With that being said let's look at the first part of the login script (the full code is included).

<code>
$url = "rets.somemls.com";  
</code>
This is the URL we will use through out a session.  The MLS office will have to provide this to you, it is usually not public information.

<code>
$fp = fsockopen($url,80,$errno,$errstr,30);
if (!$fp) {

      echo "$errstr ($errno)<br />n";
} else {   
</code>

This is a standard fsocket connection procedure. Notice that it is going to port 80 - some MLS systems might use other ports to pull RETS information from. The number 30 is the time out limit. If there is an error the above code will let us know. For more information on fsocket go to the  manual http://us4.php.net/manual/en/function.fsockopen.php

<code>
$username = "retsuser02";
$MLS_county = "LAMLS";
$password = "getinfo"
$A1 = "$username:$MLS_county:$password";
</code>

You will use your username and password here that the MLS office gives you. Also you will notice that between the username and password is a variable we called MLS_county, this will be a variable that the MLS office must give you. All counties have a different code and if the correct one is not used, there will be an error when you MD5 this variable. This specific arrangement of these variables may be different from MLS office to MLS office; there is a standard but it does vary slightly usually for security purposes and the MLS service provider will make these differences known.

<code>
$A2 = "GET:/IMPV/rets/rets_login.asp";
</code>

This is the page that will be used to authenticate you as a user of the system. This page will need to be given to you by the MLS office.

<code>
$auth_nonce = "adee8373e2588003c1746f58c89b30cd";
</code>

Nonce is a string of randomly generated letters and numbers or current time generated by the server you are contacting. The MLS system I currently use does not change this variable and is a mix of numbers and letters. The way you get the nonce is to go to the page without logging in and review the headers and pull out the variable "nonce= adee8373e2588003c1746f58c89b30cd". You may need to add a section of code that goes to the page and parses out the nonce and opaque variables which we will use further in the code.

<code>
$raw_digest = md5($A1).":".$auth_nonce.":".md5($A2);
</code>

Now let's MD5 our variables. No matter how long the variable you MD5, it will encrypt it into a 32 character variable. You will notice that the $A1 and $A2 variables are MD5ed and the nonce is not. This is just the way to make things even more complicated for someone trying to decrypt this string.

<code>
$resp = md5( $raw_digest );
</code>

The last step is to MD5 the variable we just MD5ed. This may vary from each MLS office, but it does provide another step of security. This variable must match an MD5 variable the MLS service provider generates on its end; if it doesn't then there will be no authentication. And again the benefit of using MD5 is that no obvious information is being sent over the Internet.