includes/auth.php

   1 <?php
   2 global $yourls_user_passwords;
   3 $realm = "*** YOURLS: Your Own URL Shortener ***";
   4 $users = $yourls_user_passwords;
   5
   6 // PHP as CGI fix
   7 // split the user/pass parts
   8 list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
   9
  10 // Normal server: $_SERVER['PHP_AUTH_DIGEST']
  11 // PHP as CGI: $_SERVER['REDIRECT_REMOTE_USER']
  12 $token = isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : $_SERVER['REDIRECT_REMOTE_USER'] ;
  13
  14 // No auth data
  15 if (empty($token)) {
  16         yourls_auth_headers($realm);
  17 }
  18
  19 if (!($data = yourls_http_digest_parse($token)) || !isset($users[$data['username']])) {
  20         die('Oops. Invalid request.');
  21 }
  22
  23 $A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
  24 $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
  25 $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
  26
  27 // Incorrect auth data: try again
  28 if ($data['response'] != $valid_response) {
  29         yourls_auth_headers($realm);
  30 }