DooDigestAuth php（后台）授权管理类 web浏览器授权，php网站后台webshell

DooDigestAuth php（后台）授权管理类 web浏览器授权，php网站后台webshell

  1 php
  2 /**
  3  * DooDigestAuth class file.
  4  *
  5  * @author Leng Sheng Hong   6  * @link http://www.doophp.com/
  7  * @copyright Copyright © 2009 Leng Sheng Hong
  8  * @license http://www.doophp.com/license
  9  */
 10 
 11 /**
 12  * Handles HTTP digest authentication
 13  *
 14  * 
HTTP digest authentication can be used with the URI router.
 15  * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption.
 16  * If you are running PHP on Apache in CGI/FastCGI mode, you would need to
 17  * add the following line to your .htaccess for digest auth to work correctly.
 18  * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
 19  *
 20  * 
This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.
 21  *
 22  * @author Leng Sheng Hong  23  * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22
 24  * @package doo.auth
 25  * @since 1.0
 26  */
 27 class DooDigestAuth{
 28 
 29     /**
 30      * Authenticate against a list of username and passwords.
 31      *
 32      * 
HTTP Digest Authentication doesn't work with PHP in CGI mode,
 33      * you have to add this into your .htaccess RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
 34      *
 35      * @param string $realm Name of the authentication session
 36      * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2')
 37      * @param string $fail_msg Message to be displayed if the User cancel the login
 38      * @param string $fail_url URL to be redirect if the User cancel the login
 39      * @return string The username if login success.
 40      */
 41     public static function http_auth($realm, $users, $fail_msg=NULL, $fail_url=NULL){
 42         $realm = "Restricted area - $realm";
 43 
 44         //user => password
 45         //$users = array('admin' => '1234', 'guest' => 'guest');
 46         if(!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0){
 47             $_SERVER['PHP_AUTH_DIGEST'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
 48         }
 49 
 50         if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
 51             header('WWW-Authenticate: Digest realm="'.$realm.
 52                    '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
 53             header('HTTP/1.1 401 Unauthorized');
 54             if($fail_msg!=NULL)
 55                 die($fail_msg);
 56             if($fail_url!=NULL)
 57                 die("