Home Explore Help
Register Sign In
YLSJ
/
server
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: cc9107e832
Branches Tags
server
/
Gameserver
/
Public
/
phpRedisAdmin
/
includes
/
login.inc.php

login.inc.php 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. <?php
    2. 

  2. 

  3. // This fill will perform HTTP digest authentication. This is not the most secure form of authentication so be carefull when using this.
    4. 

  4. 

  5. 

  6. $realm = 'phpRedisAdmin';
    7. 

  7. 

  8. // Using the md5 of the user agent and IP should make it a bit harder to intercept and reuse the responses.
    9. 

  9. $opaque = md5('phpRedisAdmin'.$_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
    10. 

  10. 

  11. 

  12. if (!isset($_SERVER['PHP_AUTH_DIGEST']) || empty($_SERVER['PHP_AUTH_DIGEST'])) {
    13. 

  13.   header('HTTP/1.1 401 Unauthorized');
    14. 

  14.   header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
    15. 

  15.   die;
    16. 

  16. }
    17. 

  17. 

  18. $needed_parts = array(
    19. 

  19.   'nonce'    => 1,
    20. 

  20.   'nc'       => 1,
    21. 

  21.   'cnonce'   => 1,
    22. 

  22.   'qop'      => 1,
    23. 

  23.   'username' => 1,
    24. 

  24.   'uri'      => 1,
    25. 

  25.   'response' => 1
    26. 

  26.  );
    27. 

  27. 

  28. $data = array();
    29. 

  29. $keys = implode('|', array_keys($needed_parts));
    30. 

  30. 

  31. preg_match_all('/('.$keys.')=(?:([\'"])([^\2]+?)\2|([^\s,]+))/', $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
    32. 

  32. 

  33. foreach ($matches as $m) {
    34. 

  34.   $data[$m[1]] = $m[3] ? $m[3] : $m[4];
    35. 

  35.   unset($needed_parts[$m[1]]);
    36. 

  36. }
    37. 

  37. 

  38. if (!empty($needed_parts)) {
    39. 

  39.   header('HTTP/1.1 401 Unauthorized');
    40. 

  40.   header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
    41. 

  41.   die;
    42. 

  42. }
    43. 

  43. 

  44. if (!isset($config['login'][$data['username']])) {
    45. 

  45.   header('HTTP/1.1 401 Unauthorized');
    46. 

  46.   header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
    47. 

  47.   die('Invalid username and/or password combination.');
    48. 

  48. }
    49. 

  49. 

  50. $login         = $config['login'][$data['username']];
    51. 

  51. $login['name'] = $data['username'];
    52. 

  52. 

  53. $password = md5($login['name'].':'.$realm.':'.$login['password']);
    54. 

  54. 

  55. $response = md5($password.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']));
    56. 

  56. 

  57. if ($data['response'] != $response) {
    58. 

  58.   header('HTTP/1.1 401 Unauthorized');
    59. 

  59.   header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.$opaque.'"');
    60. 

  60.   die('Invalid username and/or password combination.');
    61. 

  61. }
    62. 

  62. 

  63. ?>
    64.