- 如何用php作线形图的函数
- Yii2的深入学习--入口文件
- 35 PHP视频教程 通过回调函数得到数组交集或差集
- 关于本地计算机无法启动Apache2
- php防止sql注入漏洞代码 && 几种常见攻击的正则表达式
- php+oracle 分页类
- Drupal7安装完整教程
- 用IE远程创建Mysql数据库的简易程序
- PHP 7.0 升级备注
- [视频教程]LAMP兄弟连视PHP函数-strrchr
- PHP数组排序
- PHP String函数分类
- 深圳网站建设系统:根据网站语言显示不同的客服信息
- zendstudio快捷键
- PHP遍历文件夹下的文件和获取到inputname的值
- 微信支付开发(5) 订单查询
- PHP编程中10个最常见的错误
- 手把手搭建WAMP+PHP+SVN开发环境
- 草根的进化PHP语言PHP语言发展简史
- COOKIE和SESSION关系和区别等
- 开启PHP的伪静态
- PHP获取指定URL页面中的所有链接
- 使用PHP编写基于Web的文件管理系统
- PHP学习笔记-数组(1)
- pthreads多线程数据采集
- PHP串行化与JSON
- php tools for visual studio 2013 完美 破解 Cracker
- php-fpm进程关闭与重启脚本详解
- PHP实现的轩宇淘宝客系统源码v2.0.1
- PHP怎样调用MSSQL的存储过程
DooDigestAuthphp(后台)授权管理类web浏览器授权
作者:佚名 php网站开发编辑:admin 更新时间:2022-07-23
1 <?php 2 /** 3 * DooDigestAuth class file. 4 * 5 * @author Leng Sheng Hong <[email protected]> 6 * @link http://www.doophp.com/ 7 * @copyright Copyright © 2009 Leng Sheng Hong 8 * @license http://www.doophp.com/license 9 */ 10 11 /** 12 * Handles HTTP digest authentication 13 * 14 * <p>HTTP digest authentication can be used with the URI router. 15 * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't PRovide any encryption. 16 * If you are running PHP on Apache in CGI/FastCGI mode, you would need to 17 * add the following line to your .htaccess for digest auth to work correctly.</p> 18 * <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code> 19 * 20 * <p>This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.</p> 21 * 22 * @author Leng Sheng Hong <[email protected]> 23 * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22 24 * @package doo.auth 25 * @since 1.0 26 */ 27 class DooDigestAuth{ 28 29 /** 30 * Authenticate against a list of username and passWords. 31 * 32 * <p>HTTP Digest Authentication doesn't work with PHP in CGI mode, 33 * you have to add this into your .htaccess <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code></p> 34 * 35 * @param string $realm Name of the authentication session 36 * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2') 37 * @param string $fail_msg Message to be displayed if the User cancel the login 38 * @param string $fail_url URL to be redirect if the User cancel the login 39 * @return string The username if login success. 40 */ 41 public static function http_auth($realm, $users, $fail_msg=NULL, $fail_url=NULL){ 42 $realm = "Restricted area - $realm"; 43 44 //user => password 45 //$users = array('admin' => '1234', 'guest' => 'guest'); 46 if(!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0){ 47 $_SERVER['PHP_AUTH_DIGEST'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; 48 } 49 50 if (empty($_SERVER['PHP_AUTH_DIGEST'])) { 51 header('WWW-Authenticate: Digest realm="'.$realm. 52 '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); 53 header('HTTP/1.1 401 Unauthorized'); 54 if($fail_msg!=NULL) 55 die($fail_msg); 56 if($fail_url!=NULL) 57 die("<script>window.location.href = '$fail_url'</script>"); 58 exit; 59 } 60 61 // analyze the PHP_AUTH_DIGEST variable 62 if (!($data = self::http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']])){ 63 header('WWW-Authenticate: Digest realm="'.$realm. 64 '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); 65 header('HTTP/1.1 401 Unauthorized'); 66 if($fail_msg!=NULL) 67 die($fail_msg); 68 if($fail_url!=NULL) 69 die("<script>window.location.href = '$fail_url'</script>"); 70 exit; 71 } 72 73 // generate the valid response 74 $A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); 75 $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); 76 $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); 77 78 if ($data['response'] != $valid_response){ 79 header('HTTP/1.1 401 Unauthorized'); 80 header('WWW-Authenticate: Digest realm="'.$realm. 81 '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); 82 if($fail_msg!=NULL) 83 die($fail_msg); 84 if($fail_url!=NULL) 85 die("<script>window.location.href = '$fail_url'</script>"); 86 exit; 87 } 88 89 // ok, valid username & password 90 return $data['username']; 91 } 92 93 /** 94 * Method to parse the http auth header, works with IE. 95 * 96 * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do. 97 * 98 * @param string $txt header string to parse 99 * @return array An assoc array of the digest auth session 100 */ 101 private static function http_digest_parse($txt) 102 { 103 $res = preg_match("/username=\"([^\"]+)\"/i", $txt, $match); 104 $data['username'] = (isset($match[1]))?$match[1]:null; 105 $res = preg_match('/nonce=\"([^\"]+)\"/i', $txt, $match); 106 $data['nonce'] = $match[1]; 107 $res = preg_match('/nc=([0-9]+)/i', $txt, $match); 108 $data['nc'] = $match[1]; 109 $res = preg_match('/cnonce=\"([^\"]+)\"/i', $txt, $match); 110 $data['cnonce'] = $match[1]; 111 $res = preg_match('/qop=([^,]+)/i', $txt, $match); 112 $data['qop'] = str_replace('"','',$match[1]); 113 $res = preg_match('/uri=\"([^\"]+)\"/i', $txt, $match); 114 $data['uri'] = $match[1]; 115 $res = preg_match('/response=\"([^\"]+)\"/i', $txt, $match); 116 $data['response'] = $match[1]; 117 return $data; 118 } 119 120 121 }
调用方法:
1 require_once(dirname(__FILE__)."/DooDigestAuth.php");
2 DooDigestAuth::http_auth('example.com', array('admin'=>"123456789"));
phpweb授权登录可有效防止后台暴力破解
下载地址:http://files.cnblogs.com/files/func/DooDigestAuth.zip