-/* This function parses the challenge sent during DIGEST-MD5 authentication and
- returns an array. See the RFC for details on what's in the challenge string.
-*/
- $challenge=base64_decode($challenge);
- while (isset($challenge)) {
- if ($challenge{0} == ',') { // First char is a comma, must not be 1st time through loop
- $challenge=substr($challenge,1);
+ $challenge=base64_decode($challenge);
+ while (isset($challenge)) {
+ if ($challenge{0} == ',') { // First char is a comma, must not be 1st time through loop
+ $challenge=substr($challenge,1);
+ }
+ $key=explode('=',$challenge,2);
+ $challenge=$key[1];
+ $key=$key[0];
+ if ($challenge{0} == '"') {
+ // We're in a quoted value
+ // Drop the first quote, since we don't care about it
+ $challenge=substr($challenge,1);
+ // Now explode() to the next quote, which is the end of our value
+ $val=explode('"',$challenge,2);
+ $challenge=$val[1]; // The rest of the challenge, work on it in next iteration of loop
+ $value=explode(',',$val[0]);
+ // Now, for those quoted values that are only 1 piece..
+ if (sizeof($value) == 1) {
+ $value=$value[0]; // Convert to non-array
+ }
+ } else {
+ // We're in a "simple" value - explode to next comma
+ $val=explode(',',$challenge,2);
+ if (isset($val[1])) {
+ $challenge=$val[1];
+ } else {
+ unset($challenge);
+ }
+ $value=$val[0];
+ }
+ $parsed["$key"]=$value;
+ } // End of while loop
+ return $parsed;
+}
+
+/**
+ * Creates a HMAC digest that can be used for auth purposes
+ * See RFCs 2104, 2617, 2831
+ * Uses mhash() extension if available
+ *
+ * @param string $data Data to apply hash function to.
+ * @param string $key Optional key, which, if supplied, will be used to
+ * calculate data's HMAC.
+ * @return string HMAC Digest string
+ * @since 1.4.0
+ */
+function hmac_md5($data, $key='') {
+ if (extension_loaded('mhash')) {
+ if ($key== '') {
+ $mhash=mhash(MHASH_MD5,$data);
+ } else {
+ $mhash=mhash(MHASH_MD5,$data,$key);
+ }
+ return $mhash;