DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell
php
web
webshell
后台
授权
浏览器
管理
类
网站
DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell
<span> 1</span> <?<span>php
</span><span> 2</span> <span>/*</span><span>*
</span><span> 3</span> <span> * DooDigestAuth class file.
</span><span> 4</span> <span> *
</span><span> 5</span> <span> * @author Leng Sheng Hong <darkredz@gmail.com>
</span><span> 6</span> <span> * @link http://www.doophp.com/
</span><span> 7</span> <span> * @copyright Copyright © 2009 Leng Sheng Hong
</span><span> 8</span> <span> * @license http://www.doophp.com/license
</span><span> 9</span> <span>*/</span>
<span> 10</span>
<span> 11</span> <span>/*</span><span>*
</span><span> 12</span> <span> * Handles HTTP digest authentication
</span><span> 13</span> <span> *
</span><span> 14</span> <span> * <p>HTTP digest authentication can be used with the URI router.
</span><span> 15</span> <span> * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption.
</span><span> 16</span> <span> * If you are running PHP on Apache in CGI/FastCGI mode, you would need to
</span><span> 17</span> <span> * add the following line to your .htaccess for digest auth to work correctly.</p>
</span><span> 18</span> <span> * <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code>
</span><span> 19</span> <span> *
</span><span> 20</span> <span> * <p>This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.</p>
</span><span> 21</span> <span> *
</span><span> 22</span> <span> * @author Leng Sheng Hong <darkredz@gmail.com>
</span><span> 23</span> <span> * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22
</span><span> 24</span> <span> * @package doo.auth
</span><span> 25</span> <span> * @since 1.0
</span><span> 26</span> <span>*/</span>
<span> 27</span> <span>class</span><span> DooDigestAuth{
</span><span> 28</span>
<span> 29</span> <span>/*</span><span>*
</span><span> 30</span> <span> * Authenticate against a list of username and passwords.
</span><span> 31</span> <span> *
</span><span> 32</span> <span> * <p>HTTP Digest Authentication doesn't work with PHP in CGI mode,
</span><span> 33</span> <span> * you have to add this into your .htaccess <code>RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]</code></p>
</span><span> 34</span> <span> *
</span><span> 35</span> <span> * @param string $realm Name of the authentication session
</span><span> 36</span> <span> * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2')
</span><span> 37</span> <span> * @param string $fail_msg Message to be displayed if the User cancel the login
</span><span> 38</span> <span> * @param string $fail_url URL to be redirect if the User cancel the login
</span><span> 39</span> <span> * @return string The username if login success.
</span><span> 40</span> <span>*/</span>
<span> 41</span> <span>public</span> <span>static</span> <span>function</span> http_auth(<span>$realm</span>, <span>$users</span>, <span>$fail_msg</span>=<span>NULL</span>, <span>$fail_url</span>=<span>NULL</span><span>){
</span><span> 42</span> <span>$realm</span> = "Restricted area - <span>$realm</span>"<span>;
</span><span> 43</span>
<span> 44</span> <span>//</span><span>user => password
</span><span> 45</span> <span> //$users = array('admin' => '1234', 'guest' => 'guest');</span>
<span> 46</span> <span>if</span>(!<span>empty</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION']) && <span>strpos</span>(<span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0<span>){
</span><span> 47</span> <span>$_SERVER</span>['PHP_AUTH_DIGEST'] = <span>$_SERVER</span>['REDIRECT_HTTP_AUTHORIZATION'<span>];
</span><span> 48</span> <span> }
</span><span> 49</span>
<span> 50</span> <span>if</span> (<span>empty</span>(<span>$_SERVER</span>['PHP_AUTH_DIGEST'<span>])) {
</span><span> 51</span> <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 52</span> '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 53</span> <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 54</span> <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 55</span> <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 56</span> <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 57</span> <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 58</span> <span>exit</span><span>;
</span><span> 59</span> <span> }
</span><span> 60</span>
<span> 61</span> <span>//</span><span> analyze the PHP_AUTH_DIGEST variable</span>
<span> 62</span> <span>if</span> (!(<span>$data</span> = self::http_digest_parse(<span>$_SERVER</span>['PHP_AUTH_DIGEST'])) || !<span>isset</span>(<span>$users</span>[<span>$data</span>['username'<span>]])){
</span><span> 63</span> <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 64</span> '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 65</span> <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 66</span> <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 67</span> <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 68</span> <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 69</span> <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 70</span> <span>exit</span><span>;
</span><span> 71</span> <span> }
</span><span> 72</span>
<span> 73</span> <span>//</span><span> generate the valid response</span>
<span> 74</span> <span>$A1</span> = <span>md5</span>(<span>$data</span>['username'] . ':' . <span>$realm</span> . ':' . <span>$users</span>[<span>$data</span>['username'<span>]]);
</span><span> 75</span> <span>$A2</span> = <span>md5</span>(<span>$_SERVER</span>['REQUEST_METHOD'].':'.<span>$data</span>['uri'<span>]);
</span><span> 76</span> <span>$valid_response</span> = <span>md5</span>(<span>$A1</span>.':'.<span>$data</span>['nonce'].':'.<span>$data</span>['nc'].':'.<span>$data</span>['cnonce'].':'.<span>$data</span>['qop'].':'.<span>$A2</span><span>);
</span><span> 77</span>
<span> 78</span> <span>if</span> (<span>$data</span>['response'] != <span>$valid_response</span><span>){
</span><span> 79</span> <span>header</span>('HTTP/1.1 401 Unauthorized'<span>);
</span><span> 80</span> <span>header</span>('WWW-Authenticate: Digest realm="'.<span>$realm</span>.
<span> 81</span> '",qop="auth",nonce="'.<span>uniqid</span>().'",opaque="'.<span>md5</span>(<span>$realm</span>).'"'<span>);
</span><span> 82</span> <span>if</span>(<span>$fail_msg</span>!=<span>NULL</span><span>)
</span><span> 83</span> <span>die</span>(<span>$fail_msg</span><span>);
</span><span> 84</span> <span>if</span>(<span>$fail_url</span>!=<span>NULL</span><span>)
</span><span> 85</span> <span>die</span>("<script>window.location.href = '<span>$fail_url</span>'</script>"<span>);
</span><span> 86</span> <span>exit</span><span>;
</span><span> 87</span> <span> }
</span><span> 88</span>
<span> 89</span> <span>//</span><span> ok, valid username & password</span>
<span> 90</span> <span>return</span> <span>$data</span>['username'<span>];
</span><span> 91</span> <span> }
</span><span> 92</span>
<span> 93</span> <span>/*</span><span>*
</span><span> 94</span> <span> * Method to parse the http auth header, works with IE.
</span><span> 95</span> <span> *
</span><span> 96</span> <span> * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do.
</span><span> 97</span> <span> *
</span><span> 98</span> <span> * @param string $txt header string to parse
</span><span> 99</span> <span> * @return array An assoc array of the digest auth session
</span><span>100</span> <span>*/</span>
<span>101</span> <span>private</span> <span>static</span> <span>function</span> http_digest_parse(<span>$txt</span><span>)
</span><span>102</span> <span> {
</span><span>103</span> <span>$res</span> = <span>preg_match</span>("/username=\"([^\"]+)\"/i", <span>$txt</span>, <span>$match</span><span>);
</span><span>104</span> <span>$data</span>['username'] = (<span>isset</span>(<span>$match</span>[1]))?<span>$match</span>[1]:<span>null</span><span>;
</span><span>105</span> <span>$res</span> = <span>preg_match</span>('/nonce=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>106</span> <span>$data</span>['nonce'] = <span>$match</span>[1<span>];
</span><span>107</span> <span>$res</span> = <span>preg_match</span>('/nc=([0-9]+)/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>108</span> <span>$data</span>['nc'] = <span>$match</span>[1<span>];
</span><span>109</span> <span>$res</span> = <span>preg_match</span>('/cnonce=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>110</span> <span>$data</span>['cnonce'] = <span>$match</span>[1<span>];
</span><span>111</span> <span>$res</span> = <span>preg_match</span>('/qop=([^,]+)/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>112</span> <span>$data</span>['qop'] = <span>str_replace</span>('"','',<span>$match</span>[1<span>]);
</span><span>113</span> <span>$res</span> = <span>preg_match</span>('/uri=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>114</span> <span>$data</span>['uri'] = <span>$match</span>[1<span>];
</span><span>115</span> <span>$res</span> = <span>preg_match</span>('/response=\"([^\"]+)\"/i', <span>$txt</span>, <span>$match</span><span>);
</span><span>116</span> <span>$data</span>['response'] = <span>$match</span>[1<span>];
</span><span>117</span> <span>return</span> <span>$data</span><span>;
</span><span>118</span> <span> }
</span><span>119</span>
<span>120</span>
<span>121</span> }登录后复制
调用方法:
<span>1</span> <span>require_once</span>(<span>dirname</span>(<span>__FILE__</span>)."/DooDigestAuth.php"<span>);
</span><span>2</span> DooDigestAuth::http_auth('example.com', <span>array</span>('admin'=>"123456789"));登录后复制
phpweb授权登录可有效防止后台暴力破解
下载地址:http://files.cnblogs.com/files/func/DooDigestAuth.zip
本站声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
热AI工具
Undresser.AI Undress
人工智能驱动的应用程序,用于创建逼真的裸体照片
AI Clothes Remover
用于从照片中去除衣服的在线人工智能工具。
Undress AI Tool
免费脱衣服图片
Clothoff.io
AI脱衣机
AI Hentai Generator
免费生成ai无尽的。
热门文章
R.E.P.O.能量晶体解释及其做什么(黄色晶体)
2 周前
By 尊渡假赌尊渡假赌尊渡假赌
仓库:如何复兴队友
4 周前
By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island冒险:如何获得巨型种子
4 周前
By 尊渡假赌尊渡假赌尊渡假赌
击败分裂小说需要多长时间?
3 周前
By DDD
R.E.P.O.保存文件位置:在哪里以及如何保护它?
3 周前
By DDD
热工具
记事本++7.3.1
好用且免费的代码编辑器
SublimeText3汉化版
中文版,非常好用
禅工作室 13.0.1
功能强大的PHP集成开发环境
Dreamweaver CS6
视觉化网页开发工具
SublimeText3 Mac版
神级代码编辑软件(SublimeText3)
Coinbase交易所登录入口2025
Mar 21, 2025 pm 05:51 PM
Coinbase安全登录指南:如何避免钓鱼网站和诈骗? 网络钓鱼和诈骗日益猖獗,安全访问Coinbase官方登录入口至关重要。本文提供实用指南,帮助用户安全地找到并使用Coinbase最新官方登录入口,保护数字资产安全。我们将介绍如何识别钓鱼网站,以及如何通过官方网站、移动应用或可信第三方平台安全登录,并提供加强账户安全的建议,例如使用强密码和启用双重验证。 避免因错误登录导致资产损失,请务必仔细阅读本文!
欧易官方网站最新注册入口
Mar 21, 2025 pm 05:54 PM
欧易OKX作为全球领先的数字资产交易平台,以其丰富的交易产品、强大的安全保障和便捷的用户体验吸引众多投资者。然而,网络安全风险日益严峻,如何安全注册欧易OKX官方账户至关重要。本文将提供欧易OKX官方网站最新注册入口,并详细讲解安全注册的步骤和注意事项,包括如何识别官方网站、设置强密码、开启双重验证等,帮助您安全便捷地开启数字资产投资之旅。请注意,数字资产投资存在风险,请谨慎决策。
欧易交易所app国内下载教程
Mar 21, 2025 pm 05:42 PM
本文提供国内安全下载欧易OKX App的详细指南。由于国内应用商店限制,建议用户通过欧易OKX官方网站下载App,或使用官网提供的二维码扫描下载。下载过程中,务必核实官网地址,检查应用权限,安装后进行安全扫描,并启用双重验证。 使用过程中,请遵守当地法律法规,使用安全网络环境,保护账户安全,警惕诈骗,理性投资。 本文仅供参考,不构成投资建议,数字资产交易风险自负。
币安交易所app国内下载教程
Mar 21, 2025 pm 05:45 PM
本文提供安全可靠的币安交易所App下载指南,帮助用户解决在国内下载币安App的难题。由于国内应用商店限制,文章推荐优先从币安官网下载APK安装包,并详细介绍了官网下载、第三方应用商店下载以及朋友分享等三种方法,同时强调了下载过程中的安全注意事项,例如验证官网地址、检查应用权限、使用安全软件扫描等。此外,文章还提醒用户了解当地法律法规,注意网络安全,保护个人信息,谨防诈骗,理性投资,安全交易。 文章最后再次强调,下载和使用币安App需遵守当地法律法规,风险自负,不构成任何投资建议。
登录BitMEX交易所最新官方网站入口
Mar 21, 2025 pm 06:06 PM
本文提供安全可靠的指南,帮助用户访问BitMEX交易所的最新官方网站,并提升交易安全。由于监管和网络安全威胁,识别BitMEX官方网站至关重要,避免钓鱼网站窃取账户信息和资金。文章介绍了通过可信加密货币平台、官方社交媒体、新闻媒体以及订阅官方邮件等方法查找官方网站入口,并强调了核对域名、使用HTTPS连接、检查安全证书等安全提示,以及启用双重验证、定期更改密码的重要性。 记住,加密货币交易高风险,请谨慎投资。
Coinbase交易所网页版登录入口
Mar 21, 2025 pm 05:48 PM
Coinbase交易所网页版因其便捷性广受欢迎,但安全访问至关重要。本文旨在指导用户安全登录Coinbase官方网页版,避免钓鱼网站和黑客攻击。 我们将详解如何通过搜索引擎、可信第三方平台及官方社交媒体验证官方入口,并强调检查地址栏安全锁、启用双重验证、避免公共Wi-Fi、定期更改密码及警惕钓鱼邮件等安全措施,保障您的数字资产安全。 正确访问Coinbase官方网站是保护您的数字货币的第一步,本文将助您安全开启数字货币交易之旅。
BitMEX交易所最新官方网站入口
Mar 21, 2025 pm 06:03 PM
BitMEX作为老牌加密货币衍生品交易平台,其官方网站入口的准确性至关重要。由于钓鱼网站猖獗,误入假冒网站可能导致账户被盗和资金损失。本文旨在指导用户安全访问BitMEX官方网站,提供通过可信加密货币信息平台(如CoinMarketCap、CoinGecko)、官方社交媒体、验证现有地址及官方支持渠道等多种方法,并强调启用双重验证、定期更改密码及使用安全软件等安全措施,帮助用户有效规避风险,保障账户安全。
币安在国内怎么下载
Mar 21, 2025 pm 05:33 PM
本文提供国内安全下载币安App的指南,由于国内应用商店限制,直接下载较为困难。推荐通过币安官方网站下载APK安装包或扫描官网二维码下载App,务必仔细核对官方域名,检查应用权限,安装后进行安全扫描,并启用双重验证(2FA)。 下载及使用前请务必了解并遵守当地法律法规,数字资产交易风险较高,请谨慎操作。本文仅供参考,不构成投资建议,所有风险由用户自行承担。 关键词:币安, Binance, 下载, App, 国内, 安全, 教程, 数字货币, 加密货币
