Explanation: cookiesso is a SSO solution for php applications for cookie verification.
Explanation of an SSO solution for php applications for cookie Verification
Recently, the project needs to be connected to a "out of service for years" PHP application. because the system has been built for many years and the information center's own people have obtained it through some tools, in addition, it is written in PHP that I have not really touched on, and there is also a cross-origin problem on the server that is not in the same with our system. I want to simulate Logon Through the client, but it is always unsuccessful.
No way, you have to do everything you can to view the page source code, and then find the PHP file on the server for analysis.
I am not familiar with php and have not carefully looked at it. Therefore, I only had a preliminary understanding of the php file on the login page. It is basically determined that the php file is implemented through cookies, in fact, there is still no clear understanding of the real verification mechanism and how to verify it. As a result, we are eager to start a new journey, and the results are repeated and failed.
First, let's start with the implementation method:
Start
Add an iframe to the system, try to assign values to the user name and password of the specified page of the remote system in the iframe from the local application, and simulate the Click Event of the "Log on" button. This is a must-have failure, because, after cross-origin, js generally cannot perform cross-origin remote operations on other people's things.
Then
Remote action of the local form. Add a new form on the local page. Add the same logon interface content as the target system to this form (that is, the user name and password input box. In particular, this application does not have a verification code ), then, when loading the page, assign values to the elements in form. When you click "Single Sign-On" on the local page, submit this form, try to implement login verification for this php System in the java login authentication mode. However, you still cannot log on normally.
Next
Carefully analyze the login PHP file. It is found that the verification process is actually implemented through cookies. It is rare to remember that many BBS in the early days were implemented in this way. Ask the relevant personnel to learn about the login authentication mechanism and process through various channels. It turns out that after login, the information is written into the cookie, each page introduces a PHP file that reads the cookie and judges based on the cookie content. In this way, we understand the verification mechanism. Therefore, the cross-origin cookie writing method is required. Because the application itself is a portal application, writing cross-Origin applications also takes some effort. In the end, writing local cookies is okay, however, a cross-origin cookie cannot be generated without thinking about it.
Last
Analyze the php logon interface and find that each targeted login php file has an if (isset ($ submit) and $ submit = "login") during verification ") this judgment does not particularly understand what this sentence means. isset seems to be used to determine whether the parameter is null, and the parameter value is "login" later "! Because my php level is too low, I don't know how this judgment works and whether it can be executed. In the end, we can only discuss with the customer whether to add a PHP file specifically used to receive single-point logon requests on the server. I just modified the PHP file used for the original login and removed these judgments. After the original login was verified, the jump to the target page was redirected through the information obtained from the address bar, therefore, this part of content has also been increased. In this way, the following ssologon. php file is formed
<? Php require ($ DOCUMENT_ROOT. "/db. inc"); $ dbh = db_connect (); if (! $ Dbh) die ("mysql connect failed. please wait to retry... "); $ SQL =" select * from user_code where (user_name = '$ username') and (user_password =' $ password '))"; $ result = mysql_query ($ SQL, $ dbh); if (! $ Result) die ("mysql system error, please connact with admin"); $ num = mysql_num_rows ($ result); if ($ num <1) {// not such a man db_close ($ dbh); echo "$ header name or Password error $ footer"; exit;} else {// verification passed, set cookie $ row = mysql_fetch_object ($ result); db_close ($ dbh); $ temp = $ row-> user_id. "*". $ row-> user_cnname. "*". $ row-> user_password; $ ret = setcookie ("WEBOAUSER", "$ temp"); echo "<meta http-equiv = 'refresh' content = '0; ur L = http: // 192.168.1.4/uuu/default. php'> "; exit ;}?>
Then, specify the form action in the local application as the PHP file!
SummaryYou must be careful and understand the principles to get twice the result with half the effort.
If you have any questions, please leave a message or go to the community on this site for discussion. Thank you for reading this article. Thank you for your support!