Hi Everyone,
This is my first time on your website and please excuse if I am asking silly question.
I have a question about PHP HTTP DIGEST AUTHENTICATION - published in PHP Manual - php.net
Their explanation is bit limited and I was unable to find anything about it on the web - People have written that
it's beyond the knowledge of the language and just paste the code and use it. But I have still done some study on the regular expression used and managed to understand it but please help me in understanding it completely.
The code which I need to be explained is in Blue color.
I will thank u in advance
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
<?php
$realm = 'Restricted area';
//user => password
$users = array('admin' => 'mypass', 'guest' => 'guest');
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
die('Text to send if user hits Cancel button');
}
// analyze the PHP_AUTH_DIGEST variable
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
!isset($users[$data['username']]))
die('Wrong Credentials!');
// generate the valid response
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
if ($data['response'] != $valid_response)
die('Wrong Credentials!');
// ok, valid username & password
echo 'Your are logged in as: ' . $data['username'];
// function to parse the http auth header
function http_digest_parse($txt)
{
// protect against missing data
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
$data = array();
$keys = implode('|', array_keys($needed_parts));
print $txt;
$txt - Below code shows the values which I received from the server - To check whats coming from the server
username="guest",realm="Restricted area",nonce="4b20d54ab440a",uri="/http.php",cnonce="e6fd095f85a80f1e68f3c2685119b35c",nc=00000001,response="ebaa40b07e3da56e89b048a9766fd4db",qop="auth",opaque="cdce8a5c95a1427d74df7acbf41c9ce0"Your are logged in as: guest
preg_match_all('@(' . $keys . ')=(?[' "])([^2]+?)2|([^s,]+))@', $txt, $matches, PREG_SET_ORDER);
My Understanding of the preg match all code above -
Preg_match_all is used to capture strings which have been matched by the above pattern. @ - means don't report any error on this. ' .$keys. ' have been imploded with a (pipe '|' also called or ) and because of implode function usage the keys values are 'nonce|nc|cnonce|qop|username|uri|username' .
Now the pattern looks for = sign .
Than parentheses comes with ?: non capturing parentheses means that it can be captured but it cannot be counted - at the time of using backrefrence.
Now 2 parentheses comes along ([' "]) with a character class and ' (not very sure about this) -Please confirm if correct - but i think it's escaped so that
we can capture ' or " -as you can see from the above $txt variable username has a value "guest".
Now we get to the third parentheses which is ([^2])+ - which I think is using negation with a back refrence , so we go back to the 2 parentheses because of 2 and look for another
" not start with what was matched in 2 parentheses with +(one or more) and than another parentheses with )?(option sign in the end to tell if its not really needed but optional) and another backrefrence
2 which takes back to ([' "]) and says find " and yes it "guest" is found without the quotes and is saved in the matches.
Now I am confused at this very much | (represented as "pipe" or "or") I think its to do something with the keys which were imploded earlier - look at the $key variable after imploding - Whats the use of this don't know and in what context it's being used don't know. And the last parentheses ([^s,]+) says dont capture anthing thats whitespace and , with + sign (One or more)
Please can someone tell whether I have got the above understanding correct and what mistakes I have made in my understanding.
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
return $needed_parts ? false : $data;}
The above blue code explanation will also be much appreciated.
?>
How to convert this array to string
I am having problems converting this array to a stringusing print_r($val[1]); I get: Code: [Select]Array( [0] => Array ( [name] => John ) [1] =>
Need help with some php code :)
Hey! I'm quite new to this whole thing, so please don't fire me with shait on this one =DI'm trying to learn PHP and MySQL, and atm I am trying to make a website which corresponds with a database - a
Count on multidimensional array
Hi, i got an array as below:Array( => Array ( [2009-12-08] => 1 ) [1] => Array ( [2009-12-07] => 1 ) [2]
session_destroy();
new to phpI have a simple login and am trying to write a logout.I set a $_SESSION var to 1 if they are logged in:if(isset($_POST['logname'])){ $UserArr = chk_lgn($_POST['logname'],$_POST['passwd']);
isset undefined variable
Hi all,Hope someone can point out the obvious. I've a log in script, if you dont enter a username or pw, you get a red asterix show by the field and a pop up.If you enter an email but not the pw, it
blank page.... nothing is happening.
I'm new to a lot of this but in the last 24hrs have learned a lot.Installed latest version of mysql... went fine no problems.Installed latest version of php... went fine no problems.did all my
Reditecting pages based on logic
Newbie here, apologies in advance!I am trying to use the header function to forward one of any number of locations (taken from a db) based on the value of a response param:Quote<?php include
PHP submit form script causing blank page
Im trying to submit a form using this script, however nothing shows up on the page, does anyone know why it's not working?ThanksCode: <?php // Connects to your Database
Credit card verification
I have a client who wants to process credit card transactions from his web site rather than the going through something like paypal. I've never done that before...what is my first step? I really dont
Problem with array max size.
Hi to everyone,
