<?php
$realm="MyRealm";
//如果沒(méi)有驗(yàn)證信息，則發(fā)送報(bào)頭要求瀏覽器使用摘要式身份驗(yàn)證
if(!isset($_SERVER['PHP_AUTH_DIGEST'])){
 header("WWW-Authenticate:Digest Realm=/"$realm/",nonce=/"".uniqid()."/",algorithm=MD5,qop=/"auth/"");
 header("HTTP/1.0 401 Unauthorization Required");
 echo "賬號(hào)/密碼錯(cuò)誤！";
 exit;
}else{
 //使用函數(shù)http_digest_parse解析驗(yàn)證信息
 $data=http_digest_parse($_SERVER["PHP_AUTH_DIGEST"]);
 if(!$data){
  header("HTTP/1.0 401 Unauthorization Required");
  echo "賬號(hào)/密碼錯(cuò)誤！";
  exit;
  }else{
   //根據(jù)HTTP協(xié)議，自己構(gòu)建一個(gè)response值
   $A1=md5('admin:'.$realm.':password');
   $A2=md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
   $valid_response=
   md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);}
   //將自己構(gòu)建的response值與瀏覽器構(gòu)建并發(fā)送過(guò)來(lái)的response值對(duì)比，如果相同那么就證明用戶名和密碼輸入是正確的
   if($data['response']==$valid_response){
    echo "驗(yàn)證通過(guò)！";
   }else{
    header("HTTP/1.0 401 Unauthorization Required");
    echo("賬號(hào)/密碼錯(cuò)誤！");
    exit;
   }
  }
function http_digest_parse($digest_str){
 $needed_parts=array('nonce'=>1,'nc'=>1,'cnonce'=>1,'qop'=>1,'username'=>1,'uri'=>1,'response'=>1);
 //使用正則表達(dá)式解析Authorization報(bào)頭的內(nèi)容
 preg_match_all('@(/w+)=([/'"]?)([a-zA-Z0-9=.//_-]+)/2@',$digest_str,$result,PREG_SET_ORDER);
 //將結(jié)果填充$data數(shù)組，并返回
 $data=array();
 foreach($result as $m){
  $data[$m[1]]=$m[3];
  unset($needed_parts[$m[1]]);
 }
 return $needed_parts?false:$data;
}
?>