[PHP-DOC] cvs: phpdoc /en/appendices reserved.xml /en/features http-auth.xml

Sun, 10 Apr 2005 02:56:55 -0700 

nlopess         Sun Apr 10 05:56:39 2005 EDT

  Modified files:              
    /phpdoc/en/appendices       reserved.xml 
    /phpdoc/en/features http-auth.xml 
  Log:
  document the HTTP Digest auth
  update the PHP_AUTH_* vars to reflect the IIS change
  
http://cvs.php.net/diff.php/phpdoc/en/appendices/reserved.xml?r1=1.54&r2=1.55&ty=u
Index: phpdoc/en/appendices/reserved.xml
diff -u phpdoc/en/appendices/reserved.xml:1.54 
phpdoc/en/appendices/reserved.xml:1.55
--- phpdoc/en/appendices/reserved.xml:1.54      Wed Dec 29 07:46:05 2004
+++ phpdoc/en/appendices/reserved.xml   Sun Apr 10 05:56:38 2005
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.54 $ -->
+<!-- $Revision: 1.55 $ -->
 
  <appendix id="reserved">
   <title>List of Reserved Words</title>
@@ -686,11 +686,24 @@
       </varlistentry>
 
       <varlistentry>
+       <term>'<varname>PHP_AUTH_DIGEST</varname>'</term>
+       <listitem>
+        <simpara>
+         When running under Apache as module doing Digest HTTP authentication
+         this variable is set to the 'Authorization' header sent by the
+         client (which you should then use to make the appropriate
+         validation).
+        </simpara>
+       </listitem>
+      </varlistentry>
+
+      <varlistentry>
        <term>'<varname>PHP_AUTH_USER</varname>'</term>
        <listitem>
         <simpara>
-         When running under Apache as module doing HTTP authentication this
-         variable is set to the username provided by the user.
+         When running under Apache or IIS (ISAPI on PHP 5) as module doing
+         HTTP authentication this variable is set to the username provided by
+         the user.
         </simpara>
        </listitem>
       </varlistentry>
@@ -699,8 +712,9 @@
        <term>'<varname>PHP_AUTH_PW</varname>'</term>
        <listitem>
         <simpara>
-         When running under Apache as module doing HTTP authentication this
-         variable is set to the password provided by the user.
+         When running under Apache or IIS (ISAPI on PHP 5) as module doing
+         HTTP authentication this variable is set to the password provided by
+         the user.
         </simpara>
        </listitem>
       </varlistentry>
http://cvs.php.net/diff.php/phpdoc/en/features/http-auth.xml?r1=1.41&r2=1.42&ty=u
Index: phpdoc/en/features/http-auth.xml
diff -u phpdoc/en/features/http-auth.xml:1.41 
phpdoc/en/features/http-auth.xml:1.42
--- phpdoc/en/features/http-auth.xml:1.41       Wed Dec  8 10:36:10 2004
+++ phpdoc/en/features/http-auth.xml    Sun Apr 10 05:56:39 2005
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.41 $ -->
+<!-- $Revision: 1.42 $ -->
  <chapter id="features.http-auth">
   <title>HTTP authentication with PHP</title>
 
@@ -16,9 +16,9 @@
    and <varname>AUTH_TYPE</varname> set to the user name, password and 
    authentication type respectively.  These predefined variables are found 
    in the <link linkend="reserved.variables.server">$_SERVER</link> and 
-   <varname>$HTTP_SERVER_VARS</varname> arrays.  Only "Basic" authentication 
-   is supported. See the <function>header</function> function for more 
-   information.
+   <varname>$HTTP_SERVER_VARS</varname> arrays. Both "Basic" and "Digest"
+   (since PHP 5.1.0) authentication methods are supported. See the
+   <function>header</function> function for more information.
   </simpara>
 
   <note>
@@ -37,7 +37,7 @@
   </para>
   <para>
    <example>
-    <title>HTTP Authentication example</title>
+    <title>Basic HTTP Authentication example</title>
     <programlisting role="php">
 <![CDATA[
 <?php
@@ -56,6 +56,55 @@
    </example>
   </para>
 
+  <para>
+   <example>
+    <title>Digest HTTP Authentication example</title>
+    <para>
+     This example shows you how to implement a simple Digest HTTP
+     authentication script. For more information read the <ulink
+      url="&url.rfc;2617">RFC 2617</ulink>.
+    </para>
+    <programlisting role="php">
+<![CDATA[
+<?php
+$realm = 'Restricted area';
+
+//user => password
+$users = array('admin' => 'mypass', 'guest' => 'guest');
+
+
+if (!isset($_SERVER['PHP_AUTH_DIGEST'])) {
+    header('HTTP/1.1 401 Unauthorized');
+    header('WWW-Authenticate: Digest realm="'.$realm.
+           '" qop="auth" nonce="'.uniqid().'" opaque="'.md5($realm).'"');
+
+    die('Text to send if user hits Cancel button');
+}
+
+// analise the PHP_AUTH_DIGEST variable
+preg_match('/username="(?P<username>.*)",\s*realm="(?P<realm>.*)",\s*nonce="(?P<nonce>.*)",\s*uri="(?P<uri>.*)",\s*response="(?P<response>.*)",\s*opaque="(?P<opaque>.*)",\s*qop=(?P<qop>.*),\s*nc=(?P<nc>.*),\s*cnonce="(?P<cnonce>.*)"/',
 $_SERVER['PHP_AUTH_DIGEST'], $digest);
+
+if (!isset($users[$digest['username']]))
+    die('Username not valid!');
+
+
+// generate the valid response
+$A1 = md5($digest['username'] . ':' . $realm . ':' . 
$users[$digest['username']]);
+$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$digest['uri']);
+$valid_response = 
md5($A1.':'.$digest['nonce'].':'.$digest['nc'].':'.$digest['cnonce'].':'.$digest['qop'].':'.$A2);
+
+if ($digest['response'] != $valid_response)
+    die('Wrong Credentials!');
+
+// ok, valid username & password
+echo 'Your are logged in as: ' . $digest['username'];
+
+?>
+]]>
+    </programlisting>
+   </example>
+  </para>
+
   <note>
    <title>Compatibility Note</title>
    <para>

Reply via email to