search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added the zend framework 2 library, the path is specified in line no.26 in zend_modul...
[openemr.git] / interface / modules / zend_modules / library / Zend / Authentication / Adapter / Http.php
blobd5e2fbfa2274390126fabeb08c031daf04623d50
1 <?php
2 /**
3 * Zend Framework (http://framework.zend.com/)
4 *
5 * @link http://github.com/zendframework/zf2 for the canonical source repository
6 * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
7 * @license http://framework.zend.com/license/new-bsd New BSD License
8 */
9
10 namespace Zend\Authentication\Adapter;
11
12 use Zend\Authentication;
13 use Zend\Http\Request as HTTPRequest;
14 use Zend\Http\Response as HTTPResponse;
15 use Zend\Uri\UriFactory;
16 use Zend\Crypt\Utils as CryptUtils;
17
18 /**
19 * HTTP Authentication Adapter
20 *
21 * Implements a pretty good chunk of RFC 2617.
22 *
23 * @todo Support auth-int
24 * @todo Track nonces, nonce-count, opaque for replay protection and stale support
25 * @todo Support Authentication-Info header
26 */
27 class Http implements AdapterInterface
28 {
29 /**
30 * Reference to the HTTP Request object
31 *
32 * @var HTTPRequest
33 */
34 protected $request;
35
36 /**
37 * Reference to the HTTP Response object
38 *
39 * @var HTTPResponse
40 */
41 protected $response;
42
43 /**
44 * Object that looks up user credentials for the Basic scheme
45 *
46 * @var Http\ResolverInterface
47 */
48 protected $basicResolver;
49
50 /**
51 * Object that looks up user credentials for the Digest scheme
52 *
53 * @var Http\ResolverInterface
54 */
55 protected $digestResolver;
56
57 /**
58 * List of authentication schemes supported by this class
59 *
60 * @var array
61 */
62 protected $supportedSchemes = array('basic', 'digest');
63
64 /**
65 * List of schemes this class will accept from the client
66 *
67 * @var array
68 */
69 protected $acceptSchemes;
70
71 /**
72 * Space-delimited list of protected domains for Digest Auth
73 *
74 * @var string
75 */
76 protected $domains;
77
78 /**
79 * The protection realm to use
80 *
81 * @var string
82 */
83 protected $realm;
84
85 /**
86 * Nonce timeout period
87 *
88 * @var int
89 */
90 protected $nonceTimeout;
91
92 /**
93 * Whether to send the opaque value in the header. True by default
94 *
95 * @var bool
96 */
97 protected $useOpaque;
98
99 /**
100 * List of the supported digest algorithms. I want to support both MD5 and
101 * MD5-sess, but MD5-sess won't make it into the first version.
102 *
103 * @var array
104 */
105 protected $supportedAlgos = array('MD5');
106
107 /**
108 * The actual algorithm to use. Defaults to MD5
109 *
110 * @var string
111 */
112 protected $algo;
113
114 /**
115 * List of supported qop options. My intention is to support both 'auth' and
116 * 'auth-int', but 'auth-int' won't make it into the first version.
117 *
118 * @var array
119 */
120 protected $supportedQops = array('auth');
121
122 /**
123 * Whether or not to do Proxy Authentication instead of origin server
124 * authentication (send 407's instead of 401's). Off by default.
125 *
126 * @var bool
127 */
128 protected $imaProxy;
129
130 /**
131 * Flag indicating the client is IE and didn't bother to return the opaque string
132 *
133 * @var bool
134 */
135 protected $ieNoOpaque;
136
137 /**
138 * Constructor
139 *
140 * @param array $config Configuration settings:
141 * 'accept_schemes' => 'basic'|'digest'|'basic digest'
142 * 'realm' => <string>
143 * 'digest_domains' => <string> Space-delimited list of URIs
144 * 'nonce_timeout' => <int>
145 * 'use_opaque' => <bool> Whether to send the opaque value in the header
146 * 'algorithm' => <string> See $supportedAlgos. Default: MD5
147 * 'proxy_auth' => <bool> Whether to do authentication as a Proxy
148 * @throws Exception\InvalidArgumentException
149 */
150 public function __construct(array $config)
151 {
152 $this->request = null;
153 $this->response = null;
154 $this->ieNoOpaque = false;
155
156 if (empty($config['accept_schemes'])) {
157 throw new Exception\InvalidArgumentException('Config key "accept_schemes" is required');
158 }
159
160 $schemes = explode(' ', $config['accept_schemes']);
161 $this->acceptSchemes = array_intersect($schemes, $this->supportedSchemes);
162 if (empty($this->acceptSchemes)) {
163 throw new Exception\InvalidArgumentException(sprintf(
164 'No supported schemes given in "accept_schemes". Valid values: %s',
165 implode(', ', $this->supportedSchemes)
166 ));
167 }
168
169 // Double-quotes are used to delimit the realm string in the HTTP header,
170 // and colons are field delimiters in the password file.
171 if (empty($config['realm']) ||
172 !ctype_print($config['realm']) ||
173 strpos($config['realm'], ':') !== false ||
174 strpos($config['realm'], '"') !== false) {
175 throw new Exception\InvalidArgumentException(
176 'Config key \'realm\' is required, and must contain only printable characters,'
177 . 'excluding quotation marks and colons'
178 );
179 } else {
180 $this->realm = $config['realm'];
181 }
182
183 if (in_array('digest', $this->acceptSchemes)) {
184 if (empty($config['digest_domains']) ||
185 !ctype_print($config['digest_domains']) ||
186 strpos($config['digest_domains'], '"') !== false) {
187 throw new Exception\InvalidArgumentException(
188 'Config key \'digest_domains\' is required, and must contain '
189 . 'only printable characters, excluding quotation marks'
190 );
191 } else {
192 $this->domains = $config['digest_domains'];
193 }
194
195 if (empty($config['nonce_timeout']) ||
196 !is_numeric($config['nonce_timeout'])) {
197 throw new Exception\InvalidArgumentException(
198 'Config key \'nonce_timeout\' is required, and must be an integer'
199 );
200 } else {
201 $this->nonceTimeout = (int) $config['nonce_timeout'];
202 }
203
204 // We use the opaque value unless explicitly told not to
205 if (isset($config['use_opaque']) && false == (bool) $config['use_opaque']) {
206 $this->useOpaque = false;
207 } else {
208 $this->useOpaque = true;
209 }
210
211 if (isset($config['algorithm']) && in_array($config['algorithm'], $this->supportedAlgos)) {
212 $this->algo = $config['algorithm'];
213 } else {
214 $this->algo = 'MD5';
215 }
216 }
217
218 // Don't be a proxy unless explicitly told to do so
219 if (isset($config['proxy_auth']) && true == (bool) $config['proxy_auth']) {
220 $this->imaProxy = true; // I'm a Proxy
221 } else {
222 $this->imaProxy = false;
223 }
224 }
225
226 /**
227 * Setter for the basicResolver property
228 *
229 * @param Http\ResolverInterface $resolver
230 * @return Http Provides a fluent interface
231 */
232 public function setBasicResolver(Http\ResolverInterface $resolver)
233 {
234 $this->basicResolver = $resolver;
235
236 return $this;
237 }
238
239 /**
240 * Getter for the basicResolver property
241 *
242 * @return Http\ResolverInterface
243 */
244 public function getBasicResolver()
245 {
246 return $this->basicResolver;
247 }
248
249 /**
250 * Setter for the digestResolver property
251 *
252 * @param Http\ResolverInterface $resolver
253 * @return Http Provides a fluent interface
254 */
255 public function setDigestResolver(Http\ResolverInterface $resolver)
256 {
257 $this->digestResolver = $resolver;
258
259 return $this;
260 }
261
262 /**
263 * Getter for the digestResolver property
264 *
265 * @return Http\ResolverInterface
266 */
267 public function getDigestResolver()
268 {
269 return $this->digestResolver;
270 }
271
272 /**
273 * Setter for the Request object
274 *
275 * @param HTTPRequest $request
276 * @return Http Provides a fluent interface
277 */
278 public function setRequest(HTTPRequest $request)
279 {
280 $this->request = $request;
281
282 return $this;
283 }
284
285 /**
286 * Getter for the Request object
287 *
288 * @return HTTPRequest
289 */
290 public function getRequest()
291 {
292 return $this->request;
293 }
294
295 /**
296 * Setter for the Response object
297 *
298 * @param HTTPResponse $response
299 * @return Http Provides a fluent interface
300 */
301 public function setResponse(HTTPResponse $response)
302 {
303 $this->response = $response;
304
305 return $this;
306 }
307
308 /**
309 * Getter for the Response object
310 *
311 * @return HTTPResponse
312 */
313 public function getResponse()
314 {
315 return $this->response;
316 }
317
318 /**
319 * Authenticate
320 *
321 * @throws Exception\RuntimeException
322 * @return Authentication\Result
323 */
324 public function authenticate()
325 {
326 if (empty($this->request) || empty($this->response)) {
327 throw new Exception\RuntimeException('Request and Response objects must be set before calling '
328 . 'authenticate()');
329 }
330
331 if ($this->imaProxy) {
332 $getHeader = 'Proxy-Authorization';
333 } else {
334 $getHeader = 'Authorization';
335 }
336
337 $headers = $this->request->getHeaders();
338 if (!$headers->has($getHeader)) {
339 return $this->_challengeClient();
340 }
341 $authHeader = $headers->get($getHeader)->getFieldValue();
342 if (!$authHeader) {
343 return $this->_challengeClient();
344 }
345
346 list($clientScheme) = explode(' ', $authHeader);
347 $clientScheme = strtolower($clientScheme);
348
349 // The server can issue multiple challenges, but the client should
350 // answer with only the selected auth scheme.
351 if (!in_array($clientScheme, $this->supportedSchemes)) {
352 $this->response->setStatusCode(400);
353 return new Authentication\Result(
354 Authentication\Result::FAILURE_UNCATEGORIZED,
355 array(),
356 array('Client requested an incorrect or unsupported authentication scheme')
357 );
358 }
359
360 // client sent a scheme that is not the one required
361 if (!in_array($clientScheme, $this->acceptSchemes)) {
362 // challenge again the client
363 return $this->_challengeClient();
364 }
365
366 switch ($clientScheme) {
367 case 'basic':
368 $result = $this->_basicAuth($authHeader);
369 break;
370 case 'digest':
371 $result = $this->_digestAuth($authHeader);
372 break;
373 default:
374 throw new Exception\RuntimeException('Unsupported authentication scheme: ' . $clientScheme);
375 }
376
377 return $result;
378 }
379
380 /**
381 * Challenge Client
382 *
383 * Sets a 401 or 407 Unauthorized response code, and creates the
384 * appropriate Authenticate header(s) to prompt for credentials.
385 *
386 * @return Authentication\Result Always returns a non-identity Auth result
387 */
388 protected function _challengeClient()
389 {
390 if ($this->imaProxy) {
391 $statusCode = 407;
392 $headerName = 'Proxy-Authenticate';
393 } else {
394 $statusCode = 401;
395 $headerName = 'WWW-Authenticate';
396 }
397
398 $this->response->setStatusCode($statusCode);
399
400 // Send a challenge in each acceptable authentication scheme
401 $headers = $this->response->getHeaders();
402 if (in_array('basic', $this->acceptSchemes)) {
403 $headers->addHeaderLine($headerName, $this->_basicHeader());
404 }
405 if (in_array('digest', $this->acceptSchemes)) {
406 $headers->addHeaderLine($headerName, $this->_digestHeader());
407 }
408 return new Authentication\Result(
409 Authentication\Result::FAILURE_CREDENTIAL_INVALID,
410 array(),
411 array('Invalid or absent credentials; challenging client')
412 );
413 }
414
415 /**
416 * Basic Header
417 *
418 * Generates a Proxy- or WWW-Authenticate header value in the Basic
419 * authentication scheme.
420 *
421 * @return string Authenticate header value
422 */
423 protected function _basicHeader()
424 {
425 return 'Basic realm="' . $this->realm . '"';
426 }
427
428 /**
429 * Digest Header
430 *
431 * Generates a Proxy- or WWW-Authenticate header value in the Digest
432 * authentication scheme.
433 *
434 * @return string Authenticate header value
435 */
436 protected function _digestHeader()
437 {
438 $wwwauth = 'Digest realm="' . $this->realm . '", '
439 . 'domain="' . $this->domains . '", '
440 . 'nonce="' . $this->_calcNonce() . '", '
441 . ($this->useOpaque ? 'opaque="' . $this->_calcOpaque() . '", ' : '')
442 . 'algorithm="' . $this->algo . '", '
443 . 'qop="' . implode(',', $this->supportedQops) . '"';
444
445 return $wwwauth;
446 }
447
448 /**
449 * Basic Authentication
450 *
451 * @param string $header Client's Authorization header
452 * @throws Exception\ExceptionInterface
453 * @return Authentication\Result
454 */
455 protected function _basicAuth($header)
456 {
457 if (empty($header)) {
458 throw new Exception\RuntimeException('The value of the client Authorization header is required');
459 }
460 if (empty($this->basicResolver)) {
461 throw new Exception\RuntimeException(
462 'A basicResolver object must be set before doing Basic '
463 . 'authentication');
464 }
465
466 // Decode the Authorization header
467 $auth = substr($header, strlen('Basic '));
468 $auth = base64_decode($auth);
469 if (!$auth) {
470 throw new Exception\RuntimeException('Unable to base64_decode Authorization header value');
471 }
472
473 // See ZF-1253. Validate the credentials the same way the digest
474 // implementation does. If invalid credentials are detected,
475 // re-challenge the client.
476 if (!ctype_print($auth)) {
477 return $this->_challengeClient();
478 }
479 // Fix for ZF-1515: Now re-challenges on empty username or password
480 $creds = array_filter(explode(':', $auth));
481 if (count($creds) != 2) {
482 return $this->_challengeClient();
483 }
484
485 $result = $this->basicResolver->resolve($creds[0], $this->realm, $creds[1]);
486
487 if ($result instanceof Authentication\Result && $result->isValid()) {
488 return $result;
489 }
490
491 if (!$result instanceof Authentication\Result
492 && !is_array($result)
493 && CryptUtils::compareStrings($result, $creds[1])
494 ) {
495 $identity = array('username' => $creds[0], 'realm' => $this->realm);
496 return new Authentication\Result(Authentication\Result::SUCCESS, $identity);
497 } elseif (is_array($result)) {
498 return new Authentication\Result(Authentication\Result::SUCCESS, $result);
499 }
500
501 return $this->_challengeClient();
502 }
503
504 /**
505 * Digest Authentication
506 *
507 * @param string $header Client's Authorization header
508 * @throws Exception\ExceptionInterface
509 * @return Authentication\Result Valid auth result only on successful auth
510 */
511 protected function _digestAuth($header)
512 {
513 if (empty($header)) {
514 throw new Exception\RuntimeException('The value of the client Authorization header is required');
515 }
516 if (empty($this->digestResolver)) {
517 throw new Exception\RuntimeException('A digestResolver object must be set before doing Digest authentication');
518 }
519
520 $data = $this->_parseDigestAuth($header);
521 if ($data === false) {
522 $this->response->setStatusCode(400);
523 return new Authentication\Result(
524 Authentication\Result::FAILURE_UNCATEGORIZED,
525 array(),
526 array('Invalid Authorization header format')
527 );
528 }
529
530 // See ZF-1052. This code was a bit too unforgiving of invalid
531 // usernames. Now, if the username is bad, we re-challenge the client.
532 if ('::invalid::' == $data['username']) {
533 return $this->_challengeClient();
534 }
535
536 // Verify that the client sent back the same nonce
537 if ($this->_calcNonce() != $data['nonce']) {
538 return $this->_challengeClient();
539 }
540 // The opaque value is also required to match, but of course IE doesn't
541 // play ball.
542 if (!$this->ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
543 return $this->_challengeClient();
544 }
545
546 // Look up the user's password hash. If not found, deny access.
547 // This makes no assumptions about how the password hash was
548 // constructed beyond that it must have been built in such a way as
549 // to be recreatable with the current settings of this object.
550 $ha1 = $this->digestResolver->resolve($data['username'], $data['realm']);
551 if ($ha1 === false) {
552 return $this->_challengeClient();
553 }
554
555 // If MD5-sess is used, a1 value is made of the user's password
556 // hash with the server and client nonce appended, separated by
557 // colons.
558 if ($this->algo == 'MD5-sess') {
559 $ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']);
560 }
561
562 // Calculate h(a2). The value of this hash depends on the qop
563 // option selected by the client and the supported hash functions
564 switch ($data['qop']) {
565 case 'auth':
566 $a2 = $this->request->getMethod() . ':' . $data['uri'];
567 break;
568 case 'auth-int':
569 // Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
570 // but this isn't supported yet, so fall through to default case
571 default:
572 throw new Exception\RuntimeException('Client requested an unsupported qop option');
573 }
574 // Using hash() should make parameterizing the hash algorithm
575 // easier
576 $ha2 = hash('md5', $a2);
577
578
579 // Calculate the server's version of the request-digest. This must
580 // match $data['response']. See RFC 2617, section 3.2.2.1
581 $message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2;
582 $digest = hash('md5', $ha1 . ':' . $message);
583
584 // If our digest matches the client's let them in, otherwise return
585 // a 401 code and exit to prevent access to the protected resource.
586 if (CryptUtils::compareStrings($digest, $data['response'])) {
587 $identity = array('username' => $data['username'], 'realm' => $data['realm']);
588 return new Authentication\Result(Authentication\Result::SUCCESS, $identity);
589 }
590
591 return $this->_challengeClient();
592 }
593
594 /**
595 * Calculate Nonce
596 *
597 * @return string The nonce value
598 */
599 protected function _calcNonce()
600 {
601 // Once subtle consequence of this timeout calculation is that it
602 // actually divides all of time into nonceTimeout-sized sections, such
603 // that the value of timeout is the point in time of the next
604 // approaching "boundary" of a section. This allows the server to
605 // consistently generate the same timeout (and hence the same nonce
606 // value) across requests, but only as long as one of those
607 // "boundaries" is not crossed between requests. If that happens, the
608 // nonce will change on its own, and effectively log the user out. This
609 // would be surprising if the user just logged in.
610 $timeout = ceil(time() / $this->nonceTimeout) * $this->nonceTimeout;
611
612 $userAgentHeader = $this->request->getHeaders()->get('User-Agent');
613 if ($userAgentHeader) {
614 $userAgent = $userAgentHeader->getFieldValue();
615 } elseif (isset($_SERVER['HTTP_USER_AGENT'])) {
616 $userAgent = $_SERVER['HTTP_USER_AGENT'];
617 } else {
618 $userAgent = 'Zend_Authenticaion';
619 }
620 $nonce = hash('md5', $timeout . ':' . $userAgent . ':' . __CLASS__);
621 return $nonce;
622 }
623
624 /**
625 * Calculate Opaque
626 *
627 * The opaque string can be anything; the client must return it exactly as
628 * it was sent. It may be useful to store data in this string in some
629 * applications. Ideally, a new value for this would be generated each time
630 * a WWW-Authenticate header is sent (in order to reduce predictability),
631 * but we would have to be able to create the same exact value across at
632 * least two separate requests from the same client.
633 *
634 * @return string The opaque value
635 */
636 protected function _calcOpaque()
637 {
638 return hash('md5', 'Opaque Data:' . __CLASS__);
639 }
640
641 /**
642 * Parse Digest Authorization header
643 *
644 * @param string $header Client's Authorization: HTTP header
645 * @return array|bool Data elements from header, or false if any part of
646 * the header is invalid
647 */
648 protected function _parseDigestAuth($header)
649 {
650 $temp = null;
651 $data = array();
652
653 // See ZF-1052. Detect invalid usernames instead of just returning a
654 // 400 code.
655 $ret = preg_match('/username="([^"]+)"/', $header, $temp);
656 if (!$ret || empty($temp[1])
657 || !ctype_print($temp[1])
658 || strpos($temp[1], ':') !== false) {
659 $data['username'] = '::invalid::';
660 } else {
661 $data['username'] = $temp[1];
662 }
663 $temp = null;
664
665 $ret = preg_match('/realm="([^"]+)"/', $header, $temp);
666 if (!$ret || empty($temp[1])) {
667 return false;
668 }
669 if (!ctype_print($temp[1]) || strpos($temp[1], ':') !== false) {
670 return false;
671 } else {
672 $data['realm'] = $temp[1];
673 }
674 $temp = null;
675
676 $ret = preg_match('/nonce="([^"]+)"/', $header, $temp);
677 if (!$ret || empty($temp[1])) {
678 return false;
679 }
680 if (!ctype_xdigit($temp[1])) {
681 return false;
682 }
683
684 $data['nonce'] = $temp[1];
685 $temp = null;
686
687 $ret = preg_match('/uri="([^"]+)"/', $header, $temp);
688 if (!$ret || empty($temp[1])) {
689 return false;
690 }
691 // Section 3.2.2.5 in RFC 2617 says the authenticating server must
692 // verify that the URI field in the Authorization header is for the
693 // same resource requested in the Request Line.
694 $rUri = $this->request->getUri();
695 $cUri = UriFactory::factory($temp[1]);
696
697 // Make sure the path portion of both URIs is the same
698 if ($rUri->getPath() != $cUri->getPath()) {
699 return false;
700 }
701
702 // Section 3.2.2.5 seems to suggest that the value of the URI
703 // Authorization field should be made into an absolute URI if the
704 // Request URI is absolute, but it's vague, and that's a bunch of
705 // code I don't want to write right now.
706 $data['uri'] = $temp[1];
707 $temp = null;
708
709 $ret = preg_match('/response="([^"]+)"/', $header, $temp);
710 if (!$ret || empty($temp[1])) {
711 return false;
712 }
713 if (32 != strlen($temp[1]) || !ctype_xdigit($temp[1])) {
714 return false;
715 }
716
717 $data['response'] = $temp[1];
718 $temp = null;
719
720 // The spec says this should default to MD5 if omitted. OK, so how does
721 // that square with the algo we send out in the WWW-Authenticate header,
722 // if it can easily be overridden by the client?
723 $ret = preg_match('/algorithm="?(' . $this->algo . ')"?/', $header, $temp);
724 if ($ret && !empty($temp[1])
725 && in_array($temp[1], $this->supportedAlgos)) {
726 $data['algorithm'] = $temp[1];
727 } else {
728 $data['algorithm'] = 'MD5'; // = $this->algo; ?
729 }
730 $temp = null;
731
732 // Not optional in this implementation
733 $ret = preg_match('/cnonce="([^"]+)"/', $header, $temp);
734 if (!$ret || empty($temp[1])) {
735 return false;
736 }
737 if (!ctype_print($temp[1])) {
738 return false;
739 }
740
741 $data['cnonce'] = $temp[1];
742 $temp = null;
743
744 // If the server sent an opaque value, the client must send it back
745 if ($this->useOpaque) {
746 $ret = preg_match('/opaque="([^"]+)"/', $header, $temp);
747 if (!$ret || empty($temp[1])) {
748
749 // Big surprise: IE isn't RFC 2617-compliant.
750 $headers = $this->request->getHeaders();
751 if (!$headers->has('User-Agent')) {
752 return false;
753 }
754 $userAgent = $headers->get('User-Agent')->getFieldValue();
755 if (false === strpos($userAgent, 'MSIE')) {
756 return false;
757 }
758
759 $temp[1] = '';
760 $this->ieNoOpaque = true;
761 }
762
763 // This implementation only sends MD5 hex strings in the opaque value
764 if (!$this->ieNoOpaque &&
765 (32 != strlen($temp[1]) || !ctype_xdigit($temp[1]))) {
766 return false;
767 }
768
769 $data['opaque'] = $temp[1];
770 $temp = null;
771 }
772
773 // Not optional in this implementation, but must be one of the supported
774 // qop types
775 $ret = preg_match('/qop="?(' . implode('|', $this->supportedQops) . ')"?/', $header, $temp);
776 if (!$ret || empty($temp[1])) {
777 return false;
778 }
779 if (!in_array($temp[1], $this->supportedQops)) {
780 return false;
781 }
782
783 $data['qop'] = $temp[1];
784 $temp = null;
785
786 // Not optional in this implementation. The spec says this value
787 // shouldn't be a quoted string, but apparently some implementations
788 // quote it anyway. See ZF-1544.
789 $ret = preg_match('/nc="?([0-9A-Fa-f]{8})"?/', $header, $temp);
790 if (!$ret || empty($temp[1])) {
791 return false;
792 }
793 if (8 != strlen($temp[1]) || !ctype_xdigit($temp[1])) {
794 return false;
795 }
796
797 $data['nc'] = $temp[1];
798 $temp = null;
799
800 return $data;
801 }
802 }
Mirror of official OpenEMR Sourceforge repository