Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
git-svn-id: http://svn.php.net/repository/pear/pearweb/trunk@238180 c90b9560-bf6c-de11-be94-00142212c4b1
- Loading branch information
Greg Beaver
committed
Jun 21, 2007
1 parent
7629192
commit 7a843ca
Showing
2 changed files
with
78 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
<?php | ||
/** | ||
* Simple REST-based server for remote authentication | ||
* | ||
* To access, first browse to rest-login.php/getsalt and retrieve a salt plus the | ||
* session idea from the HTTP response headers. Then, use the salt to create | ||
* a new hash of the hashed password and send a POST request to rest-login.php/validate | ||
* and the response will be returned in plain text. If the first character returned | ||
* is "8" then the login succeeded. 1-6 are internal errors, 0 and 7 are invalid logins. | ||
* | ||
* Here is some sample code for a client to access this server: | ||
* | ||
* <code> | ||
* <?php | ||
* $user = 'username'; | ||
* $password = 'password'; | ||
* | ||
* $salt = file_get_contents('http://pear.php.net/rest-login.php/getsalt'); | ||
* $cookies = array_values(preg_grep('/Set-Cookie:/', $http_response_header)); | ||
* preg_match('/PHPSESSID=(.+); /', $cookies[0], $session); | ||
* $pass = md5($salt . md5($password)); | ||
* $opts = array('http' => array( | ||
* 'method' => 'POST', | ||
* 'header' => 'Cookie: PHPSESSID=' . $session[1] . ';', | ||
* 'content' => http_build_query(array('username' => $user, 'password' => $pass)) | ||
* )); | ||
* $context = stream_context_create($opts); | ||
* var_dump(file_get_contents('http://pear.php.net/rest-login.php/validate', false, $context)); | ||
* ?> | ||
* </code> | ||
* @author Gregory Beaver <cellog@php.net> | ||
* @version $Id$ | ||
* @package pearweb | ||
*/ | ||
session_start(); | ||
header('Content-type: text/plain'); | ||
if (!isset($_SERVER['PATH_INFO']) || empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/') { | ||
die('1 Invalid Remote Login'); | ||
} | ||
|
||
$db = new mysqli('localhost', 'pear', 'pear', 'pear'); | ||
|
||
$info = explode('/', $_SERVER['PATH_INFO']); | ||
switch ($info[1]) { | ||
case 'getsalt' : | ||
$salt = sha1(md5(mt_rand(1, 10000) . time())); | ||
$_SESSION['salt'] = $salt; | ||
die($salt); | ||
break; | ||
case 'validate' : | ||
if (!isset($_SESSION['salt'])) { | ||
die('0 Unknown session'); | ||
} | ||
$salt = $_SESSION['salt']; | ||
if (!isset($_POST['username']) || !isset($_POST['password'])) { | ||
die('2 Invalid Remote Login'); | ||
} | ||
$s = $db->prepare('SELECT password from users WHERE handle = ?'); | ||
if (!$s) { | ||
die('3 Database Error'); | ||
} | ||
$s->bind_param('s', $_POST['username']); | ||
if (!$s->execute()) { | ||
die('4 Database Error'); | ||
} | ||
if (!$s->bind_result($pass)) { | ||
die('5 Database Error'); | ||
} | ||
if (!$s->fetch()) { | ||
die('6 Database Error'); | ||
} | ||
if (md5($salt . $pass) != $_POST['password']) { | ||
die('7 Invalid Username or Password'); | ||
} | ||
die('8 Login OK'); | ||
break; | ||
} |