I just made a patch to add http digest authentication for php5 based on RFC2617. It is not tested well yet, the attached sample script 'digest-auth.php' works with Mozilla Firebird 0.7.
It is useful or not ?
Rui
Index: main/SAPI.h
===================================================================
RCS file: /repository/php-src/main/SAPI.h,v
retrieving revision 1.108
diff -c -r1.108 SAPI.h
*** main/SAPI.h 8 Jan 2004 17:33:04 -0000 1.108
--- main/SAPI.h 1 Feb 2004 14:14:33 -0000
***************
*** 95,100 ****
--- 95,101 ----
/* for HTTP authentication */
char *auth_user;
char *auth_password;
+ char *auth_nonce;
/* this is necessary for the CGI SAPI module */
char *argv0;
Index: main/main.c
===================================================================
RCS file: /repository/php-src/main/main.c,v
retrieving revision 1.587
diff -c -r1.587 main.c
*** main/main.c 29 Jan 2004 00:08:21 -0000 1.587
--- main/main.c 1 Feb 2004 14:14:34 -0000
***************
*** 1732,1737 ****
--- 1732,1778 ----
efree(user);
}
}
+ } else if (auth && auth[0] != '\0' && strncmp(auth, "Digest ", 7) == 0) {
+ char *pass = NULL, *user = NULL, *nonce = NULL, *ends = NULL;
+
+ auth = strstr(auth, "username=");
+ if (auth) {
+ user = strchr(auth, '"');
+ }
+ if (user++) {
+ pass = strchr(user, '"');
+ }
+ if (pass) {
+ *pass++ = '\0';
+ SG(request_info).auth_user = estrdup(user);
+
+ nonce = strstr(pass, "nonce=");
+ if (nonce) {
+ nonce = strchr(nonce, '"');
+ if (nonce++) {
+ pass = strchr(nonce, '"');
+ if (pass) {
+ *pass++ = '\0';
+ SG(request_info).auth_nonce =
estrdup(nonce);
+ }
+ }
+ }
+
+ pass = strstr(pass, "response=");
+ if (pass) {
+ pass = strchr(pass, '"');
+ if (pass++) {
+ ends = strchr(pass, '"');
+ if(ends) {
+ *ends = '\0';
+ SG(request_info).auth_password =
estrdup(pass);
+ ret = 0;
+ }
+ } else {
+ efree(user);
+ }
+ }
+ }
}
if (ret == -1) {
Index: main/php_variables.c
===================================================================
RCS file: /repository/php-src/main/php_variables.c,v
retrieving revision 1.76
diff -c -r1.76 php_variables.c
*** main/php_variables.c 26 Jan 2004 04:15:08 -0000 1.76
--- main/php_variables.c 1 Feb 2004 14:14:35 -0000
***************
*** 499,504 ****
--- 499,507 ----
if (SG(request_info).auth_password) {
php_register_variable("PHP_AUTH_PW", SG(request_info).auth_password,
array_ptr TSRMLS_CC);
}
+ if (SG(request_info).auth_nonce) {
+ php_register_variable("PHP_AUTH_NONCE", SG(request_info).auth_nonce,
array_ptr TSRMLS_CC);
+ }
PG(magic_quotes_gpc) = magic_quotes_gpc;
}
/* }}} */-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
