摘要认证 PHP

Posted

技术标签:

【中文标题】摘要认证 PHP【英文标题】:Digest Authentication PHP 【发布时间】:2016-05-19 15:01:33 【问题描述】:

我必须向逆变器网络服务器进行身份验证,读取一个txt文件,将信息推送到另一个服务器,关闭并在1分钟后重复该操作。这是我在连续身份验证后嗅到的信息:

GET /data/sys.txt 
HTTP/1.1..
Host: 13.3.89.50..
Connection: keep-alive
Authorization: Digest username="customer", 
realm="Sunways-Webserver", 
nonce="23618", 
uri="/data/sys.txt", 
response="370c48d4879451443c156ec003739de0", 
qop=auth, 
nc=00000001, 
cnonce="f359fa6da445f39f"..
Accept: text/html,application/xhtml+xml,application/xml;
q=0.9,image/webp,*/*;q=0.8..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHT
ML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Accept-Encoding:  

我需要一个php方法来验证逆变器并做事,所以我写了这个脚本,但不起作用:

<?php
$username = 'customer';
$password = '00000000';

$method = 'GET';
$url = "http://13.3.89.50/data/sys.txt";

$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch,CURLOPT_TIMEOUT, 30);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT, 30);
if($method == 'POST')

$fieldsData = http_build_query($fields);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fieldsData);


curl_setopt($ch, CURLOPT_HEADER, 1);
$first_response = curl_exec($ch);
$info = curl_getinfo($ch);

preg_match('/WWW-Authenticate: Digest (.*)/', $first_response, $matches);

if(!empty($matches))

$auth_header = $matches[1];
$auth_header_array = explode(',', $auth_header);
$parsed = array();

 foreach ($auth_header_array as $pair)

  $vals = explode('=', $pair);
 $parsed[trim($vals[0])] = trim($vals[1], '" ');


$response_realm     = (isset($parsed['realm'])) ? $parsed['realm'] : "";
$response_nonce     = (isset($parsed['nonce'])) ? $parsed['nonce'] : "";
$response_opaque    = (isset($parsed['opaque'])) ? $parsed['opaque'] : "";

$authenticate1 = md5($username.":".$response_realm.":".$password);
$authenticate2 = md5($method.":".$url);

$authenticate_response = md5($authenticate1.":".$response_nonce.":".$authenticate2);

$request = sprintf('Authorization: Digest username="%s", realm="%s",  nonce="%s", opaque="%s", uri="%s", response="%s"',
$username, $response_realm, $response_nonce, $response_opaque, $url, $authenticate_response);

$request_header = array($request);

$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch,CURLOPT_TIMEOUT, 30);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT, 30);

if($method == 'POST')

$fieldsData = http_build_query($fields);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fieldsData);

curl_setopt($ch, CURLOPT_HTTPHEADER, $request_header);

$result['response']         = curl_exec($ch);
$result['info']             = curl_getinfo ($ch);
$result['info']['errno']    = curl_errno($ch);
$result['info']['errmsg']   = curl_error($ch);

$fp = @fopen("http://13.3.89.50/data/sys.txt", 'r');

// Delete # & filter

$fp = explode('#', $input);

$actualPower = filter_var($fp[1],FILTER_SANITIZE_NUMBER_FLOAT,FILTER_FLAG_ALLOW_FRACTION);
$dailyPower = filter_var($fp[2],FILTER_SANITIZE_NUMBER_FLOAT,FILTER_FLAG_ALLOW_FRACTION);
$totalPower = filter_var($fp[5],FILTER_SANITIZE_NUMBER_FLOAT,FILTER_FLAG_ALLOW_FRACTION);

########## PUSH DATA TO DOMOTICZ ########## */

fopen ("http://13.3.89.3:8080/json.htm?type=command&param=udevice&idx=20&nvalue=0&svalue=$actualPower;$dailyPower");
fopen ("http://13.3.89.3:8080/json.htm?type=command&param=udevice&idx=21&svalue=$totalPower");

fclose($fp);
?>

错在哪里?

【问题讨论】:

【参考方案1】:

这就像一个魅力:)

 <?php
 $login = 'customer';
 $password = '00000000';
 $url = 'http://13.3.89.50/data/sys.txt';
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL,$url);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
 curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
 $result = curl_exec($ch);
 curl_close($ch);

 $results = explode('#', $result);

 $actualPower =    filter_var($results[1],FILTER_SANITIZE_NUMBER_FLOAT,FILTER_FLAG_ALLOW_FRACTION);
 $dailyPower = filter_var($results[2],FILTER_SANITIZE_NUMBER_FLOAT,FILTER_FLAG_ALLOW_FRACTION);
 $totalPower = filter_var($results[5],FILTER_SANITIZE_NUMBER_FLOAT,FILTER_FLAG_ALLOW_FRACTION);
 $actualKPower= $actualPower * 1000;

  ########## PUSH DATA TO DOMOTICZ ########## */

 file_get_contents( "http://13.3.89.3:8080/json.htm?type=command&param=udevice&idx=20&nvalue=0&svalue=$actualKPower;$totalPower" );
 file_get_contents( "http://13.3.89.3:8080/json.htm?type=command&param=udevice&idx=21&svalue=$totalPower" );

 ?>

【讨论】:

以上是关于摘要认证 PHP的主要内容,如果未能解决你的问题,请参考以下文章

摘要认证

详解摘要认证

前端学HTTP之摘要认证

HTTP - 摘要认证

摘要认证

WebApi接口安全认证——HTTP之摘要认证