NYCPHP Meetup

NYPHP.org

[nycphp-talk] Re: Digest Authentication w/ Login Form

Michael B Allen ioplex at gmail.com
Thu Sep 27 21:22:05 EDT 2007


On 9/27/07, Michael B Allen <ioplex at gmail.com> wrote:
> Is it possible to do digest authentication from a login form?

Of course I just figured out how to do this in record time. I also
just realized that, for reasons not worth going into I can't use this.
But for posterity here's the solution:

A BSD implementation of both MD5 and Bas64 is here:

  http://ecmanaut.googlecode.com/svn/trunk/lib/md5.js

Here's the client side:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<script type="text/javascript" src="<?php echo $this->baseUrl;
?>/scripts/md5.js"></script>
<script type="text/javascript">
function digest() {
    realm = document.f.realm.value;
    username = document.f.username.value;
    password = document.f.password.value;
    text = realm + ":" + username + ":";
    hash = MD5.base64(text + password);
    document.f.password.value = MD5.base64(text + hash);
}
</script>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form name="f" action="<?php echo $this->baseUrl; ?>/login/login" method="POST">
<table border="1">
<tr><td>Username:</td><td>
    <input type="hidden" name="realm" value="<?php echo
$this->escape($this->realm); ?>"/>
    <input type="text" name="username" value="<?php echo
$this->escape($this->username); ?>"/>
</td></tr>
<tr><td>Password:</td><td><input type="password" name="password"/></td></tr>
<tr><td></td><td><input type="submit" value="Login"
onClick="digest()"/></td></tr>
</table>
</form>
</body>
</html>

I haven't actually tried to validate the resulting hash but I'm pretty
confident it will work.

Mike



More information about the talk mailing list