Class Sabre_HTTP_DigestAuth

Description
Description | Vars (details) | Methods (details) Constants (details)

HTTP Digest Authentication handler

Use this class for easy http digest authentication. Instructions:

  1. Create the object
  2. Call the setRealm() method with the realm you plan to use
  3. Call the init method function.
  4. Call the getUserName() function. This function may return false if no authentication information was supplied. Based on the username you should check your internal database for either the associated password, or the so-called A1 hash of the digest.
  5. Call either validatePassword() or validateA1(). This will return true or false.
  6. To make sure an authentication prompt is displayed, call the requireLogin() method.

  • author: Evert Pot (http://www.rooftopsolutions.nl/)
  • copyright: Copyright (C) 2010 Rooftop Solutions. All rights reserved.
  • license: Modified BSD License

Located in /sources_custom/Sabre/HTTP/DigestAuth.php (line 28) 

Sabre_HTTP_AbstractAuth
   |
   --Sabre_HTTP_DigestAuth
Class Constant Summary
Description | Constants (details) Vars (details) | | Methods (details)
QOP_AUTH = 1
QOP_AUTHINT = 2
Variable Summary
Description | Vars (details) | Methods (details) Constants (details)
mixed $A1
mixed $digestParts
mixed $nonce
mixed $opaque
mixed $qop
Method Summary
Description | Constants (details) Vars (details) | Methods (details)
Sabre_HTTP_DigestAuth __construct ()
mixed getDigest ()
string getUsername ()
void init ()
mixed parseDigest (string $digest)
void requireLogin ()
void setQOP (int $qop)
bool validate ()
bool validateA1 (string $A1)
bool validatePassword (string $password)
Variables
Description | Vars (details) Constants (details) | Methods (details)
mixed $A1 (line 39)
  • access: protected
mixed $digestParts (line 38)
  • access: protected
mixed $nonce (line 36)
  • access: protected
mixed $opaque (line 37)
  • access: protected
mixed $qop = self::QOP_AUTH (line 40)
  • access: protected

Inherited Variables

Inherited from Sabre_HTTP_AbstractAuth

Sabre_HTTP_AbstractAuth::$httpRequest
 Sabre_HTTP_AbstractAuth::$httpResponse
 Sabre_HTTP_AbstractAuth::$realm
Methods
Description | Vars (details) Constants (details) Methods (details)
Constructor __construct (line 45)

Initializes the object

  • access: public
Sabre_HTTP_DigestAuth __construct ()
Redefinition of:
Sabre_HTTP_AbstractAuth::__construct()
__construct
getDigest (line 191)

This method returns the full digest string.

It should be compatibile with mod_php format and other webservers.

If the header could not be found, null will be returned

  • access: public
mixed getDigest ()
getUsername (line 123)

Returns the username for the request

  • access: public
string getUsername ()
init (line 60)

Gathers all information from the headers

This method needs to be called prior to anything else.

  • access: public
void init ()
parseDigest (line 217)

Parses the different pieces of the digest string into an array.

This method returns false if an incomplete digest was supplied

  • access: protected
mixed parseDigest (string $digest)
  • string $digest
requireLogin (line 167)

Returns an HTTP 401 header, forcing login

This should be called when username and password are incorrect, or not supplied at all

  • access: public
void requireLogin ()
Redefinition of:
Sabre_HTTP_AbstractAuth::requireLogin()
Returns an HTTP 401 header, forcing login
setQOP (line 83)

Sets the quality of protection value.

Possible values are: Sabre_HTTP_DigestAuth::QOP_AUTH Sabre_HTTP_DigestAuth::QOP_AUTHINT

Multiple values can be specified using logical OR.

QOP_AUTHINT ensures integrity of the request body, but this is not supported by most HTTP clients. QOP_AUTHINT also requires the entire request body to be md5'ed, which can put strains on CPU and memory.

  • access: public
void setQOP (int $qop)
  • int $qop
validate (line 134)

Validates the digest challenge

  • access: protected
bool validate ()
validateA1 (line 97)

Validates the user.

The A1 parameter should be md5($username . ':' . $realm . ':' . $password);

  • access: public
bool validateA1 (string $A1)
  • string $A1
validatePassword (line 111)

Validates authentication through a password. The actual password must be provided here.

It is strongly recommended not store the password in plain-text and use validateA1 instead.

  • access: public
bool validatePassword (string $password)
  • string $password

Inherited Methods

Inherited From Sabre_HTTP_AbstractAuth

Sabre_HTTP_AbstractAuth::__construct()
Sabre_HTTP_AbstractAuth::getRealm()
Sabre_HTTP_AbstractAuth::requireLogin()
Sabre_HTTP_AbstractAuth::setHTTPRequest()
Sabre_HTTP_AbstractAuth::setHTTPResponse()
Sabre_HTTP_AbstractAuth::setRealm()
Class Constants
Description | Constants (details) Vars (details) | Methods (details)
QOP_AUTH = 1 (line 33)

These constants are used in setQOP();

QOP_AUTHINT = 2 (line 34)

Documentation generated on Sun, 02 Jan 2011 23:13:08 +0000 by phpDocumentor 1.4.3