I tried to use the Http Authentication Digest Scheme with my php (apache module)

Question

0

Asked: May 14, 20262026-05-14T03:08:18+00:00 2026-05-14T03:08:18+00:00

I tried to use the Http Authentication Digest Scheme with my php (apache module)

0

I tried to use the Http Authentication Digest Scheme with my php (apache module) based website. In general it works fine, but when it comes to verification of the username / hash against my user database i run into a problem.
Of course i do not want to store the user´s password in my database, so i tend to store the A1 hashvalue (which is md5($username . ‘:’ . $realm . ‘:’ . $password)) in my db.
This is just how the browser does it too to create the hashes to send back.

The Problem:

I am not able to detect if the browser does this in ISO-8859-1 fallback (like firefox, IE) or UTF-8 (Opera) or whatever. I have chosen to do the calculation in UTF-8 and store this md5 hash. Which leads to non-authentication in Firefox and IE browsers.

How do you solve this problem?

Just do not use this auth-scheme? Or Store a md5 Hash for each charset?

Force users to Opera?

(Terms of A1 refer to the http://php.net/manual/en/features.http-auth.php example.)
(for digest access authentication read the according wikipedia entry)

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-14T03:08:19+00:00

Editorial Team

2026-05-14T03:08:19+00:00Added an answer on May 14, 2026 at 3:08 am

The reason for my problem was a bug in FireFox.
Just to answer and close this.
Link:
https://bugzilla.mozilla.org/show_bug.cgi?id=546330

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I tried to use the Http Authentication Digest Scheme with my php (apache module)

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply