Hi Everyone,
This is my first time on your website and please excuse if I am asking silly question.
I have a question about PHP HTTP DIGEST AUTHENTICATION - published in PHP Manual - php.net
Their explanation is bit limited and I was unable to find anything about it on the web - People have written that
it's beyond the knowledge of the language and just paste the code and use it. But I have still done some study on the regular expression used and managed to understand it but please help me in understanding it completely.
The code which I need to be explained is in Blue color.
I will thank u in advance
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
<?php
$realm = 'Restricted area';
//user => password
$users = array('admin' => 'mypass', 'guest' => 'guest');
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
die('Text to send if user hits Cancel button');
}
// analyze the PHP_AUTH_DIGEST variable
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
!isset($users[$data['username']]))
die('Wrong Credentials!');
// generate the valid response
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
if ($data['response'] != $valid_response)
die('Wrong Credentials!');
// ok, valid username & password
echo 'Your are logged in as: ' . $data['username'];
// function to parse the http auth header
function http_digest_parse($txt)
{
// protect against missing data
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
$data = array();
$keys = implode('|', array_keys($needed_parts));
print $txt;
$txt - Below code shows the values which I received from the server - To check whats coming from the server
username="guest",realm="Restricted area",nonce="4b20d54ab440a",uri="/http.php",cnonce="e6fd095f85a80f1e68f3c2685119b35c",nc=00000001,response="ebaa40b07e3da56e89b048a9766fd4db",qop="auth",opaque="cdce8a5c95a1427d74df7acbf41c9ce0"Your are logged in as: guest
preg_match_all('@(' . $keys . ')=(?[' "])([^2]+?)2|([^s,]+))@', $txt, $matches, PREG_SET_ORDER);
My Understanding of the preg match all code above -
Preg_match_all is used to capture strings which have been matched by the above pattern. @ - means don't report any error on this. ' .$keys. ' have been imploded with a (pipe '|' also called or ) and because of implode function usage the keys values are 'nonce|nc|cnonce|qop|username|uri|username' .
Now the pattern looks for = sign .
Than parentheses comes with ?: non capturing parentheses means that it can be captured but it cannot be counted - at the time of using backrefrence.
Now 2 parentheses comes along ([' "]) with a character class and ' (not very sure about this) -Please confirm if correct - but i think it's escaped so that
we can capture ' or " -as you can see from the above $txt variable username has a value "guest".
Now we get to the third parentheses which is ([^2])+ - which I think is using negation with a back refrence , so we go back to the 2 parentheses because of 2 and look for another
" not start with what was matched in 2 parentheses with +(one or more) and than another parentheses with )?(option sign in the end to tell if its not really needed but optional) and another backrefrence
2 which takes back to ([' "]) and says find " and yes it "guest" is found without the quotes and is saved in the matches.
Now I am confused at this very much | (represented as "pipe" or "or") I think its to do something with the keys which were imploded earlier - look at the $key variable after imploding - Whats the use of this don't know and in what context it's being used don't know. And the last parentheses ([^s,]+) says dont capture anthing thats whitespace and , with + sign (One or more)
Please can someone tell whether I have got the above understanding correct and what mistakes I have made in my understanding.
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
return $needed_parts ? false : $data;}
The above blue code explanation will also be much appreciated.
?>
Creating a unique 'control panel' for each user
Hi there,I'm thinking of designing a site that will allow users to sign up and have their own unique 'control panel'.I just need some pointers on the logic behind this design, specifically:How can I
Why does my php page download images over and over
Can anybody please explain to me why my php page keeps downloading the images and other items every single time the page is loaded or refreshed. I would have thought that the images get cached and
Simultaneous select/update/insert
HiHow would I need to go about when 2 users update a single row simultaneous? And how would I need to go about when 2 users want to edit a row?Should I first lock the table, update the row to indicate
I would like "for" to wait 5 sec
I would like my 'for' loop to wait 5 sec before second iteration.for ($i=0; $i<10; $i++){........//I would like it to wait 5 seconds here}
try catch error
I have been trying try catch but, I can't get it to work. The code opens a non existing file called "a"Code: private function fileOpenMethod($filePath,
PHP - HTML
Could anyone give me some GOOD sample links for php - html email tutorial.Thanks!
How to replace search button with link?
hi to everbody.i have a search submit form and button like this :<form id="f1" name="title" method="post"
Optimize Code
Just started getting into the use of cookies. The following code will redirect users to a set URL should they view a preset number of pages. I'm a little concerned with the speed in which this
MS Exchange 2007 integration with ECC 6.0
Hello Experts,
PHP and Javascript
Hello Everyone,I have a page that needs a javascript code to be written between PHP code but the condition is that javascript code should not be executed. How can I prevent javascript code to be
