Php automatic login authentication mechanism implementation code

Background:

Add an application named "advertising manager" (advertisement manager is an advertisement serving application of CNZZ) in the background of the phpwind site. The whole application of "Advertising Manager" is loaded through iframe, the loaded content displays the specific content of the site based on different sites. to improve ease of use, there are two requirements:
1. automatically register a CNZZ account on the "Advertising Manager" page for the first time
2. Each time you enter the "Advertising Manager" page, the CNZZ account is registered for the first time by default.


Design:

1. Try to load the user account and password information, which is stored in the database or text cache.
2. If a user name and password exist, send a request to cnzz to obtain the Token and add the Token value to the iframe address, so that the page for the user can be loaded.
3. If the user name and sensitivity do not exist, the cnzz registration interface will be used. After successful registration, the token will be returned, and the Token will also be used as part of the iframe address to load the page.
4. the Token value is valid only once, ensuring security even if it is intercepted.
Code:
Copy codeThe Code is as follows:
$ Urls = parse_url ($ db_bbsurl );
$ Domain = $ urls ['host'];
Include_once (R_P. 'require/admvclient. php ');
$ Adm_oem = new Cnzz_Adm_Oem ();
// Determine whether the user password exists in the config file
PwCache: getData (D_P. "data/bbscache/adm_config.php"); // user name and password configuration file
If (isset ($ adm_user) & isset ($ adm_pwd )){
$ Request = array ("adm_user" => $ adm_user, "adm_pwd" => $ adm_pwd, 'cms '=> 'PW ');
$ Token = $ adm_oem-> get_appkey_once ($ request );
If ($ token <0 ){
If ($ token =-1 ){
Adminmsg ('pass parameter is null or pass parameter is not number ');
} Else if ($ token =-2 ){
Adminmsg ('pass parameter password error ');
}
} Else {
$ Apikey = $ token ['adm _ key'];
}
} Else {
$ Key = md5 ($ domain. 'kclgiq7h ');
$ Request = array ('cms '=> 'PW', 'domain '=> $ domain, 'key' => $ key );
$ Token = $ adm_oem-> reg_user_once ($ request );
If ($ token <0) {// exception
If ($ token =-1 ){
Adminmsg ('key error ');
} Else if ($ token =-2 ){
Adminmsg ('invalid Domain Name Length (1 ~ 64 )');
} Elseif ($ token =-3 ){
Adminmsg ('incorrect domain name input (such as Chinese characters )');
} Elseif ($ token =-4 ){
Adminmsg ('wrong domain name database insert ');
} Elseif ($ token =-5 ){
Adminmsg ('IP User call page exceeds the threshold, and the threshold is tentatively set to 10 ');
}
} Elseif (is_array ($ token) & isset ($ token )){
$ Adm_user = $ token ['adm _ user'];
$ Adm_pwd = $ token ['adm _ pwd'];
$ Apikey = $ token ['adm _ key'];
PwCache: setData (D_P. 'data/bbscache/adm_config.php ', "<? Php \ r \ n \ $ adm_user = ". $ adm_user."; \ r \ n \ $ adm_pwd = ". $ adm_pwd." \ r \ n?> ");
}
}