PHP編程之SSO知識分析

ADVERTISEMENT

PHP編程之SSO知識分析

PHP SSO詳解

SSO有三種模式:①跨子域單點登陸②完全跨單點域登陸③站群共享身份認證

第一種模式很簡單,隻需要將Cookie的域設置成多個應用的根域即可

第二種方式,也很簡單,就是將所以應用的認證地址更換成同一個認證地址,每次查看是否在認證中心登陸,如果登陸了,給調用應用發放一個加密令牌即可

第三種跨域,就是來回跳轉來回驗證token略有麻煩

配置目錄結構

在服務器根目錄下,新建三個項目目錄:

|–/網站根目錄/
|–|–/oa/
|–|–/bbs/
|–|–/blog/

在根目錄下新建functions.PHP腳本文件,具體內容如下:


 <?php
 
 /**
 * 獲取登陸token
 * @param string $url 獲取token的地址
 * 2017-01-03T13:08:43+0800
 */
 function getToken($url)
 {
 $bool = isLogin();
 if ($bool) {
 // 如果登陸了跳轉到本站首頁
 header('location: index.php');
 exit();
 }
 
 // 否則沒有登陸,去另一個站點看是否登陸
 header('location: '.$url);
 }
 
 // 校驗令牌是否正確
 function yzToken($domain)
 {
 $url = isset($_GET['url']) ? $_GET['url'] : '';
 $username = isset($_GET['username']) ? $_GET['username'] : '';
 $token = isset($_GET['token']) ? $_GET['token'] : '';
 
 
 if (!empty($username) && !empty($token)) {
 $salt = 'taoip';
 $_token = md5($salt.$username);
 // 校驗第三方站點過來時的token是否正確
 if ($_token == $token) {
 // 設置跳轉過來的網站的Cookie
 setCook($username, $_token, $domain);
 header('location: index.php');
 }
 }
 
 }
 
 // 設置cookie
 function setCook($username, $_password, $domain)
 {
 // 校驗成功,開始登陸
 setcookie('username', $username, time()+3600, '/', $domain);
 setcookie('token', $_password, time()+3600, '/', $domain);
 header('location: index.php');
 }
 
 // 判斷是否登陸
 function isLogin()
 {
 $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
 $salt = 'taoip';
 
 $_token = md5($salt.$username);
 
 if ($token == $_token) {
 return true;
 } else {
 return false;
 }
 }
 
 ?>

在oa項目目錄下,新建index.php和login.php兩個腳本文件

編輯index.php文件


 <?php
 
 // OA站點
 
 // (1)開啟Session會話
 session_name('taoip');
 session_start();
 // (2)獲取用戶名和token進行校驗
 $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
 
 $salt = 'taoip';
 
 $_token = md5($salt.$username);
 
 if ($token != $_token) {
 header('location: login.php');
 exit();
 }
 
 echo "歡迎用戶,訪問OA站點";
 
 ?>

編輯login.php文件


 <?php
 
 // OA站點登陸系統
 require '../functions.php';
 
 // (2)驗證
 yzToken('taoip.cn');
 
 // (1)判斷是否登陸,登陸則跳轉首頁,未登錄則去其他站點獲取token
 $url = isset($_GET['url']) ? $_GET['url'] : '';
 if (empty($url)) {
 getToken('http://dengpeng.cc/login.php?url=http://oa.taoip.cn/login.php');
 }
 
 // (1)判斷用戶是否登陸
 $bool = isLogin();
 $url = isset($_GET['url']) ? $_GET['url'] : '';
 if ($bool) {
 if (empty($url)) {
 header('location: index.php');
 } else {
 $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
 $lurl = $url.'?username='.$username.'&token='.$token;
 header('location: '.$lurl);
 }
 }
 
 
 if (!empty($_POST)) {
 $username = isset($_POST['username']) ? $_POST['username'] : '';
 $password = isset($_POST['password']) ? $_POST['password'] : '';
 
 // 從庫中查詢用戶密碼
 @$link = mysql_connect('localhost', 'root', '');
 mysql_query('use sso', $link);
 mysql_query('set names utf8', $link);
 $sql = "select * from users where username = '".$username."'";
 $user = mysql_fetch_assoc(mysql_query($sql, $link));
 
 // 校驗
 $salt = 'taoip';
 $_password = md5($salt.$username);
 
 // var_dump($user['password'] == $_password);
 // print_r($user);exit();
 
 if ($user['password'] == $_password) {
 // 校驗成功,開始登陸
 setcookie('username', $username, time()+3600, '/', 'taoip.cn');
 setcookie('token', $_password, time()+3600, '/', 'taoip.cn');
 // 如果URL沒有值重定向到首頁,否則重定向到URL頁面
 if (empty($url)) {
 header('location: index.php');
 } else {
 header('location: '.$lurl);
 }
 }
 }
 
 ?>
 
 <!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="UTF-8">
 <meta name="generator" content="Sublime Text 3114">
 <meta name="author" content="[email protected]">
 <meta name="keywords" content="">
 <meta name="description" content="">
 <title>OA站點登陸系統</title>
 </head>
 <body>
 <div class="container">
 <h2>oa.taoip.cn站點登陸系統</h2>
 <form action="" method="post">
 <label for="">用戶名</label>
 <input type="text" name="username">
 <br>
 <label for="">密碼</label>
 <input type="text" name="password">
 <hr>
 <button type="submit">提交</button>
 </form>
 </div>
 </body>
 </html>

在bbs項目目錄下,新建index.php和login.php兩個腳本文件

編輯index.php文件


 <?php
 /**
 * @author DengPeng <[email protected]>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */
 
 // BBS站點
 
 // (1)開啟Session會話
 session_name('taoip');
 session_start();
 // (2)獲取用戶名和token進行校驗
 $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
 
 $salt = 'taoip';
 
 $_token = md5($salt.$username);
 
 if ($token != $_token) {
 header('location: login.php');
 exit();
 }
 
 echo "歡迎用戶,訪問BBS站點";
 
 ?>
 

編輯login.php文件


 <?php
 /**
 * @author DengPeng <[email protected]>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */
 
 // BBS站點登陸系統
 require '../functions.php';
 
 // (2)驗證
 yzToken('taoip.cn');
 
 // (1)判斷是否登陸,登陸則跳轉首頁,未登錄則去其他站點獲取token
 $url = isset($_GET['url']) ? $_GET['url'] : '';
 if (empty($url)) {
 getToken('http://dengpeng.cc/login.php?url=http://bbs.taoip.cn/login.php');
 }
 
 // (1)判斷用戶是否登陸
 $bool = isLogin();
 $url = isset($_GET['url']) ? $_GET['url'] : '';
 if ($bool) {
 if (empty($url)) {
 header('location: index.php');
 } else {
 $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
 $lurl = $url.'?username='.$username.'&token='.$token;
 header('location: '.$lurl);
 }
 }
 
 
 if (!empty($_POST)) {
 $username = isset($_POST['username']) ? $_POST['username'] : '';
 $password = isset($_POST['password']) ? $_POST['password'] : '';
 
 // 從庫中查詢用戶密碼
 @$link = mysql_connect('localhost', 'root', '');
 mysql_query('use sso', $link);
 mysql_query('set names utf8', $link);
 $sql = "select * from users where username = '".$username."'";
 $user = mysql_fetch_assoc(mysql_query($sql, $link));
 
 // 校驗
 $salt = 'taoip';
 $_password = md5($salt.$username);
 
 // var_dump($user['password'] == $_password);
 // print_r($user);exit();
 
 if ($user['password'] == $_password) {
 // 校驗成功,開始登陸
 setcookie('username', $username, time()+3600, '/', 'taoip.cn');
 setcookie('token', $_password, time()+3600, '/', 'taoip.cn');
 // 如果URL沒有值重定向到首頁,否則重定向到URL頁面
 if (empty($url)) {
 header('location: index.php');
 } else {
 header('location: '.$lurl);
 }
 }
 }
 
 ?>
 
 <!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="UTF-8">
 <meta name="generator" content="Sublime Text 3114">
 <meta name="author" content="[email protected]">
 <meta name="keywords" content="">
 <meta name="description" content="">
 <title>BBS站點登陸系統</title>
 </head>
 <body>
 <div class="container">
 <h2>bbs.taoip.cn站點登陸系統</h2>
 <form action="" method="post">
 <label for="">用戶名</label>
 <input type="text" name="username">
 <br>
 <label for="">密碼</label>
 <input type="text" name="password">
 <hr>
 <button type="submit">提交</button>
 </form>
 </div>
 </body>
 </html>

在blog項目目錄下,新建index.php和login.php兩個腳本文件

編輯index.php文件


 <?php
 /**
 * @author DengPeng <[email protected]>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */
 
 // blog站點
 
 // (1)開啟Session會話
 session_name('taoip');
 session_start();
 // (2)獲取用戶名和token進行校驗
 $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
 
 $salt = 'taoip';
 
 $_token = md5($salt.$username);
 
 if ($token != $_token) {
 header('location: login.php');
 exit();
 }
 
 echo "歡迎用戶,訪問blog站點";
 
 ?>
 
 <?php
 /**
 * @author DengPeng <[email protected]>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */
 
 // blog站點
 
 // (1)開啟Session會話
 session_name('taoip');
 session_start();
 // (2)獲取用戶名和token進行校驗
 $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
 
 $salt = 'taoip';
 
 $_token = md5($salt.$username);
 
 if ($token != $_token) {
 header('location: login.php');
 exit();
 }
 
 echo "歡迎用戶,訪問blog站點";
 
 ?>
 

編輯login.php文件


 <?php
 /**
 * @author DengPeng <[email protected]>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */
 
 // blog站點登陸系統
 require '../functions.php';
 
 // (2)驗證
 yzToken('dengpeng.cc');
 
 // (1)判斷是否登陸,登陸則跳轉首頁,未登錄則去其他站點獲取token
 $url = isset($_GET['url']) ? $_GET['url'] : '';
 if (empty($url)) {
 getToken('http://oa.taoip.cn/login.php?url=http://dengpeng.cc/login.php');
 }
 
 
 // (1)判斷用戶是否登陸
 $bool = isLogin();
 $url = isset($_GET['url']) ? $_GET['url'] : '';
 if ($bool) {
 if (empty($url)) {
 header('location: index.php');
 } else {
 $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
 $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
 $lurl = $url.'?username='.$username.'&token='.$token;
 header('location: '.$lurl);
 }
 }
 
 
 // (3)判斷用戶是否提交數據
 if (!empty($_POST)) {
 $username = isset($_POST['username']) ? $_POST['username'] : '';
 $password = isset($_POST['password']) ? $_POST['password'] : '';
 
 // 從庫中查詢用戶密碼
 @$link = mysql_connect('localhost', 'root', '');
 mysql_query('use sso', $link);
 mysql_query('set names utf8', $link);
 $sql = "select * from users where username = '".$username."'";
 $user = mysql_fetch_assoc(mysql_query($sql, $link));
 
 // 校驗
 $salt = 'taoip';
 $_password = md5($salt.$username);
 
 // var_dump($user['password'] == $_password);
 // print_r($user);exit();
 
 if ($user['password'] == $_password) {
 setCook($username, $_password, 'dengpeng.cc');
 if (empty($url)) {
 header('location: index.php');
 } else {
 header('location: '.$lurl);
 }
 }
 }
 
 ?>
 
 <!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="UTF-8">
 <meta name="generator" content="Sublime Text 3114">
 <meta name="author" content="[email protected]">
 <meta name="keywords" content="">
 <meta name="description" content="">
 <title>blog站點登陸系統</title>
 </head>
 <body>
 <div class="container">
 <h2>dengpeng.cc站點登陸系統</h2>
 <form action="" method="post">
 <label for="">用戶名</label>
 <input type="text" name="username">
 <br>
 <label for="">密碼</label>
 <input type="text" name="password">
 <hr>
 <button type="submit">提交</button>
 </form>
 </div>
 </body>
 </html>
 

配置本地虛擬主機

具體配置步驟,我想大家應該都會了,不需要我一一贅述.你隻需要按照我給的參照,配置和不同域名對應目錄的映射即可.

域名 /項目目錄/
oa.taoip.cn /oa/
bbs.taoip.cn /bbs/
dengpeng.cc /blog/

恭喜您,已經完成了一個簡單的SSO系統

配置完成後,記得重啟Web服務器.然後你隻需要訪問這三個不同的站點,即可實現一個站點登陸,其他站點不再發送登陸請求.

感謝閱讀,希望能幫助到大家,謝謝大家對本站的支持!


本文地址:
ADVERTISEMENT