javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?-PHP Tutorial-php.cn

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Dec 01, 2016 am 01:27 AM

authhttpjavascriptphp

php摘要认证(digest) 在 firefox 中或 ie浏览器 中都能够正常弹出认证窗口，但是在 chrome内核的浏览器(例如：360安全浏览器) 中无法弹出认证窗口（广告过滤插件等已经关掉了）。

<code>PHP 代码：
    $realm  = 'ftl.com';
    $qop    = 'auth';
    $nonce  = md5(time());
    header('WWW-Authenticate: Digest realm=' . $realm . ' qop=' . $qop . ' nonce=' . $nonce);
    header('HTTP/1.1 401 Unauthorized');
    echo '你取消了验证！';
    exit;</code>

上面这段代码在 360安全浏览器中 显示：

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

查看头部信息：

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

在 Request Headers 中没有 Authorization 头的相关信息。

然而在 firefox 中同一段代码的显示界面如下：

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

验证成功后查看头部信息如下：

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

在请求头中也有 Authorization 头。

怎样在 chrome 内核的浏览器中完成 digest 认证（PHP 官网教程的代码在也会出现这个问题）？？

最后，贴出完整的测试代码：

Javscript 部分：

<code>var url = 'php/xhr.php';
var xhr = new XMLHttpRequest();
xhr.open('post' , url , true , 'test' , '123456');
xhr.setRequestHeader('Content-Type' , 'Application/x-www-form-urlencoded');
xhr.send(null);
xhr.onload = function(){
    console.log('服务端反馈会数据：' , this.response);
}</code>

PHP 部分：

<code>
$users = array('test' => '123456');

if (!isset($_SERVER['PHP_AUTH_DIGEST'])) {
    authenticate();
    exit;
}

$digest = explode(',' , trim_all($_SERVER['PHP_AUTH_DIGEST'] , true));

$rel = array();

array_walk($digest , function($val){
    global $rel;
    $arr = explode('=' , $val);
    $rel[$arr[0]] = $arr[1];
    unset($arr);
});

unset($digest);

// 安全部分
$secure_part = $rel['username'] . ':' . $rel['realm'] . ':' . $users[$rel['username']];

// 报文部分
$header_part = $_SERVER['REQUEST_METHOD'] . ':' . $rel['uri'];

// 摘要计算
$response = md5($secure_part) . ':' . $rel['nonce'] . ':' . $rel['nc'] . ':' . $rel['cnonce'] . ':' . $rel['qop'] . ':' . md5($header_part);
$response = md5($response);

// 验证
if ($rel['response'] === $response) {
    echo '验证成功！';
} else {
    //authenticate();
    echo '验证失败！';
}

// 认证函数
function authenticate(){
    $realm  = 'ftl.com';
    $qop    = 'auth';
    $nonce  = md5(time());

    header('WWW-Authenticate: Digest realm=' . $realm . ' qop=' . $qop . ' nonce=' . $nonce);
    header('HTTP/1.1 401 Unauthorized');

    echo '你取消了验证！';
    exit;
}

/*
 * 过滤
 * 基本过滤：空格 \r \n 字符串
 * 加强过滤：单引号 双引号
 */
function trim_all($str = '' , $isStripQuote = false){
    $str = preg_replace('/^( |\r|\n)+/'       ,  ''   , $str);
    $str = preg_replace('/( |\r|\n)+$/'       ,  ''   , $str);
    $str = preg_replace('/(\W)( |\r|\n)+/' ,  '$1' , $str);
    $str = preg_replace('/( |\r|\n)+(\W)/' ,  '$2' , $str);

    if ($isStripQuote) {
        $str = preg_replace('/"|\'/' , '' , $str);
    }

    return $str;
}
</code>

回复内容：

<code>PHP 代码：
    $realm  = 'ftl.com';
    $qop    = 'auth';
    $nonce  = md5(time());
    header('WWW-Authenticate: Digest realm=' . $realm . ' qop=' . $qop . ' nonce=' . $nonce);
    header('HTTP/1.1 401 Unauthorized');
    echo '你取消了验证！';
    exit;</code>

上面这段代码在 360安全浏览器中 显示：

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

查看头部信息：

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

在 Request Headers 中没有 Authorization 头的相关信息。

然而在 firefox 中同一段代码的显示界面如下：

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

验证成功后查看头部信息如下：

javascript - How to solve the problem that the authentication box does not pop up in the chrome kernel browser for PHP http Digest authentication? ?

在请求头中也有 Authorization 头。

怎样在 chrome 内核的浏览器中完成 digest 认证（PHP 官网教程的代码在也会出现这个问题）？？

最后，贴出完整的测试代码：

Javscript 部分：

<code>var url = 'php/xhr.php';
var xhr = new XMLHttpRequest();
xhr.open('post' , url , true , 'test' , '123456');
xhr.setRequestHeader('Content-Type' , 'Application/x-www-form-urlencoded');
xhr.send(null);
xhr.onload = function(){
    console.log('服务端反馈会数据：' , this.response);
}</code>

PHP 部分：

<code>
$users = array('test' => '123456');

if (!isset($_SERVER['PHP_AUTH_DIGEST'])) {
    authenticate();
    exit;
}

$digest = explode(',' , trim_all($_SERVER['PHP_AUTH_DIGEST'] , true));

$rel = array();

array_walk($digest , function($val){
    global $rel;
    $arr = explode('=' , $val);
    $rel[$arr[0]] = $arr[1];
    unset($arr);
});

unset($digest);

// 安全部分
$secure_part = $rel['username'] . ':' . $rel['realm'] . ':' . $users[$rel['username']];

// 报文部分
$header_part = $_SERVER['REQUEST_METHOD'] . ':' . $rel['uri'];

// 摘要计算
$response = md5($secure_part) . ':' . $rel['nonce'] . ':' . $rel['nc'] . ':' . $rel['cnonce'] . ':' . $rel['qop'] . ':' . md5($header_part);
$response = md5($response);

// 验证
if ($rel['response'] === $response) {
    echo '验证成功！';
} else {
    //authenticate();
    echo '验证失败！';
}

// 认证函数
function authenticate(){
    $realm  = 'ftl.com';
    $qop    = 'auth';
    $nonce  = md5(time());

    header('WWW-Authenticate: Digest realm=' . $realm . ' qop=' . $qop . ' nonce=' . $nonce);
    header('HTTP/1.1 401 Unauthorized');

    echo '你取消了验证！';
    exit;
}

/*
 * 过滤
 * 基本过滤：空格 \r \n 字符串
 * 加强过滤：单引号 双引号
 */
function trim_all($str = '' , $isStripQuote = false){
    $str = preg_replace('/^( |\r|\n)+/'       ,  ''   , $str);
    $str = preg_replace('/( |\r|\n)+$/'       ,  ''   , $str);
    $str = preg_replace('/(\W)( |\r|\n)+/' ,  '$1' , $str);
    $str = preg_replace('/( |\r|\n)+(\W)/' ,  '$2' , $str);

    if ($isStripQuote) {
        $str = preg_replace('/"|\'/' , '' , $str);
    }

    return $str;
}
</code>

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AM

APHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.

Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AM

Select DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.

PHP performance optimization strategies.May 13, 2025 am 12:06 AM

PHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi

PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AM

PHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl

How to make PHP applications fasterMay 12, 2025 am 12:12 AM

TomakePHPapplicationsfaster,followthesesteps:1)UseOpcodeCachinglikeOPcachetostoreprecompiledscriptbytecode.2)MinimizeDatabaseQueriesbyusingquerycachingandefficientindexing.3)LeveragePHP7 Featuresforbettercodeefficiency.4)ImplementCachingStrategiessuc

PHP Performance Optimization Checklist: Improve Speed NowMay 12, 2025 am 12:07 AM

ToimprovePHPapplicationspeed,followthesesteps:1)EnableopcodecachingwithAPCutoreducescriptexecutiontime.2)ImplementdatabasequerycachingusingPDOtominimizedatabasehits.3)UseHTTP/2tomultiplexrequestsandreduceconnectionoverhead.4)Limitsessionusagebyclosin

PHP Dependency Injection: Improve Code TestabilityMay 12, 2025 am 12:03 AM

Dependency injection (DI) significantly improves the testability of PHP code by explicitly transitive dependencies. 1) DI decoupling classes and specific implementations make testing and maintenance more flexible. 2) Among the three types, the constructor injects explicit expression dependencies to keep the state consistent. 3) Use DI containers to manage complex dependencies to improve code quality and development efficiency.

PHP Performance Optimization: Database Query OptimizationMay 12, 2025 am 12:02 AM

DatabasequeryoptimizationinPHPinvolvesseveralstrategiestoenhanceperformance.1)Selectonlynecessarycolumnstoreducedatatransfer.2)Useindexingtospeedupdataretrieval.3)Implementquerycachingtostoreresultsoffrequentqueries.4)Utilizepreparedstatementsforeffi

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055612 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

Dreamweaver CS6

Visual web development tools

Hot Topics

1669

1428

1329

1273

1256