doodigestauth php（后台）授权管理类 web浏览器授权，php网站后台webshell 1 'pwd1', 'uname2'=>'pwd2') 37 * @param string $fail_msg message to be displayed if the user cancel the login 38 * @param string $fail_url url to be redirect if the user cancel the login 39 * @return string the username if login success. 40 */ 41 public static function http_auth($realm, $users, $fail_msg=null, $fail_url=null){ 42 $realm = restricted area - $realm; 43 44 //user => password 45 //$users = array('admin' => '1234', 'guest' => 'guest'); 46 if(!empty($_server['redirect_http_authorization']) && strpos($_server['redirect_http_authorization'], 'digest')===0){ 47 $_server['php_auth_digest'] = $_server['redirect_http_authorization']; 48 } 49 50 if (empty($_server['php_auth_digest'])) { 51 header('www-authenticate: digest realm='.$realm. 52 ',qop=auth,nonce='.uniqid().',opaque='.md5($realm).''); 53 header('http/1.1 401 unauthorized'); 54 if($fail_msg!=null) 55 die($fail_msg); 56 if($fail_url!=null) 57 die(); 58 exit; 59 } 60 61 // analyze the php_auth_digest variable 62 if (!($data = self::http_digest_parse($_server['php_auth_digest'])) || !isset($users[$data['username']])){ 63 header('www-authenticate: digest realm='.$realm. 64 ',qop=auth,nonce='.uniqid().',opaque='.md5($realm).''); 65 header('http/1.1 401 unauthorized'); 66 if($fail_msg!=null) 67 die($fail_msg); 68 if($fail_url!=null) 69 die(); 70 exit; 71 } 72 73 // generate the valid response 74 $a1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); 75 $a2 = md5($_server['request_method'].':'.$data['uri']); 76 $valid_response = md5($a1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$a2); 77 78 if ($data['response'] != $valid_response){ 79 header('http/1.1 401 unauthorized'); 80 header('www-authenticate: digest realm='.$realm. 81 ',qop=auth,nonce='.uniqid().',opaque='.md5($realm).''); 82 if($fail_msg!=null) 83 die($fail_msg); 84 if($fail_url!=null) 85 die(); 86 exit; 87 } 88 89 // ok, valid username & password 90 return $data['username']; 91 } 92 93 /** 94 * method to parse the http auth header, works with ie. 95 * 96 * internet explorer returns a qop=xxxxxxxxxxx in the header instead of qop=xxxxxxxxxxx as most browsers do. 97 * 98 * @param string $txt header string to parse 99 * @return array an assoc array of the digest auth session100 */101 private static function http_digest_parse($txt)102 {103 $res = preg_match(/username=\([^\]+)\/i, $txt, $match);104 $data['username'] = (isset($match[1]))?$match[1]:null;105 $res = preg_match('/nonce=\([^\]+)\/i', $txt, $match);106 $data['nonce'] = $match[1];107 $res = preg_match('/nc=([0-9]+)/i', $txt, $match);108 $data['nc'] = $match[1];109 $res = preg_match('/cnonce=\([^\]+)\/i', $txt, $match);110 $data['cnonce'] = $match[1];111 $res = preg_match('/qop=([^,]+)/i', $txt, $match);112 $data['qop'] = str_replace('','',$match[1]);113 $res = preg_match('/uri=\([^\]+)\/i', $txt, $match);114 $data['uri'] = $match[1];115 $res = preg_match('/response=\([^\]+)\/i', $txt, $match);116 $data['response'] = $match[1];117 return $data;118 }119 120 121 }
调用方法:
1 require_once(dirname(__file__)./doodigestauth.php);2 doodigestauth::http_auth('example.com', array('admin'=>123456789));
phpweb授权登录可有效防止后台暴力破解
下载地址：http://files.cnblogs.com/files/func/doodigestauth.zip
http://www.bkjia.com/phpjc/1053806.htmlwww.bkjia.comtruehttp://www.bkjia.com/phpjc/1053806.htmltecharticledoodigestauth php（后台）授权管理类 web浏览器授权，php网站后台webshell 1 ? php 2 /* * 3 * doodigestauth class file. 4 * 5 * @author leng sheng hong darkredz@gmai...