欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  php教程

DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell

程序员文章站 2024-01-21 08:00:52
...

DooDigestAuth php(后台)授权管理类 web浏览器授权,php网站后台webshell

  1 php
  2 /**
  3  * DooDigestAuth class file.
  4  *
  5  * @author Leng Sheng Hong   6  * @link http://www.doophp.com/
  7  * @copyright Copyright © 2009 Leng Sheng Hong
  8  * @license http://www.doophp.com/license
  9  */
 10 
 11 /**
 12  * Handles HTTP digest authentication
 13  *
 14  * 

HTTP digest authentication can be used with the URI router.

15 * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption. 16 * If you are running PHP on Apache in CGI/FastCGI mode, you would need to 17 * add the following line to your .htaccess for digest auth to work correctly. 18 * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] 19 * 20 *

This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.

21 * 22 * @author Leng Sheng Hong 23 * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22 24 * @package doo.auth 25 * @since 1.0 26 */ 27 class DooDigestAuth{ 28 29 /** 30 * Authenticate against a list of username and passwords. 31 * 32 *

HTTP Digest Authentication doesn't work with PHP in CGI mode,

33 * you have to add this into your .htaccess RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] 34 * 35 * @param string $realm Name of the authentication session 36 * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2') 37 * @param string $fail_msg Message to be displayed if the User cancel the login 38 * @param string $fail_url URL to be redirect if the User cancel the login 39 * @return string The username if login success. 40 */ 41 public static function http_auth($realm, $users, $fail_msg=NULL, $fail_url=NULL){ 42 $realm = "Restricted area - $realm"; 43 44 //user => password 45 //$users = array('admin' => '1234', 'guest' => 'guest'); 46 if(!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0){ 47 $_SERVER['PHP_AUTH_DIGEST'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; 48 } 49 50 if (empty($_SERVER['PHP_AUTH_DIGEST'])) { 51 header('WWW-Authenticate: Digest realm="'.$realm. 52 '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); 53 header('HTTP/1.1 401 Unauthorized'); 54 if($fail_msg!=NULL) 55 die($fail_msg); 56 if($fail_url!=NULL) 57 die("