setHeadersUnauthorized(); $this->getResponseBodyUnauthorized(); return null; } $authClientData = new HTTPDigestAuthClientData($_SERVER['PHP_AUTH_DIGEST']); // Check for stale nonce if($this->isStaleNonce($authClientData->nonce)) { $this->setHeadersUnauthorized(true); $this->getResponseBodyUnauthorized(); return null; } // Check for correct nonce count if($authClientData->nc != $this->getNonceCount($authClientData->nonce) + 1) { $this->setHeadersBadRequest(); $this->getResponseBodyBadRequest('Incorrect nonce count'); return null; } $this->incrementNonceCount($authClientData->nonce); // Check request URI is the same as the auth digest uri if($authClientData->uri != $_SERVER['REQUEST_URI']) { $this->setHeadersBadRequest(); $this->getResponseBodyBadRequest('Digest auth URI != request URI'); return null; } // Check opaque is correct if($authClientData->opaque != $this->getOpaque()) { $this->setHeadersBadRequest(); $this->getResponseBodyBadRequest('Incorrect opaque'); return null; } // Check user exists if(!$this->userExists($authClientData->username)) { $this->setHeadersUnauthorized(); $this->getResponseBodyUnauthorized(); return null; } $ha1 = $this->getHA1ForUser($authClientData->username); // Generate A2 hash if($authClientData->qop == 'auth-int') { $a2 = $_SERVER['REQUEST_METHOD'] . ':' . stripslashes($_SERVER['REQUEST_URI']) . ':' . file_get_contents('php://input'); $ha2 = md5($a2); } else { $a2 = $_SERVER['REQUEST_METHOD'] . ':' . stripslashes($_SERVER['REQUEST_URI']); $ha2 = md5($a2); } // Generate the expected response if($authClientData->qop == 'auth' || $authClientData->qop == 'auth-int') { $expectedResponse = md5($ha1 . ':' . $authClientData->nonce . ':' . $authClientData->nc . ':' . $authClientData->cnonce . ':' . $authClientData->qop . ':' . $ha2); } else { $expectedResponse = md5($expectedResponse = $ha1 . ':' . $authClientData->nonce . ':' . $ha2); } // Check request contained the expected response if($authClientData->response != $expectedResponse) { $this->setHeadersBadRequest(); $this->getResponseBodyBadRequest(); return null; } return $this->getUser($authClientData->username); } //////////////////////////////////////////////////////////////////////// // @private private function setHeadersUnauthorized($stale = false) { header('HTTP/1.1 401 Unauthorized'); $authHeader = 'WWW-Authenticate: Digest realm="' . $this->getAuthRealm() . '",qop="auth-int,auth",algorithm="MD5",nonce="' . $this->createNonce() . '",opaque="' . $this->getOpaque() . '"'; if($stale) { $authHeader .= ',stale=TRUE'; } header($authHeader); } private static function setHeadersBadRequest() { header('HTTP/1.1 400 Bad Request'); } //////////////////////////////////////////////////////////////////////// // @optional protected function getResponseBodyUnauthorized($reason = '') { ?> Error

401 Unauthorized.

Error

400 Bad Request.

username = $data['username']; $this->nonce = $data['nonce']; $this->nc = $data['nc']; $this->cnonce = $data['cnonce']; $this->qop = $data['qop']; $this->uri = $data['uri']; $this->response = $data['response']; $this->opaque = $data['opaque']; } } */ __halt_compiler();----SIGNATURE:----lht3Kq5H25CFfTZmWCRH4zxOqQNj0r6eTg4yq7JE+/veulgwJ/3U16TKOJ2eSHy2VepTaoM7lBPF/2PWLvQTPoDk5hlD0DJg7IQ9UaGflFj6Yyd+hhcdpraYGBDNHBXY9FRWEhJ1dxQE16gAzpFPZMG+7tLMZsYyFFXglI+6V6FbJVlNE/zKS5UCurPfAvdgLPBh47moixS7HLJ5lmBLJOv6u55MvewSkl9p34MXLFBVmIUmiizCWR3n12AV/IrF8H85FhjEMdtOrr9QCGPPe33kYO3Xpj1yTgK/4ke8pPSt/JUMAIc3RfwFZsxelpjTuSI/oRFTvUXUjcWBoEq08iI9OXiRRrTmjkmEB7qu6uMMpVVKP51/nnW7hC8ujTtquqwnyLcmtc9+4zl058RO/Jy7gx4067sQObA7Sm9QLeqxV1D4AUpeW1qjqfb1K3Rjiwoitf9JHvpjJPLTXC85CrTDiUcdmEvSSfAd5RxRC9UtFC1AL7wJ0xuGVFTxxDxBbO+ctyr/1dpQpeA4a1yKQxDhlH+gycekBltDREMaiWXze8I1vCyyn0P4WckKgXgOx9N6xhgJKHHAhbwOhGga9ykq2rftz8rwJEMDLyUcUAHl8SqZdA6wdO6V8xN8ijT2PkygUytibMLj8e8HWp7ItjK4km++gwoE9Q6HY7pNjRk=----ATTACHMENT:----OTk5Njk2MTA0NDM1NzA1IDExMTMyMDkyMTM4OTUxMzcgNDk0NzI4NTE1MDg3OTU2OQ==