simplephpauth

by Martin Monperrus

simplephpauth is a PHP script that provides an advanced HTTP Digest authentication feature.
This script is much more secure than the ones described in http://de.php.net/features.http-auth and http://www.peej.co.uk/projects/phphttpdigest.html because:
1. We never trust the nonce value presented by the user (you can not reuse credentials)
2. The nonce value is changed every minute
4. Passwords are not allowed to be stored transparently

The basic usage is to include simplephpauth.php in your PHP script:
include("simplephpauth.php")

To use it with a htdigest file, create a file simplephpauth.local.php containing:
<?
define('FN_PASSWORD','getPasswordFromFile');
define('PASSWORDS','/home/pass/htdigest');
define('REALM','foo.li');
?>
Warning: if PHP runs in CGI mode, you may use mod_rewrite:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^.+$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Download

Download the source code of simplephpauth

cf.: http://en.wikipedia.org/wiki/Digest_access_authentication

Tagged as: