Log in

No account? Create an account
I could really use some help with 'challenge-response'. I'm just… - LiveJournal Client Discussions — LiveJournal [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

[Dec. 1st, 2004|04:35 pm]
LiveJournal Client Discussions


I could really use some help with 'challenge-response'. I'm just trying to get a simple cross-post plugin working- using php and The Inutio XML-RPC Library. I surfed around enough to patch together a simple php script that posts- but I want to use the challenge-response method. Problem is, xml-rpc completely baffles me. Reading this post helped- at least in terms of what I know I need to add in:

"You need to send the user name, auth_method='challenge', auth_challenge=$challenge, and of course the auth_response." And generate the response via: md5($challenge . md5($password))

However, I've no clue how to put it all together. Here's what I have so far- it works to post, but as soon as I start playing with the 'challenge-response' stuff it breaks- I can't even get a challenge!


$lj_userid = "username";
$lj_passwd = "password";
$lineendings = "pc";
$event = "Hm what to say";
$subject = "Subject what subject";
$timenow = getdate();
$year = date('Y');
$month = date('m');
$day = date('d');
$hour = date('H');
$minute = date('i');
$client = new IXR_client("www.journalfen.net", "/interface/xmlrpc", 80);
$client->debug = true;
$x_params_r = array( "username" => utf8_encode( $lj_userid ),
"password" => utf8_encode( $lj_passwd ),
"lineendings" => $lineendings,
"event" => utf8_encode( $event ),
"subject" => utf8_encode( $subject ),
"year" => utf8_encode( $year ),
"mon" => utf8_encode( $month ),
"day" => utf8_encode( $day ),
"hour" => utf8_encode( $hour ),
"min" => utf8_encode( $minute ));

$client->query('LJ.XMLRPC.postevent', $x_params_r);

Now when I used: LJ.XMLRPC.getchallenge, I do get the correct challenge, but I'm just not sure how to put it all together (or reply to the challenge!).

Anyway, if someone doesn't mind helping out an xml-rpc newbie, I'd be grateful. I've about hit the limit of my ability to figure this out, and I'd really rather use the challenge-response approach.

[User Picture]From: vanbeast
2004-12-02 01:32 am (UTC)
Check out http://www.livejournal.com/doc/server/ljp.csp.auth.challresp.html, which describes how it all works.

Once you've got the challenge, you need to take a hex-encoded MD5 of the challenge + the md5 of the password:

$resp = md5( $challenge . md5($password) );

Then, in the struct you pass to the XML-RPC method, pass username, auth_method (== 'challenge'), auth_challenge (the challenge you received), and auth_response (the response you calculated).

Do that instead of any usual username/password stuff you send, and (as far as I can tell) it should work.
(Reply) (Thread)
[User Picture]From: forked
2004-12-02 07:17 am (UTC)
Whew! Finally got it working! Thanks.
(Reply) (Parent) (Thread)