($fail_msg); 
  27. if($fail_url!=NULL) 
  28. die("<script>window.location.href = '$fail_url'</script>"); 
  29. exit; 
  30.  
  31. // analyze the PHP_AUTH_DIGEST variable 
  32. if (!($data = self::http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']])) { 
  33. header('WWW-Authenticate: Digest realm="'.$realm. 
  34. '", qop="auth", nonce="'.uniqid().'", opaque="'.md5($realm).'"'); 
  35. header('HTTP/1.1 401 Unauthorized'); 
  36. if($fail_msg!=NULL) 
  37. die($fail_msg); 
  38. if($fail_url!=NULL) 
  39. die("<script>window.location.href = '$fail_url'</script>"); 
  40. exit; 
  41.  
  42. // generate the valid response 
  43. $A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); 
  44. $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); 
  45. $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); 
  46.  
  47. if ($data['response'] != $valid_response) { 
  48. header('HTTP/1.1 401 Unauthorized'); 
  49. header('WWW-Authenticate: Digest realm="'.$realm. 
  50. '", qop="auth", nonce="'.uniqid().'", opaque="'.md5($realm).'"'); 
  51. if($fail_msg!=NULL) 
  52. die($fail_msg); 
  53. if($fail_url!=NULL) 
  54. die("<script>window.location.href = '$fail_url'</script>"); 
  55. exit; 
  56.  
  57. // ok, valid username & password 
  58. return $data['username']; 
  59.  
  60. /** 
  61. * Method to parse the http auth header, works with IE. 
  62. * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do. 
  63. * @param string $txt header string to parse 
  64. * @return array An assoc array of the digest auth session 
  65. */ 
  66. private static function http_digest_parse($txt) 
  67. $res = preg_match("/username=\"([^\"]+)\"/i", $txt, $match); 
  68. $data['username'] = (isset($match[1]))?$match[1]:null; 
  69. $res = preg_match('/nonce=\"([^\"]+)\"/i', $txt, $match); 
  70. $data['nonce'] = $match[1]; 
  71. $res = preg_match('/nc=([0-9]+)/i', $txt, $match); 
  72. $data['nc'] = $match[1]; 
  73. $res = preg_match('/cnonce=\"([^\"]+)\"/i', $txt, $match); 
  74. $data['cnonce'] = $match[1]; 
  75. $res = preg_match('/qop=([^, ]+)/i', $txt, $match); 
  76. $data['qop'] = str_replace('"', '', $match[1]); 
  77. $res = preg_match('/uri=\"([^\"]+)\"/i', $txt, $match); 
  78. $data['uri'] = $match[1]; 
  79. $res = preg_match('/response=\"([^\"]+)\"/i', $txt, $match); 
  80. $data['response'] = $match[1]; 
  81. return $data; 
  82.  
  83.