HTTP Digest Authentication data sent to your app through request headers is accessible through the $_ENV['HTTP_AUTHORIZATION'] variable in PHP.
You can parse the $_ENV['HTTP_AUTHORIZATION'] variable within your PHP scripts to get the submitted Auth Digest values.
For example, the following script:
<?php
$digest_values = http_digest_parse($_ENV['HTTP_AUTHORIZATION']);
var_dump($digest_values);
// Function to parse the http auth header.
// From http://www.php.net/manual/en/features.http-auth.php
function http_digest_parse($txt)
{
// protect against missing data
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
$data = array();
$keys = implode('|', array_keys($needed_parts));
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
return $needed_parts ? false : $data;
}
?>
will output:
array(7) {
["username"]=>
string(3) "foo"
["nonce"]=>
string(34) "dcd98b7102dd2f0e8b11d0f600bfb0c093"
["uri"]=>
string(11) "/digest.php"
["qop"]=>
string(4) "auth"
["nc"]=>
string(8) "00000001"
["cnonce"]=>
string(8) "0a4f113b"
["response"]=>
string(32) "6629fae49393a05397450978507c4ef1"
}
For a complete example of performing digest authorization in PHP, see www.php.net/manual/en/features.http-auth.php.
Alert: For Control Panel Help & Tutorials, click here: Panel Tutorials
