= 5.1.0 required by date functions error_reporting(0); ini_set('error_reporting', 0); ini_set('display_startup_errors','0'); //display_startup_errors(0); #TEST $_SESSION['DEBUG'] = 3;// TODO: TEST if (!isset($_SESSION['DEBUG'])) $_SESSION['DEBUG'] = 0;// set default value if (file_exists(APP_PATH_ROOT . "/config/.config_{$_SERVER['SERVER_NAME']}.php")) { require APP_PATH_ROOT . "/config/.config_{$_SERVER['SERVER_NAME']}.php"; } if (file_exists(APP_PATH_ROOT . "/.config.php")) include APP_PATH_ROOT . "/.config.php"; require_once APP_PATH_ROOT . "/superedit-SEF.php"; require_once APP_PATH_LIB . '/' . 'Lib.php'; Lib::loadClass('V'); Lib::loadClass('DB'); Lib::loadClass('User'); Lib::loadClass('SE_Layout'); Lib::loadClass('S'); if (User::logged() && V::get('testDigest', '', $_GET) == 1) { $realm = "Browse access /Library/Server/Web/Data/Sites/Default/PLIKI"; if (empty($_SERVER['PHP_AUTH_DIGEST'])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); die('Text to send if user hits Cancel button'); } // analyze the PHP_AUTH_DIGEST variable if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']])) { die('Wrong Credentials!'); } // generate the valid response $A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); if ($data['response'] != $valid_response) { die('Wrong Credentials!'); } // ok, valid username & password echo 'You are logged in as: ' . $data['username']; // function to parse the http auth header function http_digest_parse($txt){ // protect against missing data $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); $data = array(); $keys = implode('|', array_keys($needed_parts)); preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); foreach ($matches as $m) { $data[$m[1]] = $m[3] ? $m[3] : $m[4]; unset($needed_parts[$m[1]]); } return $needed_parts ? false : $data; } die('Digest Login Test'); } if (User::logged() && V::get('ajaxDigest', '', $_GET) == 1) { //header('Access-Control-Allow-Origin: *'); SE_Layout::gora(); Lib::loadClass('Crypt'); ?> SRV (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($_SERVER);echo''; exit; } if (User::logged()) { Lib::loadClass('Crypt'); $login = User::getLogin(); $pass = Crypt::decrypt($_SESSION['ADM_PASS_HASH']); $ch = curl_init(); // set url curl_setopt($ch, CURLOPT_URL, "http://{$_SERVER['SERVER_NAME']}/PLIKI/"); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST); curl_setopt($ch, CURLOPT_USERPWD, "{$login}:{$pass}"); // first authentication with a head request curl_setopt($ch, CURLINFO_HEADER_OUT, 1); curl_setopt($ch, CURLOPT_NOBODY, 1); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $output = curl_exec($ch); echo'
curl output 1 (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($output);echo'
'; $info = curl_getinfo($ch); echo'
curl info 1 (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($info);echo'
'; // the get the real output curl_setopt($ch, CURLINFO_HEADER_OUT, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, 1); curl_setopt($ch, CURLOPT_HTTPGET, 1); $output = curl_exec($ch); echo'
curl output 2 (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($output);echo'
'; $info = curl_getinfo($ch); echo'
curl info 2 (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($info);echo'
'; echo'
curl (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($ch);echo'
'; curl_close($ch); // login by browser result in: // $_SERVER[PHP_AUTH_DIGEST] => username="plabudda", realm="Browse access /Library/Server/Web/Data/Sites/Default/PLIKI", nonce="03d338604c5e373eb15912fa3a9e75341381747501704512", uri="/SE/se-dev-pl/t.php", response="219a9c728b9f97317041c6f2cec672d5" // curl $info['request_header'] // Authorization: Digest username="plabudda", realm="Browse access /Library/Server/Web/Data/Sites/Default/PLIKI", nonce="ab0433e0ddfd7c8875351f60ab0bfadf1381747561090631", uri="/PLIKI/", response="90758c48f0420635a45053902af41ab5" $info['request_header'] = explode("\n", $info['request_header']); foreach ($info['request_header'] as $vHeader) { if (substr($vHeader, 0, 22) == 'Authorization: Digest ') { $_SERVER['PHP_AUTH_DIGEST'] = substr($vHeader, 22); } } echo'
$_SERVER[PHP_AUTH_DIGEST] (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($_SERVER['PHP_AUTH_DIGEST']);echo'
'; } else { echo '

Log in to test digest

'; } echo'
db (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($SQL_DATABASE);echo'
'; $tbls = array(); $db = DB::getDB(); $sql = "show tables;"; $res = $db->query($sql); while ($r = $db->fetch($res)) { $tbls[] = $r; } echo'
tbls (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($tbls);echo'
'; ?>