PHP編程之SSO知識分析

ADVERTISEMENT

PHP編程之SSO知識分析

PHP SSO詳解

SSO有三種模式:①跨子域單點登陸②完全跨單點域登陸③站群共享身份認證

第一種模式很簡單,隻需要將Cookie的域設置成多個應用的根域即可

第二種方式,也很簡單,就是將所以應用的認證地址更換成同一個認證地址,每次查看是否在認證中心登陸,如果登陸了,給調用應用發放一個加密令牌即可

第三種跨域,就是來回跳轉來回驗證token略有麻煩

配置目錄結構

在服務器根目錄下,新建三個項目目錄:

|–/網站根目錄/

|–|–/oa/

|–|–/bbs/

|–|–/blog/

在根目錄下新建functions.PHP腳本文件,具體內容如下:

<?php

/**

* 獲取登陸token

* @param string $url 獲取token的地址

* 2017-01-03T13:08:43+0800

*/

function getToken($url)

{

$bool = isLogin();

if ($bool) {

// 如果登陸了跳轉到本站首頁

header('location: index.php');

exit();

}

// 否則沒有登陸,去另一個站點看是否登陸

header('location: '.$url);

}

// 校驗令牌是否正確

function yzToken($domain)

{

$url = isset($_GET['url']) ? $_GET['url'] : '';

$username = isset($_GET['username']) ? $_GET['username'] : '';

$token = isset($_GET['token']) ? $_GET['token'] : '';

if (!empty($username) && !empty($token)) {

$salt = 'taoip';

$_token = md5($salt.$username);

// 校驗第三方站點過來時的token是否正確

if ($_token == $token) {

// 設置跳轉過來的網站的Cookie

setCook($username, $_token, $domain);

header('location: index.php');

}

}

}

// 設置cookie

function setCook($username, $_password, $domain)

{

// 校驗成功,開始登陸

setcookie('username', $username, time()+3600, '/', $domain);

setcookie('token', $_password, time()+3600, '/', $domain);

header('location: index.php');

}

// 判斷是否登陸

function isLogin()

{

$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';

$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token == $_token) {

return true;

} else {

return false;

}

}

?>

在oa項目目錄下,新建index.php和login.php兩個腳本文件

編輯index.php文件

<?php

// OA站點

// (1)開啟Session會話

session_name('taoip');

session_start();

// (2)獲取用戶名和token進行校驗

$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';

$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {

header('location: login.php');

ADVERTISEMENT

exit();

}

echo "歡迎用戶,訪問OA站點";

?>

編輯login.php文件

<?php

// OA站點登陸系統

require '../functions.php';

// (2)驗證

yzToken('taoip.cn');

// (1)判斷是否登陸,登陸則跳轉首頁,未登錄則去其他站點獲取token

$url = isset($_GET['url']) ? $_GET['url'] : '';

if (empty($url))

// (1)判斷用戶是否登陸

$bool = isLogin();

$url = isset($_GET['url']) ? $_GET['url'] : '';

if ($bool) {

if (empty($url)) {

header('location: index.php');

} else {

$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';

$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$lurl = $url.'?username='.$username.'&token='.$token;

header('location: '.$lurl);

}

}

if (!empty($_POST)) {

$username = isset($_POST['username']) ? $_POST['username'] : '';

$password = isset($_POST['password']) ? $_POST['password'] : '';

// 從庫中查詢用戶密碼

@$link = mysql_connect('localhost', 'root', '');

mysql_query('use sso', $link);

mysql_query('set names utf8', $link);

$sql = "select * from users where username = '".$username."'";

$user = mysql_fetch_assoc(mysql_query($sql, $link));

// 校驗

$salt = 'taoip';

$_password = md5($salt.$username);

// var_dump($user['password'] == $_password);

// print_r($user);exit();

if ($user['password'] == $_password) {

// 校驗成功,開始登陸

setcookie('username', $username, time()+3600, '/', 'taoip.cn');

setcookie('token', $_password, time()+3600, '/', 'taoip.cn');

// 如果URL沒有值重定向到首頁,否則重定向到URL頁面

if (empty($url)) {

header('location: index.php');

} else {

header('location: '.$lurl);

}

}

}

?>

<!DOCTYPE html>

<html lang="en">

<head>

<meta charset="UTF-8">

<meta name="generator" content="Sublime Text 3114">

<meta name="author" content="[email protected]">

<meta name="keywords" content="">

<meta name="description" content="">

<title>OA站點登陸系統</title>

</head>

<body>

<div class="container">

<h2>oa.taoip.cn站點登陸系統</h2>

<form action="" method="post">

<label for="">用戶名</label>

<input type="text" name="username">

<br>

<label for="">密碼</label>

<input type="text" name="password">

<hr>

<button type="submit">提交</button>

</form>

</div>

</body>

</html>

在bbs項目目錄下,新建index.php和login.php兩個腳本文件

編輯index.php文件

ADVERTISEMENT

<?php

/**

* @author DengPeng <[email protected]>

* @since 2017/01/03

* @copyright copyright (c) 2017 zixue.it GPL

* @license http://www.zixue.it/

*/

// BBS站點

// (1)開啟Session會話

session_name('taoip');

session_start();

// (2)獲取用戶名和token進行校驗

$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';

$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {

header('location: login.php');

exit();

}

echo "歡迎用戶,訪問BBS站點";

?>

編輯login.php文件

<?php

/**

* @author DengPeng <[email protected]>

* @since 2017/01/03

* @copyright copyright (c) 2017 zixue.it GPL

* @license http://www.zixue.it/

*/

// BBS站點登陸系統

require '../functions.php';

// (2)驗證

yzToken('taoip.cn');

// (1)判斷是否登陸,登陸則跳轉首頁,未登錄則去其他站點獲取token

$url = isset($_GET['url']) ? $_GET['url'] : '';

if (empty($url))

// (1)判斷用戶是否登陸

$bool = isLogin();

$url = isset($_GET['url']) ? $_GET['url'] : '';

if ($bool) {

if (empty($url)) {

header('location: index.php');

} else {

$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';

$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$lurl = $url.'?username='.$username.'&token='.$token;

header('location: '.$lurl);

}

}

if (!empty($_POST)) {

$username = isset($_POST['username']) ? $_POST['username'] : '';

$password = isset($_POST['password']) ? $_POST['password'] : '';

// 從庫中查詢用戶密碼

@$link = mysql_connect('localhost', 'root', '');

mysql_query('use sso', $link);

mysql_query('set names utf8', $link);

$sql = "select * from users where username = '".$username."'";

$user = mysql_fetch_assoc(mysql_query($sql, $link));

// 校驗

$salt = 'taoip';

$_password = md5($salt.$username);

// var_dump($user['password'] == $_password);

// print_r($user);exit();

if ($user['password'] == $_password) {

// 校驗成功,開始登陸

setcookie('username', $username, time()+3600, '/', 'taoip.cn');

setcookie('token', $_password, time()+3600, '/', 'taoip.cn');

// 如果URL沒有值重定向到首頁,否則重定向到URL頁面

if (empty($url)) {

header('location: index.php');

} else {

header('location: '.$lurl);

}

}

}

?>

<!DOCTYPE html>

<html lang="en">

<head>

ADVERTISEMENT

<meta charset="UTF-8">

<meta name="generator" content="Sublime Text 3114">

<meta name="author" content="[email protected]">

<meta name="keywords" content="">

<meta name="description" content="">

<title>BBS站點登陸系統</title>

</head>

<body>

<div class="container">

<h2>bbs.taoip.cn站點登陸系統</h2>

<form action="" method="post">

<label for="">用戶名</label>

<input type="text" name="username">

<br>

<label for="">密碼</label>

<input type="text" name="password">

<hr>

<button type="submit">提交</button>

</form>

</div>

</body>

</html>

在blog項目目錄下,新建index.php和login.php兩個腳本文件

編輯index.php文件

<?php

/**

* @author DengPeng <[email protected]>

* @since 2017/01/03

* @copyright copyright (c) 2017 zixue.it GPL

* @license http://www.zixue.it/

*/

// blog站點

// (1)開啟Session會話

session_name('taoip');

session_start();

// (2)獲取用戶名和token進行校驗

$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';

$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {

header('location: login.php');

exit();

}

echo "歡迎用戶,訪問blog站點";

?>

<?php

/**

* @author DengPeng <[email protected]>

* @since 2017/01/03

* @copyright copyright (c) 2017 zixue.it GPL

* @license http://www.zixue.it/

*/

// blog站點

// (1)開啟Session會話

session_name('taoip');

session_start();

// (2)獲取用戶名和token進行校驗

$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';

$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {

header('location: login.php');

exit();

}

echo "歡迎用戶,訪問blog站點";

?>

編輯login.php文件

<?php

/**

* @author DengPeng <[email protected]>

* @since 2017/01/03

* @copyright copyright (c) 2017 zixue.it GPL

* @license http://www.zixue.it/

*/

// blog站點登陸系統

require '../functions.php';

// (2)驗證

yzToken('dengpeng.cc');

// (1)判斷是否登陸,登陸則跳轉首頁,未登錄則去其他站點獲取token

$url = isset($_GET['url']) ? $_GET['url'] : '';

if (empty($url))

// (1)判斷用戶是否登陸

$bool = isLogin();

$url = isset($_GET['url']) ? $_GET['url'] : '';

if ($bool) {

if (empty($url)) {

header('location: index.php');

} else {

$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';

$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$lurl = $url.'?username='.$username.'&token='.$token;

header('location: '.$lurl);

}

}

// (3)判斷用戶是否提交數據

if (!empty($_POST)) {

$username = isset($_POST['username']) ? $_POST['username'] : '';

$password = isset($_POST['password']) ? $_POST['password'] : '';

// 從庫中查詢用戶密碼

@$link = mysql_connect('localhost', 'root', '');

mysql_query('use sso', $link);

mysql_query('set names utf8', $link);

$sql = "select * from users where username = '".$username."'";

$user = mysql_fetch_assoc(mysql_query($sql, $link));

// 校驗

$salt = 'taoip';

$_password = md5($salt.$username);

// var_dump($user['password'] == $_password);

// print_r($user);exit();

if ($user['password'] == $_password) {

setCook($username, $_password, 'dengpeng.cc');

if (empty($url)) {

header('location: index.php');

} else {

header('location: '.$lurl);

}

}

}

?>

<!DOCTYPE html>

<html lang="en">

<head>

<meta charset="UTF-8">

<meta name="generator" content="Sublime Text 3114">

<meta name="author" content="[email protected]">

<meta name="keywords" content="">

<meta name="description" content="">

<title>blog站點登陸系統</title>

</head>

<body>

<div class="container">

<h2>dengpeng.cc站點登陸系統</h2>

<form action="" method="post">

<label for="">用戶名</label>

<input type="text" name="username">

<br>

<label for="">密碼</label>

<input type="text" name="password">

<hr>

<button type="submit">提交</button>

</form>

</div>

</body>

</html>

配置本地虛擬主機

具體配置步驟,我想大家應該都會了,不需要我一一贅述.你隻需要按照我給的參照,配置和不同域名對應目錄的映射即可.

域名 /項目目錄/

oa.taoip.cn /oa/

bbs.taoip.cn /bbs/

dengpeng.cc /blog/

恭喜您,已經完成了一個簡單的SSO系統

配置完成後,記得重啟Web服務器.然後你隻需要訪問這三個不同的站點,即可實現一個站點登陸,其他站點不再發送登陸請求.

感謝閱讀,希望能幫助到大家,謝謝大家對本站的支持!

本文地址:

ADVERTISEMENT