社群
學習
工具庫
AI工具
休閒
搜尋
繁体中文
目錄
DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell
首頁 php教程 php手册 DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell

DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 13, 2016 am 08:54 AM
php web webshell 後台 授權 瀏覽器 管理 類別 網站

DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell

<span>  1</span> <?<span>php
</span><span>  2</span> <span>/*</span><span>*
</span><span>  3</span> <span> * DooDigestAuth class file.
</span><span>  4</span> <span> *
</span><span>  5</span> <span> * @author Leng Sheng Hong <darkredz@gmail.com>
</span><span>  6</span> <span> * @link http://www.doophp.com/
</span><span>  7</span> <span> * @copyright Copyright &copy; 2009 Leng Sheng Hong
</span><span>  8</span> <span> * @license http://www.doophp.com/license
</span><span>  9</span>  <span>*/</span>
<span> 10</span> 
<span> 11</span> <span>/*</span><span>*
</span><span> 12</span> <span> * Handles HTTP digest authentication
</span><span> 13</span> <span> *
</span><span> 14</span> <span> * <p>HTTP digest authentication can be used with the URI router.
</span><span> 15</span> <span> * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption.
</span><span> 16</span> <span> * If you are running PHP on Apache in CGI/FastCGI mode, you would need to
</span><span> 17</span> <span> * add the following line to your .htaccess for digest auth to work correctly.</p>
</span><span> 18</span> <span> * <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code>
</span><span> 19</span> <span> *
</span><span> 20</span> <span> * <p>This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.</p>
</span><span> 21</span> <span> *
</span><span> 22</span> <span> * @author Leng Sheng Hong <darkredz@gmail.com>
</span><span> 23</span> <span> * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22
</span><span> 24</span> <span> * @package doo.auth
</span><span> 25</span> <span> * @since 1.0
</span><span> 26</span>  <span>*/</span>
<span> 27</span> <span>class</span><span> DooDigestAuth{
</span><span> 28</span> 
<span> 29</span>     <span>/*</span><span>*
</span><span> 30</span> <span>     * Authenticate against a list of username and passwords.
</span><span> 31</span> <span>     *
</span><span> 32</span> <span>     * <p>HTTP Digest Authentication doesn't work with PHP in CGI mode,
</span><span> 33</span> <span>     * you have to add this into your .htaccess <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code></p>
</span><span> 34</span> <span>     *
</span><span> 35</span> <span>     * @param string $realm Name of the authentication session
</span><span> 36</span> <span>     * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2')
</span><span> 37</span> <span>     * @param string $fail_msg Message to be displayed if the User cancel the login
</span><span> 38</span> <span>     * @param string $fail_url URL to be redirect if the User cancel the login
</span><span> 39</span> <span>     * @return string The username if login success.
</span><span> 40</span>      <span>*/</span>
<span> 41</span>     <span>public</span> <span>static</span> <span>function</span> http_auth(<span>$realm</span>, <span>$users</span>, <span>$fail_msg</span>=<span>NULL</span>, <span>$fail_url</span>=<span>NULL</span><span>){
</span><span> 42</span>         <span>$realm</span> = "Restricted area - <span>$realm</span>"<span>;
</span><span> 43</span> 
<span> 44</span>         <span>//</span><span>user => password
</span><span> 45</span> <span>        //$users = array('admin' => '1234', 'guest' => 'guest');</span>
<span> 46</span>         <span>if</span>(!<span>empty</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION']) && <span>strpos</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0<span>){
</span><span> 47</span>             <span>$_SERVER</span>['PHP_AUTH_DIGEST'] = <span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'<span>];
</span><span> 48</span> <span>        }
</span><span> 49</span> 
<span> 50</span>         <span>if</span> (<span>empty</span>(<span>$_SERVER</span>['PHP_AUTH_DIGEST'<span>])) {
</span><span> 51</span>             <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 52</span>                    '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 53</span>             <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 54</span>             <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 55</span>                 <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 56</span>             <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 57</span>                 <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 58</span>             <span>exit</span><span>;
</span><span> 59</span> <span>        }
</span><span> 60</span> 
<span> 61</span>         <span>//</span><span> analyze the PHP_AUTH_DIGEST variable</span>
<span> 62</span>         <span>if</span> (!(<span>$data</span> = self::http_digest_parse(<span>$_SERVER</span>['PHP_AUTH_DIGEST'])) || !<span>isset</span>(<span>$users</span>[<span>$data</span>['username'<span>]])){
</span><span> 63</span>             <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 64</span>                    '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 65</span>             <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 66</span>             <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 67</span>                 <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 68</span>             <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 69</span>                 <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 70</span>             <span>exit</span><span>;
</span><span> 71</span> <span>        }
</span><span> 72</span> 
<span> 73</span>         <span>//</span><span> generate the valid response</span>
<span> 74</span>         <span>$A1</span> = <span>md5</span>(<span>$data</span>['username'] . ':' . <span>$realm</span> . ':' . <span>$users</span>[<span>$data</span>['username'<span>]]);
</span><span> 75</span>         <span>$A2</span> = <span>md5</span>(<span>$_SERVER</span>['REQUEST_METHOD'].':'.<span>$data</span>['uri'<span>]);
</span><span> 76</span>         <span>$valid_response</span> = <span>md5</span>(<span>$A1</span>.':'.<span>$data</span>['nonce'].':'.<span>$data</span>['nc'].':'.<span>$data</span>['cnonce'].':'.<span>$data</span>['qop'].':'.<span>$A2</span><span>);
</span><span> 77</span> 
<span> 78</span>         <span>if</span> (<span>$data</span>['response'] != <span>$valid_response</span><span>){
</span><span> 79</span>             <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 80</span>             <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 81</span>                    '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 82</span>             <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 83</span>                 <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 84</span>             <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 85</span>                 <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 86</span>             <span>exit</span><span>;
</span><span> 87</span> <span>        }
</span><span> 88</span> 
<span> 89</span>         <span>//</span><span> ok, valid username & password</span>
<span> 90</span>         <span>return</span> <span>$data</span>['username'<span>];
</span><span> 91</span> <span>    }
</span><span> 92</span> 
<span> 93</span>     <span>/*</span><span>*
</span><span> 94</span> <span>     * Method to parse the http auth header, works with IE.
</span><span> 95</span> <span>     *
</span><span> 96</span> <span>     * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do.
</span><span> 97</span> <span>     *
</span><span> 98</span> <span>     * @param string $txt header string to parse
</span><span> 99</span> <span>     * @return array An assoc array of the digest auth session
</span><span>100</span>      <span>*/</span>
<span>101</span>     <span>private</span> <span>static</span> <span>function</span> http_digest_parse(<span>$txt</span><span>)
</span><span>102</span> <span>    {
</span><span>103</span>         <span>$res</span> = <span>preg_match</span>("/username=\"([^\"]+)\"/i", <span>$txt</span>, <span>$match</span><span>);
</span><span>104</span>         <span>$data</span>['username'] = (<span>isset</span>(<span>$match</span>[1]))?<span>$match</span>[1]:<span>null</span><span>;
</span><span>105</span>         <span>$res</span> = <span>preg_match</span>('/nonce=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>106</span>         <span>$data</span>['nonce'] = <span>$match</span>[1<span>];
</span><span>107</span>         <span>$res</span> = <span>preg_match</span>('/nc=([0-9]+)/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>108</span>         <span>$data</span>['nc'] = <span>$match</span>[1<span>];
</span><span>109</span>         <span>$res</span> = <span>preg_match</span>('/cnonce=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>110</span>         <span>$data</span>['cnonce'] = <span>$match</span>[1<span>];
</span><span>111</span>         <span>$res</span> = <span>preg_match</span>('/qop=([^,]+)/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>112</span>         <span>$data</span>['qop'] = <span>str_replace</span>('"','',<span>$match</span>[1<span>]);
</span><span>113</span>         <span>$res</span> = <span>preg_match</span>('/uri=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>114</span>         <span>$data</span>['uri'] = <span>$match</span>[1<span>];
</span><span>115</span>         <span>$res</span> = <span>preg_match</span>('/response=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>116</span>         <span>$data</span>['response'] = <span>$match</span>[1<span>];
</span><span>117</span>         <span>return</span> <span>$data</span><span>;
</span><span>118</span> <span>    }
</span><span>119</span> 
<span>120</span> 
<span>121</span> }
登入後複製

调用方法:

<span>1</span> <span>require_once</span>(<span>dirname</span>(<span>__FILE__</span>)."/DooDigestAuth.php"<span>);
</span><span>2</span> DooDigestAuth::http_auth('example.com', <span>array</span>('admin'=>"123456789"));
登入後複製

phpweb授权登录可有效防止后台暴力破解

 下载地址:http://files.cnblogs.com/files/func/DooDigestAuth.zip

本網站聲明
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn

熱AI工具

Undresser.AI Undress

Undresser.AI Undress

人工智慧驅動的應用程序,用於創建逼真的裸體照片

AI Clothes Remover

AI Clothes Remover

用於從照片中去除衣服的線上人工智慧工具。

Undress AI Tool

Undress AI Tool

免費脫衣圖片

Clothoff.io

Clothoff.io

AI脫衣器

Video Face Swap

Video Face Swap

使用我們完全免費的人工智慧換臉工具,輕鬆在任何影片中換臉!

顯示更多

熱門文章

<🎜>:種植花園 - 完整的突變指南
4 週前 By DDD
<🎜>:泡泡膠模擬器無窮大 - 如何獲取和使用皇家鑰匙
1 個月前 By 尊渡假赌尊渡假赌尊渡假赌
北端:融合系統,解釋
1 個月前 By 尊渡假赌尊渡假赌尊渡假赌
Mandragora:巫婆樹的耳語 - 如何解鎖抓鉤
4 週前 By 尊渡假赌尊渡假赌尊渡假赌
克萊爾·默默德(Clair Obscur):Expedition 33 UE-Sandfall遊戲崩潰? 3種方法!
2 週前 By DDD
顯示更多

熱工具

記事本++7.3.1

記事本++7.3.1

好用且免費的程式碼編輯器

SublimeText3漢化版

SublimeText3漢化版

中文版,非常好用

禪工作室 13.0.1

禪工作室 13.0.1

強大的PHP整合開發環境

Dreamweaver CS6

Dreamweaver CS6

視覺化網頁開發工具

SublimeText3 Mac版

SublimeText3 Mac版

神級程式碼編輯軟體(SublimeText3)

顯示更多

熱門話題

Java教學
1677
14
CakePHP 教程
1431
52
Laravel 教程
1334
25
PHP教程
1280
29
C# 教程
1257
24
顯示更多
Related knowledge
安幣怎麼看自己賺了多少錢_​如何查看安幣平台上的交易收益 安幣怎麼看自己賺了多少錢_​如何查看安幣平台上的交易收益 May 14, 2025 pm 07:24 PM

安幣平台(Binance)是一個專注於去中心化基礎設施的區塊鏈項目,用戶可以通過參與 staking 和其他活動來賺取收益。本文將詳細介紹如何在安幣平台上查看自己的交易收益和總體賺取的金額。

什麼是 Sign Protocol (SIGN)?跨鏈驗證網絡入門指南 什麼是 Sign Protocol (SIGN)?跨鏈驗證網絡入門指南 May 14, 2025 pm 10:48 PM

區塊鏈技術持續改變著人們在線上交換價值、驗證信息和建立信任的方式。隨著去中心化應用在各行各業的蓬勃發展,跨多個區塊鏈確認聲明和身份的能力變得越來越重要,也越來越複雜。傳統的、依賴於中心化權威的信任模型往往不足以支撐去中心化的生態系統,因此對區塊鏈原生驗證解決方案的需求也日益增長。 SignProtocol(SIGN)通過提供一個用於跨多個區塊鍊網絡創建、驗證和管理證明的框架來應對這一挑戰。 SignProtocol旨在打造一個全鏈

幣圈免費看行情網站有哪些 免費觀看行情的網站大全 幣圈免費看行情網站有哪些 免費觀看行情的網站大全 May 14, 2025 pm 09:45 PM

幣圈免費看行情的網站包括幣安、歐易、Gate.io、火幣、CoinMarketCap、CoinGecko和TradingView。 1.訪問各網站,2.進入市場頁面,3.選擇加密貨幣,4.查看詳細行情數據和分析工具,這些網站都提供實時數據和多種加密貨幣的行情查看服務。

okx官網手機網頁版 okx官網入口地址 okx官網手機網頁版 okx官網入口地址 May 14, 2025 pm 08:06 PM

通過手機網頁版訪問OKX官網非常簡單,只需打開手機瀏覽器,輸入www.okx.com,等待頁面加載即可。登錄後,可進行交易、查看賬戶信息,確保使用強密碼和雙重認證以保障安全。

火幣交易所網頁版註冊入口 火幣交易所網頁版註冊入口 May 14, 2025 pm 07:12 PM

通過火幣交易所網頁版註冊的步驟如下:1.訪問www.huobi.com,點擊右上角“註冊”按鈕。 2.填寫電子郵件、設置密碼,選擇國家/地區,點擊“下一步”。 3.驗證電子郵件,點擊郵件中的鏈接。 4.輸入手機號碼,接收並輸入驗證碼,點擊“驗證”。 5.完成所有步驟後,即可成功註冊。

手裡有比特幣怎樣賣掉?火幣huobi交易所賣掉比特幣操作教程 手裡有比特幣怎樣賣掉?火幣huobi交易所賣掉比特幣操作教程 May 14, 2025 pm 07:33 PM

如果你手中持有比特幣,並且希望通過火幣Huobi交易所將其賣掉,本文將詳細介紹如何一步步完成這一過程。火幣Huobi是全球知名的加密貨幣交易平台,提供安全且便捷的交易環境。以下是詳細的操作教程,幫助你順利賣掉比特幣。

易歐交易所appv6.118.2安卓最新版下載最全教程 易歐交易所appv6.118.2安卓最新版下載最全教程 May 14, 2025 pm 05:36 PM

易歐交易所appv6.118.2安卓最新版可以通過谷歌Play商店或官方網站下載安裝。 1.打開谷歌Play商店,搜索“Huobi”或“易歐交易所”,選擇v6.118.2版本並安裝。 2.若無法訪問Play商店,可從官方網站下載APK文件並安裝,需啟用“未知來源”選項。 3.安裝後,打開app,同意協議,登錄或註冊賬戶即可使用。

安幣官網手機網頁版 安幣官網入口地址 安幣官網手機網頁版 安幣官網入口地址 May 14, 2025 pm 08:15 PM

安幣官網手機網頁版的入口地址是www.anc-coin.com。訪問步驟包括:1. 打開手機瀏覽器;2. 輸入www.anc-coin.com;3. 進入官網。該網頁版支持所有主流瀏覽器,提供賬戶管理、交易操作、資訊瀏覽和客服支持等功能,並採用SSL加密和雙重認證確保安全。

See all articles