Php .NET Passport
Ever tried to create a client area in PHP using .NET passport as your authentication
method?
Personally I don't believe in .NET passports, a script like this can easily be used to capture passwords.
Here's a little example of how to get it running, it uses the CURL library to send
requests.
function setRequest($url,$headers)
{
if (function_exists('curl_init'))
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_FAILONERROR, TRUE);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_VERBOSE, FALSE);
curl_setopt($curl, CURLOPT_HEADER,TRUE);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
$data = curl_exec($curl);
curl_close($curl);
return $data;
}
else die('Error: <a href="http://curl.haxx.se/">CURL Library</a> Not found!');
}
function Authentication($username, $password)
{
$arr[] = "GET /rdr/pprdr.asp HTTP/1.0\\r\\n\\r\\n";
$data = setRequest ("https://nexus.passport.com:443/rdr/pprdr.asp",$arr);
if ($data)
{
preg_match("/DALogin=(.+?),/",$data,$matches);
$split = explode("/",$matches[1]);
$headers = array("GET /$split[1] HTTP/1.1\\r\\n",
"Authorization: Passport1.4 OrgVerb=GET,OrgURL=http://messenger.msn.com,sign-in=$username,pwd=$password");
$data = setRequest("https://" . $split[0] . ":443/". $split[1], $headers);
return ($data) ? TRUE : FALSE;
}
else
{
return FALSE;
}
}
Now to use it is quite simple (example below), I am planning to create a few example login systems once I get time.
if (Authentication("username@hotmail.com","password"))
{
print "Authentication Success";
}
else
{
print "Authentication Failed";
}
Posted by - Christoff Truter
Date - 2007-01-12 12:00:00
Comments
Post comment