24 require_once
"Auth/Auth.php";
26 define(
'AUTH_HTTP_NONCE_TIME_LEN', 16);
27 define(
'AUTH_HTTP_NONCE_HASH_LEN', 32);
176 $this->options = array(
'cryptType' =>
'md5',
177 'algorithm' =>
'MD5',
178 'qop' =>
'auth-int,auth',
179 'opaquekey' =>
'moo',
181 'digestRealm' =>
'protected area',
182 'forceDigestOnly' =>
false,
184 'sessionSharing' =>
true,
188 $this->authType = strtolower(
$options[
'authType']);
192 foreach(
$options as $key => $value) {
193 if (array_key_exists( $key, $this->options)) {
194 $this->options[$key] = $value;
198 if (!empty($this->options[
'opaquekey'])) {
199 $this->opaque = md5($this->options[
'opaquekey']);
219 if (method_exists($this,
'_importGlobalVariable')) {
220 $this->server = &$this->_importGlobalVariable(
'server');
224 if ($this->authType ==
'basic') {
225 if (!empty($this->server[
'PHP_AUTH_USER'])) {
226 $this->username = $this->server[
'PHP_AUTH_USER'];
229 if (!empty($this->server[
'PHP_AUTH_PW'])) {
230 $this->password = $this->server[
'PHP_AUTH_PW'];
236 if (empty($this->username) && empty($this->password)) {
237 if (!empty($this->server[
'HTTP_AUTHORIZATION'])) {
238 list($this->username, $this->password) =
239 explode(
':', base64_decode(substr($this->server[
'HTTP_AUTHORIZATION'], 6)));
242 } elseif ($this->authType ==
'digest') {
243 $this->username =
'';
244 $this->password =
'';
246 $this->digest_header = null;
247 if (!empty($this->server[
'PHP_AUTH_DIGEST'])) {
248 $this->digest_header = substr($this->server[
'PHP_AUTH_DIGEST'],
249 strpos($this->server[
'PHP_AUTH_DIGEST'],
' ')+1);
251 $headers = getallheaders();
252 if(isset($headers[
'Authorization']) && !empty($headers[
'Authorization'])) {
253 $this->digest_header = substr($headers[
'Authorization'],
254 strpos($headers[
'Authorization'],
' ')+1);
258 if($this->digest_header) {
259 $authtemp = explode(
',', $this->digest_header);
261 foreach($authtemp as $key => $value) {
262 $value = trim($value);
263 if(strpos($value,
'=') !==
false) {
264 $lhs = substr($value,0,strpos($value,
'='));
265 $rhs = substr($value,strpos($value,
'=')+1);
266 if(substr($rhs,0,1) ==
'"' && substr($rhs,-1,1) ==
'"') {
267 $rhs = substr($rhs,1,-1);
273 if (!isset(
$auth[
'uri']) || !isset(
$auth[
'realm'])) {
278 $this->uri =
$auth[
'uri'];
279 if (substr($headers[
'Authorization'],0,7) ==
'Digest ') {
281 $this->authType =
'digest';
283 if (!isset(
$auth[
'nonce']) || !isset(
$auth[
'username']) ||
284 !isset(
$auth[
'response']) || !isset(
$auth[
'qop']) ||
285 !isset(
$auth[
'nc']) || !isset(
$auth[
'cnonce'])){
289 if (
$auth[
'qop'] !=
'auth' &&
$auth[
'qop'] !=
'auth-int') {
295 if ($this->nextNonce ==
false) {
299 $this->username =
$auth[
'username'];
300 $this->password =
$auth[
'response'];
301 $this->auth[
'nonce'] =
$auth[
'nonce'];
303 $this->auth[
'qop'] =
$auth[
'qop'];
304 $this->auth[
'nc'] =
$auth[
'nc'];
305 $this->auth[
'cnonce'] =
$auth[
'cnonce'];
307 if (isset(
$auth[
'opaque'])) {
308 $this->auth[
'opaque'] =
$auth[
'opaque'];
311 } elseif (substr($headers[
'Authorization'],0,6) ==
'Basic ') {
312 if ($this->options[
'forceDigestOnly']) {
316 $this->authType =
'basic';
318 explode(
':',base64_decode(substr($headers[
'Authorization'],6)));
327 if ($this->options[
'sessionSharing'] &&
328 isset($this->username) && isset($this->password)) {
329 session_id(md5(
'Auth_HTTP' . $this->username . $this->password));
336 $this->_sessionName =
"_authhttp".md5($this->realm);
351 if (method_exists($this,
'_loadStorage')) {
360 if (!empty($this->username) && !empty($this->password)) {
361 if ($this->authType ==
'basic' && !$this->options[
'forceDigestOnly']) {
362 if (
true === $this->storage->fetchData($this->username, $this->password)) {
377 if (!DB::isConnection($dbs->db)) {
378 $dbs->_connect($dbs->options[
'dsn']);
381 $query =
'SELECT '.$dbs->options[
'passwordcol'].
" FROM ".$dbs->options[
'table'].
382 ' WHERE '.$dbs->options[
'usernamecol'].
" = '".
383 $dbs->db->quoteString($this->username).
"' ";
385 $pwd = $dbs->db->getOne(
$query);
387 if (DB::isError($pwd)) {
391 if ($this->options[
'cryptType'] ==
'none') {
392 $a1 = md5($this->username.
':'.$this->options[
'digestRealm'].
':'.$pwd);
403 if ($this->nextNonce ==
false) {
408 if (!$login_ok && is_callable($this->loginFailedCallback)) {
409 call_user_func($this->loginFailedCallback,$this->username, $this);
413 if (!empty($this->username) && $login_ok) {
414 $this->
setAuth($this->username);
415 if (is_callable($this->loginCallback)) {
416 call_user_func($this->loginCallback,$this->username, $this);
424 if (!empty($this->username) && !$login_ok) {
428 if ((empty($this->username) || !$login_ok) && $this->showLogin) {
429 $this->
drawLogin($this->storage->activeUser);
433 if (!empty($this->username) && $login_ok && $this->authType ==
'digest'
434 && $this->auth[
'qop'] ==
'auth') {
454 if ($this->authType ==
'basic') {
455 header(
"WWW-Authenticate: Basic realm=\"".$this->realm.
"\"");
456 header(
'HTTP/1.0 401 Unauthorized');
457 }
else if ($this->authType ==
'digest') {
460 $wwwauth =
'WWW-Authenticate: Digest ';
461 $wwwauth .=
'qop="'.$this->options[
'qop'].
'", ';
462 $wwwauth .=
'algorithm='.$this->options[
'algorithm'].
', ';
463 $wwwauth .=
'realm="'.$this->options[
'digestRealm'].
'", ';
464 $wwwauth .=
'nonce="'.$this->nonce.
'", ';
466 $wwwauth .=
'stale=true, ';
468 if (!empty($this->opaque)) {
469 $wwwauth .=
'opaque="'.$this->opaque.
'"' ;
472 if (!$this->options[
'forceDigestOnly']) {
473 $wwwauth .=
'WWW-Authenticate: Basic realm="'.$this->realm.
'"';
476 header(
'HTTP/1.0 401 Unauthorized');
484 echo
'Stale nonce value, please re-authenticate.';
505 if (!empty($digestRealm)) {
506 $this->options[
'digestRealm'] = $digestRealm;
522 $this->CancelText = $text;
538 if (method_exists($this,
'_importGlobalVariable')) {
539 $this->server = &$this->_importGlobalVariable(
'server');
542 $a2unhashed = $this->server[
'REQUEST_METHOD'].
":".$this->
selfURI();
543 if($this->auth[
'qop'] ==
'auth-int') {
544 if(isset(
$GLOBALS[
"HTTP_RAW_POST_DATA"])) {
546 $body =
$GLOBALS[
"HTTP_RAW_POST_DATA"];
547 }
else if($lines = @file(
'php://input')) {
549 $body = implode(
"\n", $lines);
551 if (method_exists($this,
'_importGlobalVariable')) {
552 $this->post = &$this->_importGlobalVariable(
'post');
555 foreach($this->post as $key => $value) {
556 if($body !=
'') $body .=
'&';
557 $body .= rawurlencode($key) .
'=' . rawurlencode($value);
561 $a2unhashed .=
':'.md5($body);
564 $a2 = md5($a2unhashed);
566 $this->auth[
'nonce'].
':'.
567 $this->auth[
'nc'].
':'.
568 $this->auth[
'cnonce'].
':'.
569 $this->auth[
'qop'].
':'.
571 $expectedResponse = md5($combined);
573 if(!isset($this->auth[
'opaque']) || $this->auth[
'opaque'] == $this->opaque) {
574 if($response == $expectedResponse) {
601 $this->nextNonce =
false;
606 if ($time < time() - $this->options[
'nonceLife']) {
610 $this->nextNonce =
$nonce;
630 if (method_exists($this,
'_importGlobalVariable')) {
631 $this->server = &$this->_importGlobalVariable(
'server');
641 $hash = md5($time . $this->server[
'HTTP_USER_AGENT'] . $this->options[
'noncekey']);
643 if ($hash_cli != $hash) {
661 if (method_exists($this,
'_importGlobalVariable')) {
662 $this->server = &$this->_importGlobalVariable(
'server');
666 $hash = md5($time . $this->server[
'HTTP_USER_AGENT'] . $this->options[
'noncekey']);
668 return base64_encode($time) . $hash;
688 $a2unhashed =
":".$this->selfURI();
689 if($this->auth[
'qop'] ==
'auth-int') {
690 $a2unhashed .=
':'.$contentMD5;
692 $a2 = md5($a2unhashed);
695 $this->auth[
'nc'].
':'.
696 $this->auth[
'cnonce'].
':'.
697 $this->auth[
'qop'].
':'.
701 $wwwauth =
'Authentication-Info: ';
702 if($this->nonce != $this->nextNonce) {
703 $wwwauth .=
'nextnonce="'.$this->nextNonce.
'", ';
705 $wwwauth .=
'qop='.$this->auth[
'qop'].
', ';
706 $wwwauth .=
'rspauth="'.md5($combined).
'", ';
707 $wwwauth .=
'cnonce="'.$this->auth[
'cnonce'].
'", ';
708 $wwwauth .=
'nc='.$this->auth[
'nc'].
'';
724 if (is_array($name)) {
725 foreach($name as $key => $value) {
726 if (array_key_exists( $key, $this->options)) {
727 $this->options[$key] = $value;
731 if (array_key_exists( $name, $this->options)) {
732 $this->options[$name] = $value;
748 if (array_key_exists( $name, $this->options)) {
749 return $this->options[$name];
751 if ($name ==
'CancelText') {
754 if ($name ==
'Realm') {
770 if (method_exists($this,
'_importGlobalVariable')) {
771 $this->server = &$this->_importGlobalVariable(
'server');
774 if (preg_match(
"/MSIE/",$this->server[
'HTTP_USER_AGENT'])) {
776 $uri = preg_replace(
"/^(.*)\?/",
"\\1",$this->server[
'REQUEST_URI']);
778 $uri = $this->server[
'REQUEST_URI'];