7
* This source file is subject to the new BSD license that is bundled
8
* with this package in the file LICENSE.txt.
9
* It is also available through the world-wide-web at this URL:
10
* http://framework.zend.com/license/new-bsd
11
* If you did not receive a copy of the license and are unable to
12
* obtain it through the world-wide-web, please send an email
13
* to license@zend.com so we can send you a copy immediately.
18
* @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
19
* @license http://framework.zend.com/license/new-bsd New BSD License
20
* @version $Id: Digest.php 23775 2011-03-01 17:25:24Z ralph $
25
* @see Zend_Auth_Adapter_Interface
27
require_once 'Zend/Auth/Adapter/Interface.php';
34
* @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
35
* @license http://framework.zend.com/license/new-bsd New BSD License
37
class Zend_Auth_Adapter_Digest implements Zend_Auth_Adapter_Interface
40
* Filename against which authentication queries are performed
47
* Digest authentication realm
54
* Digest authentication user
61
* Password for the user of the realm
68
* Sets adapter options
70
* @param mixed $filename
72
* @param mixed $username
73
* @param mixed $password
76
public function __construct($filename = null, $realm = null, $username = null, $password = null)
78
$options = array('filename', 'realm', 'username', 'password');
79
foreach ($options as $option) {
80
if (null !== $$option) {
81
$methodName = 'set' . ucfirst($option);
82
$this->$methodName($$option);
88
* Returns the filename option value or null if it has not yet been set
92
public function getFilename()
94
return $this->_filename;
98
* Sets the filename option value
100
* @param mixed $filename
101
* @return Zend_Auth_Adapter_Digest Provides a fluent interface
103
public function setFilename($filename)
105
$this->_filename = (string) $filename;
110
* Returns the realm option value or null if it has not yet been set
112
* @return string|null
114
public function getRealm()
116
return $this->_realm;
120
* Sets the realm option value
122
* @param mixed $realm
123
* @return Zend_Auth_Adapter_Digest Provides a fluent interface
125
public function setRealm($realm)
127
$this->_realm = (string) $realm;
132
* Returns the username option value or null if it has not yet been set
134
* @return string|null
136
public function getUsername()
138
return $this->_username;
142
* Sets the username option value
144
* @param mixed $username
145
* @return Zend_Auth_Adapter_Digest Provides a fluent interface
147
public function setUsername($username)
149
$this->_username = (string) $username;
154
* Returns the password option value or null if it has not yet been set
156
* @return string|null
158
public function getPassword()
160
return $this->_password;
164
* Sets the password option value
166
* @param mixed $password
167
* @return Zend_Auth_Adapter_Digest Provides a fluent interface
169
public function setPassword($password)
171
$this->_password = (string) $password;
176
* Defined by Zend_Auth_Adapter_Interface
178
* @throws Zend_Auth_Adapter_Exception
179
* @return Zend_Auth_Result
181
public function authenticate()
183
$optionsRequired = array('filename', 'realm', 'username', 'password');
184
foreach ($optionsRequired as $optionRequired) {
185
if (null === $this->{"_$optionRequired"}) {
187
* @see Zend_Auth_Adapter_Exception
189
require_once 'Zend/Auth/Adapter/Exception.php';
190
throw new Zend_Auth_Adapter_Exception("Option '$optionRequired' must be set before authentication");
194
if (false === ($fileHandle = @fopen($this->_filename, 'r'))) {
196
* @see Zend_Auth_Adapter_Exception
198
require_once 'Zend/Auth/Adapter/Exception.php';
199
throw new Zend_Auth_Adapter_Exception("Cannot open '$this->_filename' for reading");
202
$id = "$this->_username:$this->_realm";
203
$idLength = strlen($id);
206
'code' => Zend_Auth_Result::FAILURE,
208
'realm' => $this->_realm,
209
'username' => $this->_username,
211
'messages' => array()
214
while ($line = trim(fgets($fileHandle))) {
215
if (substr($line, 0, $idLength) === $id) {
216
if ($this->_secureStringCompare(substr($line, -32), md5("$this->_username:$this->_realm:$this->_password"))) {
217
$result['code'] = Zend_Auth_Result::SUCCESS;
219
$result['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
220
$result['messages'][] = 'Password incorrect';
222
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
226
$result['code'] = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
227
$result['messages'][] = "Username '$this->_username' and realm '$this->_realm' combination not found";
228
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
232
* Securely compare two strings for equality while avoided C level memcmp()
233
* optimisations capable of leaking timing information useful to an attacker
234
* attempting to iteratively guess the unknown string (e.g. password) being
241
protected function _secureStringCompare($a, $b)
243
if (strlen($a) !== strlen($b)) {
247
for ($i = 0; $i < strlen($a); $i++) {
248
$result |= ord($a[$i]) ^ ord($b[$i]);