Simple Single Sign-On function example for PHP and single sign-on example for php
The example in this article describes PHP's simple Single Sign-On function. We will share this with you for your reference. The details are as follows:
1. Prepare two virtual domain names
127.0.0.1 www.openpoor.com
127.0.0.1 www.myspace.com
2. Create the following files in the root directory of openpoor
Index. PHP
<? Phpsession_start ();?> <! DOCTYPE html>
Login. php
<? Phpsession_start (); if (! Empty ($ _ POST ['username']) {require '.. /Des. php '; $ _ SESSION ['username'] = $ _ POST ['username']; $ redirect = 'HTTP: // www.openpoor.com/index.php'; header ('location: http://www.openpoor.com/sync.php? Redirect = '. urlencode ($ redirect ). '& code = '. des: encrypt ($ _ POST ['username'], 'openpoor'); exit ;}?> <! DOCTYPE html>
Sync. php
<?php$redirect = empty($_GET['redirect']) ? 'www.openpoor.com' : $_GET['redirect'];if(empty($_GET['code'])){ header('Loaction:http://'.urldecode($redirect)); exit;}$apps = array( 'www.myspace.com/slogin.php');?><!DOCTYPE html>
3. Create the following file under the myspace root directory
Complete session settings in the slogin File
<?phpsession_start();header('Content-Type:text/javascript; charset=utf-8');if(!empty($_GET['code'])){ require '../Des.php'; $username = Des::decrypt($_GET['code'],'openpoor'); if(!empty($username)){ header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $_SESSION['username'] = $username; }}?>
Index. php
<? Phpsession_start (); if (! Empty ($ _ SESSION ['username']) {echo "Welcome ". $ _ SESSION ['username']. "space" ;}else {echo "Please log on first" ;}?>
4. The content of the Des. php file is as follows:
<?php/** *@see Yii CSecurityManager; */class Des{ public static function encrypt($data,$key){ $module=mcrypt_module_open('des','', MCRYPT_MODE_CBC,''); $key=substr(md5($key),0,mcrypt_enc_get_key_size($module)); srand(); $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND); mcrypt_generic_init($module,$key,$iv); $encrypted=$iv.mcrypt_generic($module,$data); mcrypt_generic_deinit($module); mcrypt_module_close($module); return md5($data).'_'.base64_encode($encrypted); } public static function decrypt($data,$key){ $_data = explode('_',$data,2); if(count($_data)<2){ return false; } $data = base64_decode($_data[1]); $module=mcrypt_module_open('des','', MCRYPT_MODE_CBC,''); $key=substr(md5($key),0,mcrypt_enc_get_key_size($module)); $ivSize=mcrypt_enc_get_iv_size($module); $iv=substr($data,0,$ivSize); mcrypt_generic_init($module,$key,$iv); $decrypted=mdecrypt_generic($module,substr($data,$ivSize,strlen($data))); mcrypt_generic_deinit($module); mcrypt_module_close($module); $decrypted = rtrim($decrypted,"\0"); if($_data[0]!=md5($decrypted)){ return false; } return $decrypted; }}?>
After you log on to openpoor, upload the session information to files under other domain names for processing and run it as a script tag.
5. Access to www.openpoor.com and www.myspace.com is not logged on.
Both domain names are logged on.
At this point, we have implemented a simple single-point logon.