<?php
//unset($_SERVER['PHP_AUTH_DIGEST']);
$username = 'xingdong'; //用户名
$userpass = '123456'; //面膜
$secret = 'xingdong365'; //秘钥
$realm = '401test';
$opaque = md5($secret.$_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
if (!isset($_SERVER['PHP_AUTH_DIGEST']) || empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
die;
}
$needed_parts = array(
'nonce' =>1,
'nc' => 1,
'cnonce' => 1,
'qop' =>1,
'username' =>1,
'uri' =>1,
'response' =>1
);
$data = array();
$keys = implode('|', array_keys($needed_parts));
preg_match_all('/('.$keys.')=(?:([\'"])([^\2]+?)\2|([^\s,]+))/', $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
//检测用户名
if ($data['username'] != $username){
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
die('Invalid username.');
}
$password = md5($username.':'.$realm.':'.$userpass);
$response = md5($password.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']));
if ($data['response'] != $response) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
die('Invalid password.');
}
echo "success";
action
本站未注明转载的文章均为原创,并采用
CC BY-NC-SA 4.0授权协议,
转载请注明来源,谢谢!如本站内容对你有所帮助的话,欢迎订阅关注
邢栋博客,唠嗑(分享)每日的折腾经历。
已有 0 条评论