Hi,
I'm trying to edit a php application that generates postscript files
from html pages pages, html2ps/pdf (http://www.tufat.com/
script19.htm), to automatically authenticate with an apache server
using digest authentication. Conceptually, while any visiting client
can interact with the application, the page requests that the
application itself makes appear to the web server to be originating
from the application, and not from the client's browser. Thus, as far
as I can tell, it becomes necessary for the application to be able to
complete the authentication process entirely autonomously, creating a
'digest authentication session' (as I'll call it) that the end user
does not necessarily even need to have access to.
I've reviewed the digest authentication example provided on the PHP
Manual page titled, 'HTTP authentication with PHP' (http://us.php.net/
features.http-auth), and can certainly see how to build the necessary
reply headers once the web server has accepted a username and
password. However, the following things confuse me:
1. I'm not sure how to automatically provide the response to the
server's initial 'HTTP/1.0 401 Unauthorized' response. With basic
authentication this can easily be skipped by forming a request in the
format: user:password@xxxxxxxxxxxxxxx, but this obviously doesn't
work with digest authentication.
2. I'm not sure how the php application itself creates or maintains
its own session.
3. Logically, the $_SERVER['PHP_AUTH_DIGEST'] variable then could not
even contain the correct username, nonce, etc., because this would
only be able to reflect the 'session' data of the end client, and not
the data of the 'session' created by the application itself.
If anyone can even provide some theory, I could likely produce the
necessary code, though any sample code, or pointers to such samples,
would be greatly appreciated! So far, my searches have met with
little success.
Thanks,
Steven Stromer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
