搜索
首页后端开发php教程DooDigestAuth php(后台)授权管理类 web浏览器授权

DooDigestAuth php(后台)授权管理类 web浏览器授权

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jul 29, 2016 am 09:15 AM
datahttpmatchrealm

<span>  1</span> <span>php
</span><span>  2</span><span>/*</span><span>*
</span><span>  3</span><span> * DooDigestAuth class file.
</span><span>  4</span><span> *
</span><span>  5</span><span> * @author Leng Sheng Hong <darkredz>
</darkredz></span><span>  6</span><span> * @link http://www.doophp.com/
</span><span>  7</span><span> * @copyright Copyright © 2009 Leng Sheng Hong
</span><span>  8</span><span> * @license http://www.doophp.com/license
</span><span>  9</span><span>*/</span><span> 10</span><span> 11</span><span>/*</span><span>*
</span><span> 12</span><span> * Handles HTTP digest authentication
</span><span> 13</span><span> *
</span><span> 14</span><span> * <p>HTTP digest authentication can be used with the URI router.
</p></span><span> 15</span><span> * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption.
</span><span> 16</span><span> * If you are running PHP on Apache in CGI/FastCGI mode, you would need to
</span><span> 17</span><span> * add the following line to your .htaccess for digest auth to work correctly.
</span><span> 18</span><span> * <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code>
</span><span> 19</span><span> *
</span><span> 20</span><span> * <p>This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.</p>
</span><span> 21</span><span> *
</span><span> 22</span><span> * @author Leng Sheng Hong <darkredz>
</darkredz></span><span> 23</span><span> * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22
</span><span> 24</span><span> * @package doo.auth
</span><span> 25</span><span> * @since 1.0
</span><span> 26</span><span>*/</span><span> 27</span><span>class</span><span> DooDigestAuth{
</span><span> 28</span><span> 29</span><span>/*</span><span>*
</span><span> 30</span><span>     * Authenticate against a list of username and passwords.
</span><span> 31</span><span>     *
</span><span> 32</span><span>     * <p>HTTP Digest Authentication doesn't work with PHP in CGI mode,
</p></span><span> 33</span><span>     * you have to add this into your .htaccess <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code>
</span><span> 34</span><span>     *
</span><span> 35</span><span>     * @param string $realm Name of the authentication session
</span><span> 36</span><span>     * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2')
</span><span> 37</span><span>     * @param string $fail_msg Message to be displayed if the User cancel the login
</span><span> 38</span><span>     * @param string $fail_url URL to be redirect if the User cancel the login
</span><span> 39</span><span>     * @return string The username if login success.
</span><span> 40</span><span>*/</span><span> 41</span><span>public</span><span>static</span><span>function</span> http_auth(<span>$realm</span>, <span>$users</span>, <span>$fail_msg</span>=<span>NULL</span>, <span>$fail_url</span>=<span>NULL</span><span>){
</span><span> 42</span><span>$realm</span> = "Restricted area - <span>$realm</span>"<span>;
</span><span> 43</span><span> 44</span><span>//</span><span>user => password
</span><span> 45</span><span>        //$users = array('admin' => '1234', 'guest' => 'guest');</span><span> 46</span><span>if</span>(!<span>empty</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION']) && <span>strpos</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0<span>){
</span><span> 47</span><span>$_SERVER</span>['PHP_AUTH_DIGEST'] = <span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'<span>];
</span><span> 48</span><span>        }
</span><span> 49</span><span> 50</span><span>if</span> (<span>empty</span>(<span>$_SERVER</span>['PHP_AUTH_DIGEST'<span>])) {
</span><span> 51</span><span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 52</span>                    '",qop="auth",n>uniqid().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 53</span><span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 54</span><span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 55</span><span>die</span>(<span>$fail_msg</span><span>);
</span><span> 56</span><span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 57</span><span>die</span>("<script>window.location.href = '<span>$fail_url'</script>"<span>);
</span><span> 58</span><span>exit</span><span>;
</span><span> 59</span><span>        }
</span><span> 60</span><span> 61</span><span>//</span><span> analyze the PHP_AUTH_DIGEST variable</span><span> 62</span><span>if</span> (!(<span>$data</span> = self::http_digest_parse(<span>$_SERVER</span>['PHP_AUTH_DIGEST'])) || !<span>isset</span>(<span>$users</span>[<span>$data</span>['username'<span>]])){
</span><span> 63</span><span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 64</span>                    '",qop="auth",n>uniqid().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 65</span><span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 66</span><span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 67</span><span>die</span>(<span>$fail_msg</span><span>);
</span><span> 68</span><span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 69</span><span>die</span>("<script>window.location.href = '<span>$fail_url'</script>"<span>);
</span><span> 70</span><span>exit</span><span>;
</span><span> 71</span><span>        }
</span><span> 72</span><span> 73</span><span>//</span><span> generate the valid response</span><span> 74</span><span>$A1</span> = <span>md5</span>(<span>$data</span>['username'] . ':' . <span>$realm</span> . ':' . <span>$users</span>[<span>$data</span>['username'<span>]]);
</span><span> 75</span><span>$A2</span> = <span>md5</span>(<span>$_SERVER</span>['REQUEST_METHOD'].':'.<span>$data</span>['uri'<span>]);
</span><span> 76</span><span>$valid_response</span> = <span>md5</span>(<span>$A1</span>.':'.<span>$data</span>['nonce'].':'.<span>$data</span>['nc'].':'.<span>$data</span>['cnonce'].':'.<span>$data</span>['qop'].':'.<span>$A2</span><span>);
</span><span> 77</span><span> 78</span><span>if</span> (<span>$data</span>['response'] != <span>$valid_response</span><span>){
</span><span> 79</span><span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 80</span><span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 81</span>                    '",qop="auth",n>uniqid().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 82</span><span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 83</span><span>die</span>(<span>$fail_msg</span><span>);
</span><span> 84</span><span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 85</span><span>die</span>("<script>window.location.href = '<span>$fail_url'</script>"<span>);
</span><span> 86</span><span>exit</span><span>;
</span><span> 87</span><span>        }
</span><span> 88</span><span> 89</span><span>//</span><span> ok, valid username & password</span><span> 90</span><span>return</span><span>$data</span>['username'<span>];
</span><span> 91</span><span>    }
</span><span> 92</span><span> 93</span><span>/*</span><span>*
</span><span> 94</span><span>     * Method to parse the http auth header, works with IE.
</span><span> 95</span><span>     *
</span><span> 96</span><span>     * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do.
</span><span> 97</span><span>     *
</span><span> 98</span><span>     * @param string $txt header string to parse
</span><span> 99</span><span>     * @return array An assoc array of the digest auth session
</span><span>100</span><span>*/</span><span>101</span><span>private</span><span>static</span><span>function</span> http_digest_parse(<span>$txt</span><span>)
</span><span>102</span><span>    {
</span><span>103</span><span>$res</span> = <span>preg_match</span>("/username=\"([^\"]+)\"/i", <span>$txt</span>, <span>$match</span><span>);
</span><span>104</span><span>$data</span>['username'] = (<span>isset</span>(<span>$match</span>[1]))?<span>$match</span>[1]:<span>null</span><span>;
</span><span>105</span><span>$res</span> = <span>preg_match</span>('/n/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>106</span><span>$data</span>['nonce'] = <span>$match</span>[1<span>];
</span><span>107</span><span>$res</span> = <span>preg_match</span>('/nc=([0-9]+)/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>108</span><span>$data</span>['nc'] = <span>$match</span>[1<span>];
</span><span>109</span><span>$res</span> = <span>preg_match</span>('/cn/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>110</span><span>$data</span>['cnonce'] = <span>$match</span>[1<span>];
</span><span>111</span><span>$res</span> = <span>preg_match</span>('/qop=([^,]+)/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>112</span><span>$data</span>['qop'] = <span>str_replace</span>('"','',<span>$match</span>[1<span>]);
</span><span>113</span><span>$res</span> = <span>preg_match</span>('/uri=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>114</span><span>$data</span>['uri'] = <span>$match</span>[1<span>];
</span><span>115</span><span>$res</span> = <span>preg_match</span>('/resp/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>116</span><span>$data</span>['response'] = <span>$match</span>[1<span>];
</span><span>117</span><span>return</span><span>$data</span><span>;
</span><span>118</span><span>    }
</span><span>119</span><span>120</span><span>121</span> }

 调用方法:

<span>1</span><span>require_once</span>(<span>dirname</span>(<span>__FILE__</span>)."/DooDigestAuth.php"<span>);
</span><span>2</span> DooDigestAuth::http_auth('example.com', <span>array</span>('admin'=>"123456789"));

phpweb授权登录可有效防止后台暴力破解

 下载地址:http://files.cnblogs.com/files/func/DooDigestAuth.zip

以上就介绍了DooDigestAuth php(后台)授权管理类 web浏览器授权,包括了方面的内容,希望对PHP教程有兴趣的朋友有所帮助。

声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
相关文章
继续使用PHP:耐力的原因继续使用PHP:耐力的原因Apr 19, 2025 am 12:23 AM

PHP仍然流行的原因是其易用性、灵活性和强大的生态系统。1)易用性和简单语法使其成为初学者的首选。2)与web开发紧密结合,处理HTTP请求和数据库交互出色。3)庞大的生态系统提供了丰富的工具和库。4)活跃的社区和开源性质使其适应新需求和技术趋势。

PHP和Python:探索他们的相似性和差异PHP和Python:探索他们的相似性和差异Apr 19, 2025 am 12:21 AM

PHP和Python都是高层次的编程语言,广泛应用于Web开发、数据处理和自动化任务。1.PHP常用于构建动态网站和内容管理系统,而Python常用于构建Web框架和数据科学。2.PHP使用echo输出内容,Python使用print。3.两者都支持面向对象编程,但语法和关键字不同。4.PHP支持弱类型转换,Python则更严格。5.PHP性能优化包括使用OPcache和异步编程,Python则使用cProfile和异步编程。

PHP和Python:解释了不同的范例PHP和Python:解释了不同的范例Apr 18, 2025 am 12:26 AM

PHP主要是过程式编程,但也支持面向对象编程(OOP);Python支持多种范式,包括OOP、函数式和过程式编程。PHP适合web开发,Python适用于多种应用,如数据分析和机器学习。

PHP和Python:深入了解他们的历史PHP和Python:深入了解他们的历史Apr 18, 2025 am 12:25 AM

PHP起源于1994年,由RasmusLerdorf开发,最初用于跟踪网站访问者,逐渐演变为服务器端脚本语言,广泛应用于网页开发。Python由GuidovanRossum于1980年代末开发,1991年首次发布,强调代码可读性和简洁性,适用于科学计算、数据分析等领域。

在PHP和Python之间进行选择:指南在PHP和Python之间进行选择:指南Apr 18, 2025 am 12:24 AM

PHP适合网页开发和快速原型开发,Python适用于数据科学和机器学习。1.PHP用于动态网页开发,语法简单,适合快速开发。2.Python语法简洁,适用于多领域,库生态系统强大。

PHP和框架:现代化语言PHP和框架:现代化语言Apr 18, 2025 am 12:14 AM

PHP在现代化进程中仍然重要,因为它支持大量网站和应用,并通过框架适应开发需求。1.PHP7提升了性能并引入了新功能。2.现代框架如Laravel、Symfony和CodeIgniter简化开发,提高代码质量。3.性能优化和最佳实践进一步提升应用效率。

PHP的影响:网络开发及以后PHP的影响:网络开发及以后Apr 18, 2025 am 12:10 AM

PHPhassignificantlyimpactedwebdevelopmentandextendsbeyondit.1)ItpowersmajorplatformslikeWordPressandexcelsindatabaseinteractions.2)PHP'sadaptabilityallowsittoscaleforlargeapplicationsusingframeworkslikeLaravel.3)Beyondweb,PHPisusedincommand-linescrip

PHP类型提示如何起作用,包括标量类型,返回类型,联合类型和无效类型?PHP类型提示如何起作用,包括标量类型,返回类型,联合类型和无效类型?Apr 17, 2025 am 12:25 AM

PHP类型提示提升代码质量和可读性。1)标量类型提示:自PHP7.0起,允许在函数参数中指定基本数据类型,如int、float等。2)返回类型提示:确保函数返回值类型的一致性。3)联合类型提示:自PHP8.0起,允许在函数参数或返回值中指定多个类型。4)可空类型提示:允许包含null值,处理可能返回空值的函数。

See all articles

热AI工具

Undresser.AI Undress

Undresser.AI Undress

人工智能驱动的应用程序,用于创建逼真的裸体照片

AI Clothes Remover

AI Clothes Remover

用于从照片中去除衣服的在线人工智能工具。

Undress AI Tool

Undress AI Tool

免费脱衣服图片

Clothoff.io

Clothoff.io

AI脱衣机

Video Face Swap

Video Face Swap

使用我们完全免费的人工智能换脸工具轻松在任何视频中换脸!

显示更多

热门文章

刺客信条阴影:贝壳谜语解决方案
3 周前ByDDD
Windows 11 KB5054979中的新功能以及如何解决更新问题
2 周前ByDDD
在哪里可以找到原子中的起重机控制钥匙卡
3 周前ByDDD
刺客信条阴影 - 如何找到铁匠,解锁武器和装甲定制
1 个月前ByDDD
<🎜>:死铁路 - 如何完成所有挑战
3 周前ByDDD
显示更多

热工具

螳螂BT

螳螂BT

Mantis是一个易于部署的基于Web的缺陷跟踪工具,用于帮助产品缺陷跟踪。它需要PHP、MySQL和一个Web服务器。请查看我们的演示和托管服务。

mPDF

mPDF

mPDF是一个PHP库,可以从UTF-8编码的HTML生成PDF文件。原作者Ian Back编写mPDF以从他的网站上“即时”输出PDF文件,并处理不同的语言。与原始脚本如HTML2FPDF相比,它的速度较慢,并且在使用Unicode字体时生成的文件较大,但支持CSS样式等,并进行了大量增强。支持几乎所有语言,包括RTL(阿拉伯语和希伯来语)和CJK(中日韩)。支持嵌套的块级元素(如P、DIV),

Dreamweaver CS6

Dreamweaver CS6

视觉化网页开发工具

DVWA

DVWA

Damn Vulnerable Web App (DVWA) 是一个PHP/MySQL的Web应用程序,非常容易受到攻击。它的主要目标是成为安全专业人员在合法环境中测试自己的技能和工具的辅助工具,帮助Web开发人员更好地理解保护Web应用程序的过程,并帮助教师/学生在课堂环境中教授/学习Web应用程序安全。DVWA的目标是通过简单直接的界面练习一些最常见的Web漏洞,难度各不相同。请注意,该软件中

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

功能强大的PHP集成开发环境

显示更多

热门话题

gmail邮箱登陆入口在哪里
7634
15
CakePHP 教程
1390
52
steam的账户名称是什么格式
90
11
win11激活密钥永久
71
19
NYT连接提示和答案
32
148
显示更多