PHP 摘要式 MD5 身份验证

发布于 2024-12-13 13:56:34 字数 1377 浏览 1 评论 0原文

我编写了一个类来使用 HTTP 身份验证摘要方式对用户进行身份验证。我读了几篇文章并且成功了。现在，我想让它使用Md5密码，但我似乎无法让它工作，这是验证用户身份的功能。

public function authenticate() {

// In case the user is not logged in already.
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {

    // Return the headers.
    $this->show_auth();

} else {

    // Parse the given Digest-data.
    $data = $this->parse_request($_SERVER['PHP_AUTH_DIGEST']);

    // Check the data.
    if (!$data) { 

        // Display an error message.
        die($this->unauthorized);

    } else {

        // Based on the given information, generate the valid response.
        $usr_password = "test";

        // Generate the response partly.
        $A1 = md5($data['username'].":".$this->get_realm().":".$usr_password);
        $A2 = md5($_SERVER['REQUEST_METHOD'].":".$data['uri']);

        // Generate the valid response.
        $val_response = md5($A1.":".$data['nonce'].":".$data['nc'].":".$data['cnonce'].":".$data['qop'].":".$A2);

        // Compare the valid response with the given response.
        if ($data['response'] != $val_response) {

            // Display the login again.
            $this->show_auth();

        } else {

            // Return true.
            return true;

        }

    }

}

所以

想象 $usr_password="test" 将是 $usr_password=md5("test");

那么我该如何比较密码呢？

谢谢。

原文

I wrote a class to authenticate a user using HTTP Authentication the Digest way. I read a few articles and I got it working. Now, I would like to let it make use of Md5 passwords, but I can't seem to get it working, this is the function authenticating the users.

public function authenticate() {

// In case the user is not logged in already.
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {

    // Return the headers.
    $this->show_auth();

} else {

    // Parse the given Digest-data.
    $data = $this->parse_request($_SERVER['PHP_AUTH_DIGEST']);

    // Check the data.
    if (!$data) { 

        // Display an error message.
        die($this->unauthorized);

    } else {

        // Based on the given information, generate the valid response.
        $usr_password = "test";

        // Generate the response partly.
        $A1 = md5($data['username'].":".$this->get_realm().":".$usr_password);
        $A2 = md5($_SERVER['REQUEST_METHOD'].":".$data['uri']);

        // Generate the valid response.
        $val_response = md5($A1.":".$data['nonce'].":".$data['nc'].":".$data['cnonce'].":".$data['qop'].":".$A2);

        // Compare the valid response with the given response.
        if ($data['response'] != $val_response) {

            // Display the login again.
            $this->show_auth();

        } else {

            // Return true.
            return true;

        }

    }

}

}

So imagine the $usr_password="test" will be $usr_password=md5("test");

How do I compare passwords then?

Thanks.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

无语# 2024-12-20 13:56:34

MD5 函数是散列函数，是一种对相同输入产生相同结果的单向方法。

因此，要比较 $password1 和 $password2 而不泄露（直接比较）两者，比较它们的哈希值就足够了：

$hash1 = md5($password1); // hash for pass 1
$hash2 = md5($password2); // hash for pass 2

if ($hash1 === $hash2) {
    // here goes the code to support case of passwords being identical
} else {
    // here goes the code to support case of passwords not being identical
}

足够清楚吗？让我知道。

The MD5 function is hashing function, one-directional method to produce the same result for the same input.

Thus, to compare $password1 to $password2 without revealing (comparing directly) both of them it should be enough to compare their hashes:

$hash1 = md5($password1); // hash for pass 1
$hash2 = md5($password2); // hash for pass 2

if ($hash1 === $hash2) {
    // here goes the code to support case of passwords being identical
} else {
    // here goes the code to support case of passwords not being identical
}

Is it clear enough? Let me know.

回复收藏 0 原文

~没有更多了~