ID: 31747 Updated by: [EMAIL PROTECTED] Reported By: Jared dot Williams1 at ntlworld dot com -Status: Open +Status: Closed Bug Type: SOAP related Operating System: Windows 2000/IIS PHP Version: 5CVS-2005-01-28 (dev) -Assigned To: +Assigned To: dmitry New Comment:
Fixed in CVS (HEAD and PHP_5_0). Please verify me. I haven't login on labs.zap2it.com. With new version you can use additional otpion 'authentication' => SOAP_AUTHENTICATION_DIGEST in SoapClient constructor. This option is not necessary, however without it SOAP will first try to login using basic authentication and then using digest authentication. Previous Comments: ------------------------------------------------------------------------ [2005-01-28 19:46:29] Jared dot Williams1 at ntlworld dot com Description: ------------ This is related to http://bugs.php.net/bug.php?id=28041 Using the php5.0-win32-200501280930 snapshot, still seem unable to use Digest Authentication against labs.zap2it.com. Request Headers: POST /tvlistings/xtvdService HTTP/1.1 Host: datadirect.webservices.zap2it.com Connection: Keep-Alive User-Agent: PHP SOAP 0.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "urn:TMSWebServices:xtvdWebService#download" Content-Length: 584 Authorization: Basic ******************* Does appear to be sending Basic authentication details, even thou the service requests only digest. (Security issue). WWW-Authenticate Digest realm="TMSWebServiceRealm", nonce="********************************************************************************", opaque="****************", algorithm=MD5, qop="auth" Reproduce code: --------------- $client = new SoapClient('xtvd.wsdl', array( 'trace' => 1, 'exceptions' => 0, 'login' => USER, 'password' => PASSWORD)); $result = $client->download(time() - 60*3, time() + 60*60*12); echo "<pre>\n"; echo "Response Headers:\n", htmlspecialchars($client->__getLastResponseHeaders()), "\n"; echo "Response:\n", htmlspecialchars($client->__getLastResponse()),"\n"; echo "</pre>"; ?> Expected result: ---------------- XML listings Actual result: -------------- Response Headers: HTTP/1.1 100 Continue Date: Fri, 28 Jan 2005 18:41:23 GMT Server: Orion/2.0.2 Response: <HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY><H1>401 Unauthorized</H1></BODY></HTML> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31747&edit=1
