I should read RFC 2831 more carefully: DIGEST-MD5 with authzid needs one more tweak.

author avel <avel@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Wed, 1 Nov 2006 15:24:54 +0000 (15:24 +0000)

committer avel <avel@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Wed, 1 Nov 2006 15:24:54 +0000 (15:24 +0000)
author avel <avel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 1 Nov 2006 15:24:54 +0000 (15:24 +0000)
committer avel <avel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 1 Nov 2006 15:24:54 +0000 (15:24 +0000)
diff --git a/functions/auth.php b/functions/auth.php

index 4fcc53f93f4fffba048f0e2d2db47c12b50aec70..49a0b1f1edf4c00ec6b72021fb28456d34d0c408 100644 (file)
--- a/functions/auth.php
+++ b/functions/auth.php
@@ -152,6 +152,9 @@ function digest_md5_response ($username,$password,$challenge,$service,$host,$aut
      $string_a1 .= utf8_encode($password);
      $string_a1 = hmac_md5($string_a1);
      $A1 = $string_a1 . ":" . $result['nonce'] . ":" . $cnonce;
+    if(!empty($authz)) {
+        $A1 .= ":" . utf8_encode($authz);
+    }
      $A1 = bin2hex(hmac_md5($A1));
      $A2 = "AUTHENTICATE:$digest_uri_value";
      // If qop is auth-int or auth-conf, A2 gets a little extra
author	avel <avel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Wed, 1 Nov 2006 15:24:54 +0000 (15:24 +0000)
committer	avel <avel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Wed, 1 Nov 2006 15:24:54 +0000 (15:24 +0000)