DooDigestAuth php（后台）授权管理类 web浏览器授权

  1 php
  2/**
  3 * DooDigestAuth class file.
  4 *
  5 * @author Leng Sheng Hong   6 * @link http://www.doophp.com/
  7 * @copyright Copyright © 2009 Leng Sheng Hong
  8 * @license http://www.doophp.com/license
  9*/ 10 11/**
 12 * Handles HTTP digest authentication
 13 *
 14 * 
HTTP digest authentication can be used with the URI router.
 15 * HTTP digest is much more recommended over the use of HTTP Basic auth which doesn't provide any encryption.
 16 * If you are running PHP on Apache in CGI/FastCGI mode, you would need to
 17 * add the following line to your .htaccess for digest auth to work correctly.
 18 * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
 19 *
 20 * 
This class is tested under Apache 2.2 and Cherokee web server. It should work in both mod_php and cgi mode.
 21 *
 22 * @author Leng Sheng Hong  23 * @version $Id: DooDigestAuth.php 1000 2009-07-7 18:27:22
 24 * @package doo.auth
 25 * @since 1.0
 26*/ 27class DooDigestAuth{
 28 29/**
 30     * Authenticate against a list of username and passwords.
 31     *
 32     * 
HTTP Digest Authentication doesn't work with PHP in CGI mode,
 33     * you have to add this into your .htaccess RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
 34     *
 35     * @param string $realm Name of the authentication session
 36     * @param array $users An assoc array of username and password: array('uname1'=>'pwd1', 'uname2'=>'pwd2')
 37     * @param string $fail_msg Message to be displayed if the User cancel the login
 38     * @param string $fail_url URL to be redirect if the User cancel the login
 39     * @return string The username if login success.
 40*/ 41publicstaticfunction http_auth($realm, $users, $fail_msg=NULL, $fail_url=NULL){
 42$realm = "Restricted area - $realm";
 43 44//user => password
 45        //$users = array('admin' => '1234', 'guest' => 'guest'); 46if(!empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 'Digest')===0){
 47$_SERVER['PHP_AUTH_DIGEST'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
 48        }
 49 50if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
 51header('WWW-Authenticate: Digest realm="'.$realm.
 52                    '",qop="auth",n>uniqid().'",opaque="'.md5($realm).'"');
 53header('HTTP/1.1 401 Unauthorized');
 54if($fail_msg!=NULL)
 55die($fail_msg);
 56if($fail_url!=NULL)
 57die("");
 58exit;
 59        }
 60 61// analyze the PHP_AUTH_DIGEST variable 62if (!($data = self::http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']])){
 63header('WWW-Authenticate: Digest realm="'.$realm.
 64                    '",qop="auth",n>uniqid().'",opaque="'.md5($realm).'"');
 65header('HTTP/1.1 401 Unauthorized');
 66if($fail_msg!=NULL)
 67die($fail_msg);
 68if($fail_url!=NULL)
 69die("");
 70exit;
 71        }
 72 73// generate the valid response 74$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
 75$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
 76$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
 77 78if ($data['response'] != $valid_response){
 79header('HTTP/1.1 401 Unauthorized');
 80header('WWW-Authenticate: Digest realm="'.$realm.
 81                    '",qop="auth",n>uniqid().'",opaque="'.md5($realm).'"');
 82if($fail_msg!=NULL)
 83die($fail_msg);
 84if($fail_url!=NULL)
 85die("");
 86exit;
 87        }
 88 89// ok, valid username & password 90return$data['username'];
 91    }
 92 93/**
 94     * Method to parse the http auth header, works with IE.
 95     *
 96     * Internet Explorer returns a qop="xxxxxxxxxxx" in the header instead of qop=xxxxxxxxxxx as most browsers do.
 97     *
 98     * @param string $txt header string to parse
 99     * @return array An assoc array of the digest auth session
100*/101privatestaticfunction http_digest_parse($txt)
102    {
103$res = preg_match("/username=\"([^\"]+)\"/i", $txt, $match);
104$data['username'] = (isset($match[1]))?$match[1]:null;
105$res = preg_match('/n/i', $txt, $match);
106$data['nonce'] = $match[1];
107$res = preg_match('/nc=([0-9]+)/i', $txt, $match);
108$data['nc'] = $match[1];
109$res = preg_match('/cn/i', $txt, $match);
110$data['cnonce'] = $match[1];
111$res = preg_match('/qop=([^,]+)/i', $txt, $match);
112$data['qop'] = str_replace('"','',$match[1]);
113$res = preg_match('/uri=\"([^\"]+)\"/i', $txt, $match);
114$data['uri'] = $match[1];
115$res = preg_match('/resp/i', $txt, $match);
116$data['response'] = $match[1];
117return$data;
118    }
119120121 }

调用方法:

1require_once(dirname(__FILE__)."/DooDigestAuth.php");
2 DooDigestAuth::http_auth('example.com', array('admin'=>"123456789"));

phpweb授权登录可有效防止后台暴力破解

下载地址：http://files.cnblogs.com/files/func/DooDigestAuth.zip

以上就介绍了DooDigestAuth php（后台）授权管理类 web浏览器授权，包括了方面的内容，希望对PHP教程有兴趣的朋友有所帮助。