DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell
DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell
<span> 1</span> <?<span>php </span><span> 2</span> <span>/*</span><span>* </span><span> 3</span> <span> * DooDigestAuth class file. </span><span> 4</span> <span> * </span><span> 5</span> <span> * @author Leng Sheng Hong <darkredz@gmail.com> </span><span> 6</span> <span> * @link http://www.doophp.com/ </span><span> 7</span> <span> * @copyright Copyright © 2009 Leng Sheng Hong </span><span> 8</span> <span> * @license http://www.doophp.com/license </span><span> 9</span> <span>*/</span> <span> 10</span> <span> 11</span> <span>/*</span><span>* </span><span> 12</span> <span> * Handles HTTP digest authentication </span><span> 13</span> <span> * </span><span> 14</span> <span> * <p>HTTP digest authentication can be used with the URI router. </span><span> 15</span> <span> * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption. </span><span> 16</span> <span> * If you are running PHP on Apache in CGI/FastCGI mode, you would need to </span><span> 17</span> <span> * add the following line to your .htaccess for digest auth to work correctly.</p> </span><span> 18</span> <span> * <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code> </span><span> 19</span> <span> * </span><span> 20</span> <span> * <p>This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.</p> </span><span> 21</span> <span> * </span><span> 22</span> <span> * @author Leng Sheng Hong <darkredz@gmail.com> </span><span> 23</span> <span> * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22 </span><span> 24</span> <span> * @package doo.auth </span><span> 25</span> <span> * @since 1.0 </span><span> 26</span> <span>*/</span> <span> 27</span> <span>class</span><span> DooDigestAuth{ </span><span> 28</span> <span> 29</span> <span>/*</span><span>* </span><span> 30</span> <span> * Authenticate against a list of username and passwords. </span><span> 31</span> <span> * </span><span> 32</span> <span> * <p>HTTP Digest Authentication doesn't work with PHP in CGI mode, </span><span> 33</span> <span> * you have to add this into your .htaccess <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code></p> </span><span> 34</span> <span> * </span><span> 35</span> <span> * @param string $realm Name of the authentication session </span><span> 36</span> <span> * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2') </span><span> 37</span> <span> * @param string $fail_msg Message to be displayed if the User cancel the login </span><span> 38</span> <span> * @param string $fail_url URL to be redirect if the User cancel the login </span><span> 39</span> <span> * @return string The username if login success. </span><span> 40</span> <span>*/</span> <span> 41</span> <span>public</span> <span>static</span> <span>function</span> http_auth(<span>$realm</span>, <span>$users</span>, <span>$fail_msg</span>=<span>NULL</span>, <span>$fail_url</span>=<span>NULL</span><span>){ </span><span> 42</span> <span>$realm</span> = "Restricted area - <span>$realm</span>"<span>; </span><span> 43</span> <span> 44</span> <span>//</span><span>user => password </span><span> 45</span> <span> //$users = array('admin' => '1234', 'guest' => 'guest');</span> <span> 46</span> <span>if</span>(!<span>empty</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION']) && <span>strpos</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0<span>){ </span><span> 47</span> <span>$_SERVER</span>['PHP_AUTH_DIGEST'] = <span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'<span>]; </span><span> 48</span> <span> } </span><span> 49</span> <span> 50</span> <span>if</span> (<span>empty</span>(<span>$_SERVER</span>['PHP_AUTH_DIGEST'<span>])) { </span><span> 51</span> <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>. <span> 52</span> '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>); </span><span> 53</span> <span>header</span>('HTTP/1.1 401 Unauthorized'<span>); </span><span> 54</span> <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>) </span><span> 55</span> <span>die</span>(<span>$fail_msg</span><span>); </span><span> 56</span> <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>) </span><span> 57</span> <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>); </span><span> 58</span> <span>exit</span><span>; </span><span> 59</span> <span> } </span><span> 60</span> <span> 61</span> <span>//</span><span> analyze the PHP_AUTH_DIGEST variable</span> <span> 62</span> <span>if</span> (!(<span>$data</span> = self::http_digest_parse(<span>$_SERVER</span>['PHP_AUTH_DIGEST'])) || !<span>isset</span>(<span>$users</span>[<span>$data</span>['username'<span>]])){ </span><span> 63</span> <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>. <span> 64</span> '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>); </span><span> 65</span> <span>header</span>('HTTP/1.1 401 Unauthorized'<span>); </span><span> 66</span> <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>) </span><span> 67</span> <span>die</span>(<span>$fail_msg</span><span>); </span><span> 68</span> <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>) </span><span> 69</span> <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>); </span><span> 70</span> <span>exit</span><span>; </span><span> 71</span> <span> } </span><span> 72</span> <span> 73</span> <span>//</span><span> generate the valid response</span> <span> 74</span> <span>$A1</span> = <span>md5</span>(<span>$data</span>['username'] . ':' . <span>$realm</span> . ':' . <span>$users</span>[<span>$data</span>['username'<span>]]); </span><span> 75</span> <span>$A2</span> = <span>md5</span>(<span>$_SERVER</span>['REQUEST_METHOD'].':'.<span>$data</span>['uri'<span>]); </span><span> 76</span> <span>$valid_response</span> = <span>md5</span>(<span>$A1</span>.':'.<span>$data</span>['nonce'].':'.<span>$data</span>['nc'].':'.<span>$data</span>['cnonce'].':'.<span>$data</span>['qop'].':'.<span>$A2</span><span>); </span><span> 77</span> <span> 78</span> <span>if</span> (<span>$data</span>['response'] != <span>$valid_response</span><span>){ </span><span> 79</span> <span>header</span>('HTTP/1.1 401 Unauthorized'<span>); </span><span> 80</span> <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>. <span> 81</span> '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>); </span><span> 82</span> <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>) </span><span> 83</span> <span>die</span>(<span>$fail_msg</span><span>); </span><span> 84</span> <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>) </span><span> 85</span> <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>); </span><span> 86</span> <span>exit</span><span>; </span><span> 87</span> <span> } </span><span> 88</span> <span> 89</span> <span>//</span><span> ok, valid username & password</span> <span> 90</span> <span>return</span> <span>$data</span>['username'<span>]; </span><span> 91</span> <span> } </span><span> 92</span> <span> 93</span> <span>/*</span><span>* </span><span> 94</span> <span> * Method to parse the http auth header, works with IE. </span><span> 95</span> <span> * </span><span> 96</span> <span> * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do. </span><span> 97</span> <span> * </span><span> 98</span> <span> * @param string $txt header string to parse </span><span> 99</span> <span> * @return array An assoc array of the digest auth session </span><span>100</span> <span>*/</span> <span>101</span> <span>private</span> <span>static</span> <span>function</span> http_digest_parse(<span>$txt</span><span>) </span><span>102</span> <span> { </span><span>103</span> <span>$res</span> = <span>preg_match</span>("/username=\"([^\"]+)\"/i", <span>$txt</span>, <span>$match</span><span>); </span><span>104</span> <span>$data</span>['username'] = (<span>isset</span>(<span>$match</span>[1]))?<span>$match</span>[1]:<span>null</span><span>; </span><span>105</span> <span>$res</span> = <span>preg_match</span>('/nonce=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>); </span><span>106</span> <span>$data</span>['nonce'] = <span>$match</span>[1<span>]; </span><span>107</span> <span>$res</span> = <span>preg_match</span>('/nc=([0-9]+)/i', <span>$txt</span>, <span>$match</span><span>); </span><span>108</span> <span>$data</span>['nc'] = <span>$match</span>[1<span>]; </span><span>109</span> <span>$res</span> = <span>preg_match</span>('/cnonce=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>); </span><span>110</span> <span>$data</span>['cnonce'] = <span>$match</span>[1<span>]; </span><span>111</span> <span>$res</span> = <span>preg_match</span>('/qop=([^,]+)/i', <span>$txt</span>, <span>$match</span><span>); </span><span>112</span> <span>$data</span>['qop'] = <span>str_replace</span>('"','',<span>$match</span>[1<span>]); </span><span>113</span> <span>$res</span> = <span>preg_match</span>('/uri=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>); </span><span>114</span> <span>$data</span>['uri'] = <span>$match</span>[1<span>]; </span><span>115</span> <span>$res</span> = <span>preg_match</span>('/response=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>); </span><span>116</span> <span>$data</span>['response'] = <span>$match</span>[1<span>]; </span><span>117</span> <span>return</span> <span>$data</span><span>; </span><span>118</span> <span> } </span><span>119</span> <span>120</span> <span>121</span> }
调用方法:
<span>1</span> <span>require_once</span>(<span>dirname</span>(<span>__FILE__</span>)."/DooDigestAuth.php"<span>); </span><span>2</span> DooDigestAuth::http_auth('example.com', <span>array</span>('admin'=>"123456789"));
phpweb授权登录可有效防止后台暴力破解
下载地址:http://files.cnblogs.com/files/func/DooDigestAuth.zip

热AI工具

Undresser.AI Undress
人工智能驱动的应用程序,用于创建逼真的裸体照片

AI Clothes Remover
用于从照片中去除衣服的在线人工智能工具。

Undress AI Tool
免费脱衣服图片

Clothoff.io
AI脱衣机

AI Hentai Generator
免费生成ai无尽的。

热门文章

热工具

记事本++7.3.1
好用且免费的代码编辑器

SublimeText3汉化版
中文版,非常好用

禅工作室 13.0.1
功能强大的PHP集成开发环境

Dreamweaver CS6
视觉化网页开发工具

SublimeText3 Mac版
神级代码编辑软件(SublimeText3)

热门话题

在PHP8 中,match表达式是一种新的控制结构,用于根据表达式的值返回不同的结果。1)它类似于switch语句,但返回值而非执行语句块。2)match表达式使用严格比较(===),提升了安全性。3)它避免了switch语句中可能的break遗漏问题,增强了代码的简洁性和可读性。

在PHP中可以通过使用不可预测的令牌来有效防范CSRF攻击。具体方法包括:1.生成并在表单中嵌入CSRF令牌;2.在处理请求时验证令牌的有效性。

PHP中的严格类型通过在文件顶部添加declare(strict_types=1);来启用。1)它强制对函数参数和返回值进行类型检查,防止隐式类型转换。2)使用严格类型可以提高代码的可靠性和可预测性,减少bug,提升可维护性和可读性。

在网页中使用本地安装的字体文件最近,我从网上下载了一种免费字体,并成功将其安装到了我的系统中。现在...

在PHP中,final关键字用于防止类被继承和方法被重写。1)标记类为final时,该类不能被继承。2)标记方法为final时,该方法不能被子类重写。使用final关键字可以确保代码的稳定性和安全性。

Composer是PHP的依赖管理工具。使用Composer的核心步骤包括:1)在composer.json中声明依赖,如"stripe/stripe-php":"^7.0";2)运行composerinstall下载并配置依赖;3)通过composer.lock和autoload.php管理版本和自动加载。Composer简化了依赖管理,提升了项目效率和可维护性。

如何使用JavaScript或CSS控制浏览器打印设置中的页首和页尾在浏览器的打印设置中,有一个选项可以控制是否显�...
