TheGU / mod-auth-token

This module uses token based authentication to secure downloads and prevent deep-linking. Have your script or servlet generate a token to authenticate the download and let Apache handle the file transfer without having to pipe it through a script for security.
Apache License 2.0
0 stars 0 forks source link

Failed Token Auth #5

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Downloading
2.
3.

What is the expected output? What do you see instead?

Expect to see download instead getting a 403 forbidden error

also getting mod-auth-token erros in the log

EX:  mod_auth_token: failed token auth (got
'6a73544f1420e2a36eabd78423784d6e', expected '9CE5C2789FBF3140202FE7CC3FDF0A8A

My config file

      <Location "/fyc/">
        AuthTokenSecret       "test"
        AuthTokenPrefix       /fyc/
        AuthTokenTimeout      60
        #AuthTokenLimitByIp    off
      </Location>

Using test script

<?php
// Settings to generate the URI
$secret = "test";        // Same as AuthTokenSecret
$protectedPath = "/fyc/";         // Same as AuthTokenPrefix
$hexTime = dechex(time());             // Time in Hexadecimal      
$fileName = "/video-1b.flv";    // The file to access
$token = md5($secret . $filename. $hexTime);

// We build the url
$url = $protectedPath . $token. "/" . $hexTime . $fileName;
echo $url;
?>

What version of the product are you using? On what operating system?
1.0.5
CecntOS

Please provide any additional information below.

Original issue reported on code.google.com by tyrantp...@gmail.com on 21 Apr 2010 at 1:27

GoogleCodeExporter commented 9 years ago
Hi Tyrantpimp,
please read the code carefully and not just copy/paste ;)
Actually the code seems fine except here :

$token = md5($secret . $filename. $hexTime);

notice the $filename var, it's declared as $fileName (the N in uppercase).

Correcting documentation thanks.

Original comment by teixeira...@gmail.com on 21 Apr 2010 at 7:01

GoogleCodeExporter commented 9 years ago
Sorry for the typo, I tried several different methods but posted the sample 
code for
sake of simplicity. With new code

<?php
// Settings to generate the URI
$secret = "test";        // Same as AuthTokenSecret
$protectedPath = "/fyc/";         // Same as AuthTokenPrefix
$hexTime = dechex(time());             // Time in Hexadecimal      
$fileName = "/video-1b.flv";    // The file to access
$token = md5($secret . $fileName. $hexTime);

// We build the url
$url = $protectedPath . $token. "/" . $hexTime . $fileName;
echo $url;
?>

I am still encountering the same problems

Original comment by tyrantp...@gmail.com on 21 Apr 2010 at 7:27

GoogleCodeExporter commented 9 years ago
Also if you updated the sample code you might want to revisit this portion

-----------------------------------
// We build the url
$url = $protectedPath . $token. "/" . $hexTime . $filename;
echo $url;
?>
-----------------------------------

you have $filename here as well instead of $fileName

Original comment by tyrantp...@gmail.com on 21 Apr 2010 at 8:36