Autentizace a autorizace
Níže je uveden pouze náhled materiálu. Kliknutím na tlačítko 'Stáhnout soubor' stáhnete kompletní formátovaný materiál ve formátu PDF.
HTTP/1.1 401 Authorization RequiredDate: Thu, 18 Nov 2010 16:27:26 GMT
Server: Apache
WWW-Authenticate: Digest realm="Chranena stranka",
nonce="AASVVkPwbis=2db5658674ffdc0fe6385a637e1d808468ab1ed5",
algorithm=MD5, domain="/digest", qop="auth„Vary: accept-language,accept-charset
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-2
Content-Language: cs
GET /~xklima/authentication/digest/ HTTP/1.1Host: webdev.felk.cvut.cz
User-Agent: xxxxx
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.
Accept-Language: cs,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1250,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Authorization: Digest username="xklima", realm="Chranena stranka",
nonce="AASVVmIJQCU=93f053f1b8ba48b588e20fa900c7f744593f7f63",
uri="/~xklima/authentication/digest/", algorithm=MD5,
response="8d7e8c6cdc5b13a2fd8ab54b69f3a3d3", qop=auth, nc=00000002,
cnonce="4ea1b72006c203cb„Cache-Control: max-age=0
HTTP/1.1 200 OKDate: Thu, 18 Nov 2010 16:35:58 GMT
Server: Apache
Authentication-Info: rspauth="14b6dc1a21042babbdbaf3113b6bd8c0",
cnonce="4ea1b72006c203cb", nc=00000002, qop=authX-Powered-By: PHP/5.2.9
Content-Length: 60
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Ahoj, podarilo se pristoupit na stranku s digest autorizaci.
Digest v PHP
Digest v PH
$realm = 'Restricted area';
//user => password
$users = array('xklima' => 'martin', 'guest' => 'guest');
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
die('Text to send if user hits Cancel button');
}
// analyze the PHP_AUTH_DIGEST variable
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
!isset($users[$data['username']]))
!isset($users[$data['username']])
die('Wrong Credentials!');
// generate the valid response
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);