DooDigestAuth php（后台）授权管理类 web浏览器授权，php网站后台webshell-php手册-php.cn

Table of Contents

DooDigestAuth php（后台）授权管理类 web浏览器授权，php网站后台webshell

Home

php教程

php手册

DooDigestAuth php（后台）授权管理类 web浏览器授权，php网站后台webshell

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 08:54 AM

php web webshell Backstage Authorize Browser manage kind website

DooDigestAuth php（后台）授权管理类 web浏览器授权，php网站后台webshell

<span>  1</span> <?<span>php
</span><span>  2</span> <span>/*</span><span>*
</span><span>  3</span> <span> * DooDigestAuth class file.
</span><span>  4</span> <span> *
</span><span>  5</span> <span> * @author Leng Sheng Hong <darkredz@gmail.com>
</span><span>  6</span> <span> * @link http://www.doophp.com/
</span><span>  7</span> <span> * @copyright Copyright &copy; 2009 Leng Sheng Hong
</span><span>  8</span> <span> * @license http://www.doophp.com/license
</span><span>  9</span>  <span>*/</span>
<span> 10</span> 
<span> 11</span> <span>/*</span><span>*
</span><span> 12</span> <span> * Handles HTTP digest authentication
</span><span> 13</span> <span> *
</span><span> 14</span> <span> * <p>HTTP digest authentication can be used with the URI router.
</span><span> 15</span> <span> * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption.
</span><span> 16</span> <span> * If you are running PHP on Apache in CGI/FastCGI mode, you would need to
</span><span> 17</span> <span> * add the following line to your .htaccess for digest auth to work correctly.</p>
</span><span> 18</span> <span> * <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code>
</span><span> 19</span> <span> *
</span><span> 20</span> <span> * <p>This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.</p>
</span><span> 21</span> <span> *
</span><span> 22</span> <span> * @author Leng Sheng Hong <darkredz@gmail.com>
</span><span> 23</span> <span> * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22
</span><span> 24</span> <span> * @package doo.auth
</span><span> 25</span> <span> * @since 1.0
</span><span> 26</span>  <span>*/</span>
<span> 27</span> <span>class</span><span> DooDigestAuth{
</span><span> 28</span> 
<span> 29</span>     <span>/*</span><span>*
</span><span> 30</span> <span>     * Authenticate against a list of username and passwords.
</span><span> 31</span> <span>     *
</span><span> 32</span> <span>     * <p>HTTP Digest Authentication doesn't work with PHP in CGI mode,
</span><span> 33</span> <span>     * you have to add this into your .htaccess <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code></p>
</span><span> 34</span> <span>     *
</span><span> 35</span> <span>     * @param string $realm Name of the authentication session
</span><span> 36</span> <span>     * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2')
</span><span> 37</span> <span>     * @param string $fail_msg Message to be displayed if the User cancel the login
</span><span> 38</span> <span>     * @param string $fail_url URL to be redirect if the User cancel the login
</span><span> 39</span> <span>     * @return string The username if login success.
</span><span> 40</span>      <span>*/</span>
<span> 41</span>     <span>public</span> <span>static</span> <span>function</span> http_auth(<span>$realm</span>, <span>$users</span>, <span>$fail_msg</span>=<span>NULL</span>, <span>$fail_url</span>=<span>NULL</span><span>){
</span><span> 42</span>         <span>$realm</span> = "Restricted area - <span>$realm</span>"<span>;
</span><span> 43</span> 
<span> 44</span>         <span>//</span><span>user => password
</span><span> 45</span> <span>        //$users = array('admin' => '1234', 'guest' => 'guest');</span>
<span> 46</span>         <span>if</span>(!<span>empty</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION']) && <span>strpos</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0<span>){
</span><span> 47</span>             <span>$_SERVER</span>['PHP_AUTH_DIGEST'] = <span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'<span>];
</span><span> 48</span> <span>        }
</span><span> 49</span> 
<span> 50</span>         <span>if</span> (<span>empty</span>(<span>$_SERVER</span>['PHP_AUTH_DIGEST'<span>])) {
</span><span> 51</span>             <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 52</span>                    '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 53</span>             <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 54</span>             <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 55</span>                 <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 56</span>             <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 57</span>                 <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 58</span>             <span>exit</span><span>;
</span><span> 59</span> <span>        }
</span><span> 60</span> 
<span> 61</span>         <span>//</span><span> analyze the PHP_AUTH_DIGEST variable</span>
<span> 62</span>         <span>if</span> (!(<span>$data</span> = self::http_digest_parse(<span>$_SERVER</span>['PHP_AUTH_DIGEST'])) || !<span>isset</span>(<span>$users</span>[<span>$data</span>['username'<span>]])){
</span><span> 63</span>             <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 64</span>                    '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 65</span>             <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 66</span>             <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 67</span>                 <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 68</span>             <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 69</span>                 <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 70</span>             <span>exit</span><span>;
</span><span> 71</span> <span>        }
</span><span> 72</span> 
<span> 73</span>         <span>//</span><span> generate the valid response</span>
<span> 74</span>         <span>$A1</span> = <span>md5</span>(<span>$data</span>['username'] . ':' . <span>$realm</span> . ':' . <span>$users</span>[<span>$data</span>['username'<span>]]);
</span><span> 75</span>         <span>$A2</span> = <span>md5</span>(<span>$_SERVER</span>['REQUEST_METHOD'].':'.<span>$data</span>['uri'<span>]);
</span><span> 76</span>         <span>$valid_response</span> = <span>md5</span>(<span>$A1</span>.':'.<span>$data</span>['nonce'].':'.<span>$data</span>['nc'].':'.<span>$data</span>['cnonce'].':'.<span>$data</span>['qop'].':'.<span>$A2</span><span>);
</span><span> 77</span> 
<span> 78</span>         <span>if</span> (<span>$data</span>['response'] != <span>$valid_response</span><span>){
</span><span> 79</span>             <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 80</span>             <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 81</span>                    '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 82</span>             <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 83</span>                 <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 84</span>             <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 85</span>                 <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 86</span>             <span>exit</span><span>;
</span><span> 87</span> <span>        }
</span><span> 88</span> 
<span> 89</span>         <span>//</span><span> ok, valid username & password</span>
<span> 90</span>         <span>return</span> <span>$data</span>['username'<span>];
</span><span> 91</span> <span>    }
</span><span> 92</span> 
<span> 93</span>     <span>/*</span><span>*
</span><span> 94</span> <span>     * Method to parse the http auth header, works with IE.
</span><span> 95</span> <span>     *
</span><span> 96</span> <span>     * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do.
</span><span> 97</span> <span>     *
</span><span> 98</span> <span>     * @param string $txt header string to parse
</span><span> 99</span> <span>     * @return array An assoc array of the digest auth session
</span><span>100</span>      <span>*/</span>
<span>101</span>     <span>private</span> <span>static</span> <span>function</span> http_digest_parse(<span>$txt</span><span>)
</span><span>102</span> <span>    {
</span><span>103</span>         <span>$res</span> = <span>preg_match</span>("/username=\"([^\"]+)\"/i", <span>$txt</span>, <span>$match</span><span>);
</span><span>104</span>         <span>$data</span>['username'] = (<span>isset</span>(<span>$match</span>[1]))?<span>$match</span>[1]:<span>null</span><span>;
</span><span>105</span>         <span>$res</span> = <span>preg_match</span>('/nonce=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>106</span>         <span>$data</span>['nonce'] = <span>$match</span>[1<span>];
</span><span>107</span>         <span>$res</span> = <span>preg_match</span>('/nc=([0-9]+)/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>108</span>         <span>$data</span>['nc'] = <span>$match</span>[1<span>];
</span><span>109</span>         <span>$res</span> = <span>preg_match</span>('/cnonce=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>110</span>         <span>$data</span>['cnonce'] = <span>$match</span>[1<span>];
</span><span>111</span>         <span>$res</span> = <span>preg_match</span>('/qop=([^,]+)/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>112</span>         <span>$data</span>['qop'] = <span>str_replace</span>('"','',<span>$match</span>[1<span>]);
</span><span>113</span>         <span>$res</span> = <span>preg_match</span>('/uri=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>114</span>         <span>$data</span>['uri'] = <span>$match</span>[1<span>];
</span><span>115</span>         <span>$res</span> = <span>preg_match</span>('/response=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>116</span>         <span>$data</span>['response'] = <span>$match</span>[1<span>];
</span><span>117</span>         <span>return</span> <span>$data</span><span>;
</span><span>118</span> <span>    }
</span><span>119</span> 
<span>120</span> 
<span>121</span> }

Copy after login

调用方法:

<span>1</span> <span>require_once</span>(<span>dirname</span>(<span>__FILE__</span>)."/DooDigestAuth.php"<span>);
</span><span>2</span> DooDigestAuth::http_auth('example.com', <span>array</span>('admin'=>"123456789"));

Copy after login

phpweb授权登录可有效防止后台暴力破解

下载地址：http://files.cnblogs.com/files/func/DooDigestAuth.zip

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7516

CakePHP Tutorial

1378

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

Explain the match expression (PHP 8 ) and how it differs from switch. Apr 06, 2025 am 12:03 AM

In PHP8, match expressions are a new control structure that returns different results based on the value of the expression. 1) It is similar to a switch statement, but returns a value instead of an execution statement block. 2) The match expression is strictly compared (===), which improves security. 3) It avoids possible break omissions in switch statements and enhances the simplicity and readability of the code.

What is Cross-Site Request Forgery (CSRF) and how do you implement CSRF protection in PHP? Apr 07, 2025 am 12:02 AM

In PHP, you can effectively prevent CSRF attacks by using unpredictable tokens. Specific methods include: 1. Generate and embed CSRF tokens in the form; 2. Verify the validity of the token when processing the request.

How can you prevent a class from being extended or a method from being overridden in PHP? (final keyword) Apr 08, 2025 am 12:03 AM

In PHP, the final keyword is used to prevent classes from being inherited and methods being overwritten. 1) When marking the class as final, the class cannot be inherited. 2) When marking the method as final, the method cannot be rewritten by the subclass. Using final keywords ensures the stability and security of your code.

How to correctly display the locally installed 'Jingnan Mai Round Body' on the web page? Apr 05, 2025 pm 10:33 PM

Using locally installed font files in web pages Recently, I downloaded a free font from the internet and successfully installed it into my system. Now...

Why can custom style sheets take effect on local web pages in Safari but not on Baidu pages? Apr 05, 2025 pm 05:15 PM

Discussion on using custom stylesheets in Safari Today we will discuss a custom stylesheet application problem for Safari browser. Front-end novice...

Explain strict types (declare(strict_types=1);) in PHP. Apr 07, 2025 am 12:05 AM

Strict types in PHP are enabled by adding declare(strict_types=1); at the top of the file. 1) It forces type checking of function parameters and return values to prevent implicit type conversion. 2) Using strict types can improve the reliability and predictability of the code, reduce bugs, and improve maintainability and readability.

Why does negative margins not take effect in some cases? How to solve this problem? Apr 05, 2025 pm 10:18 PM

Why do negative margins not take effect in some cases? During programming, negative margins in CSS (negative...

How to use locally installed font files on web pages? Apr 05, 2025 pm 10:57 PM

How to use locally installed font files on web pages Have you encountered this situation in web page development: you have installed a font on your computer...

See all articles