On 9/27/07, Michael B Allen <[EMAIL PROTECTED]> wrote: > Is it possible to do digest authentication from a login form?
Of course I just figured out how to do this in record time. I also just realized that, for reasons not worth going into I can't use this. But for posterity here's the solution: A BSD implementation of both MD5 and Bas64 is here: http://ecmanaut.googlecode.com/svn/trunk/lib/md5.js Here's the client side: <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <script type="text/javascript" src="<?php echo $this->baseUrl; ?>/scripts/md5.js"></script> <script type="text/javascript"> function digest() { realm = document.f.realm.value; username = document.f.username.value; password = document.f.password.value; text = realm + ":" + username + ":"; hash = MD5.base64(text + password); document.f.password.value = MD5.base64(text + hash); } </script> <title>Login</title> </head> <body> <h1>Login</h1> <form name="f" action="<?php echo $this->baseUrl; ?>/login/login" method="POST"> <table border="1"> <tr><td>Username:</td><td> <input type="hidden" name="realm" value="<?php echo $this->escape($this->realm); ?>"/> <input type="text" name="username" value="<?php echo $this->escape($this->username); ?>"/> </td></tr> <tr><td>Password:</td><td><input type="password" name="password"/></td></tr> <tr><td></td><td><input type="submit" value="Login" onClick="digest()"/></td></tr> </table> </form> </body> </html> I haven't actually tried to validate the resulting hash but I'm pretty confident it will work. Mike _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
