Last active
October 10, 2024 06:00
-
-
Save kirilkirkov/74a011747111d4f8e8b8a7d7638e16e8 to your computer and use it in GitHub Desktop.
Auth Digest And Basic. Digest Authentication communicates credentials in an encrypted form. Whereas Basic Authentication uses non-encrypted base64 encoding.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if (!isset($_SERVER['PHP_AUTH_USER'])) { | |
header('WWW-Authenticate: Basic realm="My Realm"'); | |
header('HTTP/1.0 401 Unauthorized'); | |
echo 'Text to send if user hits Cancel button'; | |
exit; | |
} else { | |
$headers = apache_request_headers(); // Also can be viewed in apache request | |
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; | |
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>"; | |
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$realm = 'Restricted area'; | |
//user => password | |
$users = array('admin' => 'mypass', 'guest' => 'guest'); | |
if (empty($_SERVER['PHP_AUTH_DIGEST'])) { | |
header('HTTP/1.1 401 Unauthorized'); | |
header('WWW-Authenticate: Digest realm="'.$realm. | |
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); | |
die('Text to send if user hits Cancel button'); | |
} | |
// analyze the PHP_AUTH_DIGEST variable | |
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || | |
!isset($users[$data['username']])) | |
die('Wrong Credentials!'); | |
// generate the valid response | |
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); | |
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); | |
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); | |
if ($data['response'] != $valid_response) | |
die('Wrong Credentials!'); | |
// ok, valid username & password | |
echo 'You are logged in as: ' . $data['username']; | |
// function to parse the http auth header | |
function http_digest_parse($txt) | |
{ | |
// protect against missing data | |
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); | |
$data = array(); | |
$keys = implode('|', array_keys($needed_parts)); | |
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); | |
foreach ($matches as $m) { | |
$data[$m[1]] = $m[3] ? $m[3] : $m[4]; | |
unset($needed_parts[$m[1]]); | |
} | |
return $needed_parts ? false : $data; | |
} |
The Basic and Digest schemes are dedicated to the authentication using a username and a secret.
The Bearer scheme is dedicated to the authentication using a token.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
HTTP Digest Access Authentication
Digest Access Authentication uses the hashing(i.e digest means cut into small pieces) methodologies to generate the cryptographic result. HTTP Digest access authentication is a more complex form of authentication that works as follows:
HTTP Basic Access Authentication
Basic Authentication uses base64 encoding(not encryption) for generating our cryptographic string which contains the information of username and password. HTTP Basic doesn’t need to be implemented over SSL, but if you don’t, it isn’t secure at all. So I’m not even going to entertain the idea of using it without.