php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #51011 [ZH] The Content and the sample were mixed
Submitted: 2010-02-11 09:18 UTC Modified: 2010-10-23 14:33 UTC
From: lne1030 at gmail dot com Assigned: kalle (profile)
Status: Closed Package: Translation problem
PHP Version: 5.2.12 OS: Windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lne1030 at gmail dot com
New email:
PHP Version: OS:

 

 [2010-02-11 09:18 UTC] lne1030 at gmail dot com
Description:
------------
http://docs.php.net/manual/zh/features.http-auth.php

This page have the error!
"Example #7 Digest HTTP" 

Reproduce code:
---------------
<?php
$realm = 'Restricted area';

//user => password
$users = array('admin' => 'mypass', 'guest' => 'guest');


if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: Digest realm="'.$realm.
           '" qop="auth" nonce="'.uniqid().'" opaque="'.md5($realm).'"');

    die('Text to send if user hits Cancel button');
}


// analyze the PHP_AUTH_DIGEST variable
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
    !isset($users[$data['username']]))
    die('Wrong Credentials!');


// generate the valid response
$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

if ($data['response'] != $valid_response)
    die('Wrong Credentials!');

// ok, valid username & password
echo 'Your are logged in as: ' . $data['username'];


// function to parse the http auth header
function http_digest_parse($txt)
{
    // protect against missing data
    $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
    $data = array();

    preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $txt, $matches, PREG_SET_ORDER);

    foreach ($matches as $m) {
        $data[$m[1]] = $m[3];
        unset($needed_parts[$m[1]]);
    }

    return $needed_parts ? false : $data;
}
?>
   </programlisting>
  </example>
 </para>

 <note>
  <title>??????????</title>
  <para>
   ?ڱ?д HTTP
   ??ͷ????ʱ??????С?ġ?Ϊ?˶????еĿͻ??˱?֤?????ԣ??ؼ??֡?Basic???ĵ?һ????ĸ??????дΪ??B?????ֽ??ַ?????????˫???ţ????ǵ????ţ????ã??????ڱ?ͷ??
   <emphasis>HTTP/1.0 401</emphasis> ?У??? <emphasis>401</emphasis> ǰ???????ҽ???һ???ո???
  </para>
 </note>

 <para>
  ???????????У?????ֻ??ӡ???? <varname>PHP_AUTH_USER</varname> ??
  <varname>PHP_AUTH_PW</varname>
  ??ֵ??????ʵ???????У???????Ҫ???û??????????ĺϷ??Խ??м??顣???????????ݿ??IJ?ѯ???????? dbm ?ļ??м?????
 </para>

 <para>
  ע????Щ Internet Explorer
  ???????????????⡣???Ա?ͷ??˳???Ե??ƺ??е㴵ë???á?Ŀǰ?????ڷ???
  <literal>HTTP/1.0 401</literal> ֮ǰ?ȷ???
  <emphasis>WWW-Authenticate</emphasis> ??ͷ?ƺ????Խ????????⡣
 </para>

 <simpara>
  ?? PHP 4.3.0
  ????Ϊ?˷?ֹ????ͨ????д?ű??????ô?ͳ?ⲿ??????֤??ҳ???ϻ?ȡ???룬???ⲿ??֤???ض?ҳ????Ч??????&safemode;??????ʱ??PHP_AUTH
  ?????????ᱻ???á??????????Σ?<varname>REMOTE_USER</varname>
  ???Ա??????????ⲿ??֤???û??????˿?????
  <varname>$_SERVER['REMOTE_USER']</varname> ??????
 </simpara>

 <note>
  <title>????˵??</title>
  <para>
   PHP ???Ƿ??? <literal>AuthType</literal> ָ?????ж??ⲿ??֤?????Ƿ???Ч??
  </para>
 </note>

 <simpara>
  ע?⣬????Ȼ???ܷ?ֹ????ͨ??δ??֤?? URL ????ͬһ??????????֤?? URL ??͵ȡ???롣
 </simpara>
 <simpara>
  Netscape Navigator ?? Internet Explorer ?????????????յ? 401
  ?ķ????˷?????Ϣʱ???????еı????????????????? Windows
  ??֤???档???ܹ???Ч??ע??һ???û???????ʹ???????????????ǵ??û????????롣??Щ???????ַ?????ʹ??¼״̬?????ڡ?????????Ϊ??ע??????ť????Ӧ??Ϊ??
 </simpara>
 <para>
  <example>
    <title>ǿ???????????û??????????? HTTP ??֤?ķ???</title>
    <programlisting role="php">
<![CDATA[
<?php
  function authenticate() {
    header('WWW-Authenticate: Basic realm="Test Authentication System"');
    header('HTTP/1.0 401 Unauthorized');
    echo "You must enter a valid login ID and password to access this resource\n";
    exit;
  }

  if (!isset($_SERVER['PHP_AUTH_USER']) ||
      ($_POST['SeenBefore'] == 1 && $_POST['OldAuth'] == $_SERVER['PHP_AUTH_USER'])) {
   authenticate();
  }
  else {
   echo "<p>Welcome: {$_SERVER['PHP_AUTH_USER']}<br />";
   echo "Old: {$_REQUEST['OldAuth']}";
   echo "<form action='{$_SERVER['PHP_SELF']}' METHOD='post'>\n";
   echo "<input type='hidden' name='SeenBefore' value='1' />\n";
   echo "<input type='hidden' name='OldAuth' value='{$_SERVER['PHP_AUTH_USER']}' />\n";
   echo "<input type='submit' value='Re Authenticate' />\n";
   echo "</form></p>\n";
  }



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-19 14:08 UTC] yannick@php.net
-Summary: The Content and the sample were mixed
+Summary: [ZH] The Content and the sample were mixed
 [2010-10-23 12:58 UTC] kalle@php.net
-Type: Bug +Type: Documentation Problem
 [2010-10-23 14:33 UTC] kalle@php.net
Automatic comment from SVN on behalf of kalle
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=304656
Log: Fixed bug #51011 ([ZH] The Content and the sample were mixed)
 [2010-10-23 14:33 UTC] kalle@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: kalle
 [2010-10-23 14:33 UTC] kalle@php.net
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.


 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Jul 11 17:01:27 2020 UTC