Skip to content

Instantly share code, notes, and snippets.

@mheadd
Created November 15, 2010 20:55
Show Gist options
  • Save mheadd/700939 to your computer and use it in GitHub Desktop.
Save mheadd/700939 to your computer and use it in GitHub Desktop.
<?php
// The URL where the test-auth.php script resides.
define("POST_DATA_TO_URL", "http://someurl/my-script.php");
// Function to send value to my-script.php script via cURL with digest authentication.
function submitValue($myValue) {
$ch = curl_init(POST_DATA_TO_URL);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_USERPWD, "admin:mypass");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "myValue=$myValue");
$output = curl_exec($ch);
if (curl_getinfo($ch, CURLINFO_HTTP_CODE) != '200') {
return null;
}
return $output;
}
answer(30);
say("Hello, welcome to my sample application.", array("bargein" => false));
// Prompt the caller for the extension they want to call.
$event = ask("Please enter a 5 digit zip code.", array("choices" => "[5 DIGITS]", "choiceMode" => "dtmf", "repeat" => "3", "timeout" => "5"));
if($event->name == 'choice') {
_log("*** User entered ".$event->value." ***");
$result = submitValue($event->value);
if($result == "SUCCESS") {
say("Thank you. Goodbye", array("bargein" => false));
hangup();
}
else {
_log("*** $result ***");
say("Sorry, there was a problem. Goodbye", array("bargein" => false));
hangup();
}
}
?>
<?php
/*
* Simple Digest Authentication script for accepting HTTP POSTs from Tropo.
* Modified from example in PHP Manual - http://php.net/manual/en/features.http-auth.php
*/
// Function to parse the http auth header.
function http_digest_parse($txt) {
// protect against missing data
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
$data = array();
$keys = implode('|', array_keys($needed_parts));
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
return $needed_parts ? false : $data;
}
define("REALM", "My Restricted area");
// A simple aray to hold usernames and passwords.
$users = array('admin' => 'mypass', 'guest' => 'guest');
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.uniqid().'",opaque="'.md5(REALM).'"');
die('Not authorized!');
}
// Analyze the PHP_AUTH_DIGEST variable.
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']]))
die('Wrong Credentials!');
// generate the valid response
$A1 = md5($data['username'] . ':'.REALM.':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
// If the wrong credentials are given, respond with a 403.
if ($data['response'] != $valid_response) {
header('HTTP/1.1 403 Forbidden');
die('Wrong Credentials!');
}
// Otherwise, sanitize the submitted value and insert into a MySQL database.
else {
try {
$conn = mysql_connect('host', 'username', 'password');
$myValue = mysql_real_escape_string($_POST['myValue'], $conn);
mysql_select_db('my-database', $conn);
if(mysql_query("INSERT INTO my-table values ($myValue)", $conn)) {
header('HTTP/1.1 200 OK');
echo "SUCCESS";
}
else {
throw new Exception(mysql_error());
}
}
catch (Exception $ex) {
header('HTTP/1.1 500 Internal Server Error');
echo "FAILURE: ".$ex->getMessage();
}
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment