Detailed explanation of how to implement digest authentication in php applications_PHP Tutorial

As with Basic Authentication, you can also use PHP pages to process HTTP request header fields to match Digest Authentication information. For example, the following code uses the header() function to require the client to use Digest authentication. It adds a WWW-Authenticate field to the HTTP message header:
header('WWW-Authenticate:Digest Realm=" MyRealm",nonce="47alf7cf25ce7",algorithm=MD5,qop="auth"');
-------------------------- -------------------------------------------------- ----------
The code below describes a web page that uses digest authentication (first cancel the Apache authentication configuration).

Copy code The code is as follows:

$realm="MyRealm";
/ /If there is no authentication information, send a header asking the browser to use Digest Realm
if(!isset($_SERVER['PHP_AUTH_DIGEST'])){
header("WWW-Authenticate:Digest Realm=/" $realm/",nonce=/"".uniqid()."/",algorithm=MD5,qop=/"auth/"");
header("HTTP/1.0 401 Unauthorization Required");
echo "Wrong account/password!";
exit;
}else{
//Use function http_digest_parse to parse verification information
$data=http_digest_parse($_SERVER["PHP_AUTH_DIGEST"]);
if(!$data){
header("HTTP/1.0 401 Unauthorization Required");
echo "Wrong account/password!";
exit;
}else{
//According to the HTTP protocol, construct a response value yourself
$A1=md5('admin:'.$realm.':password');
$A2=md5($_SERVER['REQUEST_METHOD'].' :'.$data['uri']);
$valid_response=
md5($A1.':'.$data['nonce'].':'.$data['nc']. ':'.$data['cnonce'].':'.$data['qop'].':'.$A2);}
//Construct and send the response value you constructed to the browser Compare the response values ​​​​that come over. If they are the same, it proves that the user name and password input are correct
if($data['response']==$valid_response){
echo "Verification passed!";
} else{
header("HTTP/1.0 401 Unauthorization Required");
echo("Wrong account/password! ");
exit;
}
}
function http_digest_parse($digest_str){
$needed_parts=array('nonce'=>1,'nc'=>1, 'cnonce'=>1,'qop'=>1,'username'=>1,'uri'=>1,'response'=>1);
//Use regular expressions Parse the content of the Authorization header
preg_match_all('@(/w+)=([/'"]?)([a-zA-Z0-9=.//_-]+)/2@',$digest_str ,$result,PREG_SET_ORDER);
//Fill the $data array with the result and return
$data=array();
foreach($result as $m){
$data[$ m[1]]=$m[3];
unset($needed_parts[$m[1]]);
}
return $needed_parts?false:$data;
}
?>

http://www.bkjia.com/PHPjc/327488.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/327488.htmlTechArticleLike basic authentication, you can also use PHP web pages to process HTTP request header fields to match digest authentication information. For example, the code below uses the header() function to require the client to use...