There is little information available for programming a client in PHP. There is a large document about the standard and how things should work, but an actual step by step of how to build a client in PHP does not exist. When I started on the project at our offices, I found very little help. There were some people who had successfully built a client, but they did not want to share their findings or even offer a little direction. This can happen when new technologies come out; people sometimes try to hoard information to make themselves look better instead of advancing the possibilities of a technology. Where would PHP be today if it was not open? Hopefully this will get you started and over one of the biggest hurdles in developing your client, the login. Once I got past this, everything came together.

The login process is not too difficult, but is a little tricky because we will be using MD5 and digest authentication. This is a very secure way of logging, and it is understandable that most RETS servers will use this type over Basic Authentication. Some older servers still use Basic Authentication, but it is rare.

Now let's look quickly at MD5 and digest authentication. MD5 is a way to verify data integrity. It takes a string of text and returns a 128bit "fingerprint", 32 characters of letters and numbers. The reason for this is that the actual string is never transmitted over the Internet, and it is very difficult if not impossible to decrypt this fingerprint. When the computer you are sending to receives the request of authentication, it will MD5 a similar string on it and compare the one you sent over with the one it made. For example if you sent over a password "cat" that was encrypted using MD5, which may look like this "1f3870be274f6c49b3e31a0c6728957f" to another computer, it would take the password that it had in its database for you and encode it using MD5, and if your string matched what the computer had, it would allow you access. MD5 can be used for many things, even checking if two sentences are identical, basically anything that needs to be compared to each other for equality.

The login script consists of MD5 variables and header information sent over the Internet using fsocket to a specified port for authentication. Once there is an approved login, the MLS server will display a session which you can use for data retrieval.