Ever tried to create a client area in PHP using .NET passport as your authentication
method?
Personally I don't believe in .NET passports, a script like this can easily be used to capture passwords.
Here's a little example of how to get it running, it uses the CURL library to send
requests.
function setRequest($url,$headers) { if (function_exists('curl_init')) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_FAILONERROR, TRUE); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl, CURLOPT_VERBOSE, FALSE); curl_setopt($curl, CURLOPT_HEADER,TRUE); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); $data = curl_exec($curl); curl_close($curl); return $data; } else die('Error: <a href="http://curl.haxx.se/">CURL Library</a> Not found!'); } function Authentication($username, $password) { $arr[] = "GET /rdr/pprdr.asp HTTP/1.0\\r\\n\\r\\n"; $data = setRequest ("https://nexus.passport.com:443/rdr/pprdr.asp",$arr); if ($data) { preg_match("/DALogin=(.+?),/",$data,$matches); $split = explode("/",$matches[1]); $headers = array("GET /$split[1] HTTP/1.1\\r\\n", "Authorization: Passport1.4 OrgVerb=GET,OrgURL=http://messenger.msn.com,sign-in=$username,pwd=$password"); $data = setRequest("https://" . $split[0] . ":443/". $split[1], $headers); return ($data) ? TRUE : FALSE; } else { return FALSE; } }
if (Authentication("username@hotmail.com","password")) { print "Authentication Success"; } else { print "Authentication Failed"; }
May 13, 2011 by boujemaa
hola