[英]Get cUrl to preemptively send Authorization header for DIGEST authentication in PHP
[英]PHP CURL GET/POST Digest authentication
我正在使用 curl 方法從 REST API 獲取數據。 API 需要摘要驗證。 我已經完成了摘要身份驗證,但不適用於 post 方法。 對於 GET 方法工作正常。
$username = 'username';
$password = 'password';
$method = 'GET';
// $method = 'POST';
// FOR POST METHOD. API REQUIRE THIS FORMAT
// $fields = array('APIRquestData' => '{"name":"value","name1":["v4","v5"]}');
$url = "http://apiurl/getmethodname";
// $url = "http://apiurl/postmethodname";
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch,CURLOPT_TIMEOUT, 30);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT, 30);
if($method == 'POST')
{
$fieldsData = http_build_query($fields);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fieldsData);
}
curl_setopt($ch, CURLOPT_HEADER, 1)
$first_response = curl_exec($ch);
$info = curl_getinfo($ch);
preg_match('/WWW-Authenticate: Digest (.*)/', $first_response, $matches);
if(!empty($matches))
{
$auth_header = $matches[1];
$auth_header_array = explode(',', $auth_header);
$parsed = array();
foreach ($auth_header_array as $pair)
{
$vals = explode('=', $pair);
$parsed[trim($vals[0])] = trim($vals[1], '" ');
}
$response_realm = (isset($parsed['realm'])) ? $parsed['realm'] : "";
$response_nonce = (isset($parsed['nonce'])) ? $parsed['nonce'] : "";
$response_opaque = (isset($parsed['opaque'])) ? $parsed['opaque'] : "";
$authenticate1 = md5($username.":".$response_realm.":".$password);
$authenticate2 = md5($method.":".$url);
$authenticate_response = md5($authenticate1.":".$response_nonce.":".$authenticate2);
$request = sprintf('Authorization: Digest username="%s", realm="%s", nonce="%s", opaque="%s", uri="%s", response="%s"',
$username, $response_realm, $response_nonce, $response_opaque, $url, $authenticate_response);
$request_header = array($request);
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch,CURLOPT_TIMEOUT, 30);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT, 30);
if($method == 'POST')
{
$fieldsData = http_build_query($fields);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fieldsData);
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $request_header);
$result['response'] = curl_exec($ch);
$result['info'] = curl_getinfo ($ch);
$result['info']['errno'] = curl_errno($ch);
$result['info']['errmsg'] = curl_error($ch);
}
/*
I am getting this as response
Array
(
[response] =>
HTTP Status 404 -
type Status report
message
description The requested resource () is not available.
[info] => Array
(
[url] => http://apiurl/postmethodname
[content_type] => text/html;charset=ISO-8859-1
[http_code] => 404
[header_size] => 361
[request_size] => 551
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.109
[namelookup_time] => 0
[connect_time] => 0.063
[pretransfer_time] => 0.063
[size_upload] => 114
[size_download] => 956
[speed_download] => 8770
[speed_upload] => 1045
[download_content_length] => 956
[upload_content_length] => 114
[starttransfer_time] => 0.109
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => XXX.X.XX.XX
[certinfo] => Array
(
)
[primary_port] => 80
[local_ip] => XX.XX.XX.XXX
[local_port] => 58850
[errno] => 0
[errmsg] =>
)
)
*/
響應說,404 表示未找到 URL。 但是網址是正確的。
卷曲信息 7.40.0
提前致謝。
使用get_headers($url)
代替第一次卷曲。
在標題中添加 Content-Type:application/json。
添加$request_header[] = 'Content-Type:application/json';
$request_header = array($request)
之后的這一行。
謝謝@Sufi,POST 請求的工作代碼(以防其他人需要這個):
<?php
$username = 'username';
$password = 'password';
$url = "your url";
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch,CURLOPT_TIMEOUT, 30);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch,CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_HEADER, 1);
$first_response = curl_exec($ch);
$info = curl_getinfo($ch);
preg_match('/WWW-Authenticate: Digest (.*)/', $first_response, $matches);
if(!empty($matches))
{
$auth_header = $matches[1];
$auth_header_array = explode(',', $auth_header);
$parsed = array();
foreach ($auth_header_array as $pair)
{
$vals = explode('=', $pair);
$parsed[trim($vals[0])] = trim($vals[1], '" ');
}
$response_realm = (isset($parsed['realm'])) ? $parsed['realm'] : "";
$response_nonce = (isset($parsed['nonce'])) ? $parsed['nonce'] : "";
$response_opaque = (isset($parsed['opaque'])) ? $parsed['opaque'] : "";
$authenticate1 = md5($username.":".$response_realm.":".$password);
$authenticate2 = md5("POST:".$url);
$authenticate_response = md5($authenticate1.":".$response_nonce.":".$authenticate2);
$request = sprintf('Authorization: Digest username="%s", realm="%s", nonce="%s", opaque="%s", uri="%s", response="%s"',
$username, $response_realm, $response_nonce, $response_opaque, $url, $authenticate_response);
$request_header = array($request);
$request_header[] = 'Content-Type:application/json';
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch,CURLOPT_TIMEOUT, 30);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch,CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_HTTPHEADER, $request_header);
$result['response'] = curl_exec($ch);
$result['info'] = curl_getinfo ($ch);
$result['info']['errno'] = curl_errno($ch);
$result['info']['errmsg'] = curl_error($ch);
var_dump($result);
}
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.