[nycphp-talk] Re: Digest Authentication w/ Login Form

Michael B Allen ioplex at
Thu Sep 27 21:22:05 EDT 2007

On 9/27/07, Michael B Allen <ioplex at> wrote:
> Is it possible to do digest authentication from a login form?

Of course I just figured out how to do this in record time. I also
just realized that, for reasons not worth going into I can't use this.
But for posterity here's the solution:

A BSD implementation of both MD5 and Bas64 is here:

Here's the client side:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<script type="text/javascript" src="<?php echo $this->baseUrl;
<script type="text/javascript">
function digest() {
    realm = document.f.realm.value;
    username = document.f.username.value;
    password = document.f.password.value;
    text = realm + ":" + username + ":";
    hash = MD5.base64(text + password);
    document.f.password.value = MD5.base64(text + hash);
<form name="f" action="<?php echo $this->baseUrl; ?>/login/login" method="POST">
<table border="1">
    <input type="hidden" name="realm" value="<?php echo
$this->escape($this->realm); ?>"/>
    <input type="text" name="username" value="<?php echo
$this->escape($this->username); ?>"/>
<tr><td>Password:</td><td><input type="password" name="password"/></td></tr>
<tr><td></td><td><input type="submit" value="Login"

I haven't actually tried to validate the resulting hash but I'm pretty
confident it will work.


More information about the talk mailing list