At the core is this simple code to parse the digest string into variables works for several browsers.MAMP Pro is great, but its been a learning curve to get to grips with the various settings for running a development server with Wordpress on it. Here is my attempt to create a digest authentication class that will log the user in and out without using a cookie,session,db,or file. This script must use in the protected pages.įor work this script the browser address string must be following: This example shows programming "LOGIN", "LOGOUT" and "RE-LOGIN". Using an invalid number might result in a 403 response or, depending on how you feel that day, a 302 to a nasty website.Ĭare should be taken when linking from the page generated in this case, since relative links will be relative to the virtual and non-existant directory rather than the true script directory. You should keep track of this number in a server-side file or database and regenerate it upon each successful login, so that the last number(s) become invalid. Note that using a random, unrestricted number will still allow the user to hit the back button to get back into the page. Since browsers attach the credentials to specific URLs, use virtual paths where a component of the path is actually a PHP script, and everything following it is part of the URI, such as:īy choosing a different number for the last component of the URL, browsers can be tricked into thinking that they are dealing with a completely different website, and thus prompting the user for credentials again. I came up with another approach to work around the problem of browsers caching Even with Lalit's method of creating a random realm name, it was still possible to get back into the protected area using the back button in Firefox, so that didn't work.
It will make ZF work transparently with you solution and I believe any other framework should work also This method uses apache_request_header which is likely not to be accessible in old CGI/FastCGI installations or _$_SERVER, so you need to put your authentication data, obtained via _GET or ENV to It takes Authorization info using "Zend_Controller_Request::getHeader" If you use ZF you probably use Zend_Auth_Adapter_Http to auth user. Here HTTP request header Authorization would be acessible as PHP_AUTH_DIGEST_RAW via $_GET.
$users = array( 'admin' => 'mypass', 'guest' => 'guest' )
Getting Started Introduction A simple tutorial Language Reference Basic syntax Types Variables Constants Expressions Operators Control Structures Functions Classes and Objects Namespaces Enumerations Errors Exceptions Fibers Generators Attributes References Explained Predefined Variables Predefined Exceptions Predefined Interfaces and Classes Context options and parameters Supported Protocols and Wrappers Security Introduction General considerations Installed as CGI binary Installed as an Apache module Session Security Filesystem Security Database Security Error Reporting User Submitted Data Hiding PHP Keeping Current Features HTTP authentication with PHP Cookies Sessions Dealing with XForms Handling file uploads Using remote files Connection handling Persistent Database Connections Command line usage Garbage Collection DTrace Dynamic Tracing Function Reference Affecting PHP's Behaviour Audio Formats Manipulation Authentication Services Command Line Specific Extensions Compression and Archive Extensions Cryptography Extensions Database Extensions Date and Time Related Extensions File System Related Extensions Human Language and Character Encoding Support Image Processing and Generation Mail Related Extensions Mathematical Extensions Non-Text MIME Output Process Control Extensions Other Basic Extensions Other Services Search Engine Extensions Server Specific Extensions Session Extensions Text Processing Variable and Type Related Extensions Web Services Windows Only Extensions XML Manipulation GUI Extensions Keyboard Shortcuts ? This help j Next menu item k Previous menu item g p Previous man page g n Next man page G Scroll to bottom g g Scroll to top g h Goto homepage g s Goto search