[nycphp-talk] Re: Digest Authentication w/ Login Form
Michael B Allen
ioplex at gmail.com
Thu Sep 27 21:22:05 EDT 2007
On 9/27/07, Michael B Allen <ioplex at gmail.com> wrote:
> Is it possible to do digest authentication from a login form?
Of course I just figured out how to do this in record time. I also
just realized that, for reasons not worth going into I can't use this.
But for posterity here's the solution:
A BSD implementation of both MD5 and Bas64 is here:
http://ecmanaut.googlecode.com/svn/trunk/lib/md5.js
Here's the client side:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<script type="text/javascript" src="<?php echo $this->baseUrl;
?>/scripts/md5.js"></script>
<script type="text/javascript">
function digest() {
realm = document.f.realm.value;
username = document.f.username.value;
password = document.f.password.value;
text = realm + ":" + username + ":";
hash = MD5.base64(text + password);
document.f.password.value = MD5.base64(text + hash);
}
</script>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form name="f" action="<?php echo $this->baseUrl; ?>/login/login" method="POST">
<table border="1">
<tr><td>Username:</td><td>
<input type="hidden" name="realm" value="<?php echo
$this->escape($this->realm); ?>"/>
<input type="text" name="username" value="<?php echo
$this->escape($this->username); ?>"/>
</td></tr>
<tr><td>Password:</td><td><input type="password" name="password"/></td></tr>
<tr><td></td><td><input type="submit" value="Login"
onClick="digest()"/></td></tr>
</table>
</form>
</body>
</html>
I haven't actually tried to validate the resulting hash but I'm pretty
confident it will work.
Mike
More information about the talk
mailing list