PHP Programming SSO Detailed introduction and simple example

PHP SSO Detailed

SSO has three modes: ① cross-subdomain Single sign-on ② fully cross single-point domain login ③ Station Group shared identity authentication

The first mode is simple, just set the domain of the cookie to the root domain of multiple apps.

The second way, is also very simple, that is, the application of the authentication address is replaced with the same authentication address, each time to check whether the login in the certification center, if logged in, to call the application issued a cryptographic token can be

The third kind of cross-domain is to jump back and forth to verify token is slightly troublesome

Configuring the directory Structure

Under the server root directory, create a new three project directory:

|–/website root directory/
|–|–/oa/
|–|–/bbs/
|–|–/blog/

Create a new functions in the root directory. PHP script file, the specific content is as follows:

<?php/** * Get Login token * @param string $url Get token address * 2017-01-03t13:08:43+0800 */function GetToken ($url) {$bool = is  Login ();    if ($bool) {//If landing a jump to the homepage of the site header (' location:index.php ');  Exit (); }//Do not log in, go to another site to see if landing header (' Location: '. $url);}  Verify that the token is correct function Yztoken ($domain) {$url = isset ($_get[' url '))? $_get[' URL ']: '; $username = isset ($_get[' username ')?  $_get[' username ': '; $token = isset ($_get[' token ')?    $_get[' token ']: ';    if (!empty ($username) &&!empty ($token)) {$salt = ' taoip ';    $_token = MD5 ($salt. $username);      Verify that the token from the third-party site is correct if ($_token = = $token) {//Set the cookie Setcook to jump over the website ($username, $_token, $domain);    Header (' location:index.php '); }}}//Set Cookiefunction Setcook ($username, $_password, $domain) {//Verify successful, start login Setcookie (' username ', $username, Time ()  +3600, '/', $domain);  Setcookie (' token ', $_password, Time () +3600, '/', $domain); Header (' location:index.php ');} Determine whether to login function IsLOgin () {$username = Isset ($_cookie[' username ') "$_cookie[' username ']: '; $token = isset ($_cookie[' token ')?  $_cookie[' token ']: ';   $salt = ' Taoip ';   $_token = MD5 ($salt. $username);  if ($token = = $_token) {return true;  } else {return false; }}?>

Create a new index.php and login.php two script files in the OA project directory

Edit index.php File

<?php//OA site//(1) Open session Sessions Session_name (' Taoip '); session_start ();//(2) Get username and token for checksum $username = Isset ($_ cookie[' username ')? $_cookie[' username ': '; $token = isset ($_cookie[' token '])? $_cookie[' token ']: '; $salt = ' Taoip '; $_token = MD5 ($salt. $username); if ($token! = $_token) {  header (' location:login.php ');  Exit ();} echo "Welcome {$username} user, visit OA site";?>

Edit login.php File

<?php//OA site landing system require '. /functions.php '; (2) Verifying Yztoken (' taoip.cn '); (1) Determine whether to login, landing then jump home, not logged on to other sites to get Token$url = isset ($_get[' url ')? $_get[' url ': '; if (empty ($url)) {GetToken (' http://dengpeng.cc/login.php?url=http://oa.taoip.cn/login.php ');}//( 1) Determine if the user logged in $bool = IsLogin (); $url = isset ($_get[' url ')?  $_get[' URL ']: '; if ($bool) {if (empty ($url)) {header (' location:index.php ');    } else {$username = isset ($_cookie[' username '))? $_cookie[' username ']: '; $token = isset ($_cookie[' token ')?    $_cookie[' token ']: '; $lurl = $url. '? Username= '. $username. '    &token= '. $token;  Header (' Location: '. $lurl);  }} if (!empty ($_post)) {$username = Isset ($_post[' username '])? $_post[' username ']: '; $password = isset ($_post[' password ')?   $_post[' password ': ';  Query user password from library @ $link = mysql_connect (' localhost ', ' root ', ');  mysql_query (' Use SSO ', $link);  mysql_query (' Set names UTF8 ', $link);  $sql = "SELECT * from users where username = '". $username. "'";$user = Mysql_fetch_assoc (mysql_query ($sql, $link));  Check $salt = ' Taoip ';   $_password = MD5 ($salt. $username);  Var_dump ($user [' password '] = = $_password);   Print_r ($user); exit ();    if ($user [' password '] = = $_password) {//Verify success, start landing setcookie (' username ', $username, Time () +3600, '/', ' taoip.cn ');    Setcookie (' token ', $_password, Time () +3600, '/', ' taoip.cn ');    If the URL does not have a value redirected to the first page, otherwise redirect to the URL page if (Empty ($url)) {header (' location:index.php ');    } else {header (' location: '. $lurl); }}}?> <! DOCTYPE html>
Create a new index.php and login.php two script files in the BBS project directory

Edit index.php File

<?php/** * @author Dengpeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright Copyright (c) zixue.it GPL * @l Icense http://www.zixue.it/*///BBS site//(1) Open session Sessions Session_name (' Taoip '); session_start ();//(2) Get username and token for check $ Username = isset ($_cookie[' username ')? $_cookie[' username ': '; $token = isset ($_cookie[' token '])? $_cookie[' token ']: '; $salt = ' Taoip '; $_token = MD5 ($salt. $username); if ($token! = $_token) {  header (' location:login.php ');  Exit ();} echo "Welcome {$username} user, visit BBS site";?>
Edit login.php File

<?php/** * @author Dengpeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright Copyright (c) zixue.it GPL * @l Icense http://www.zixue.it/*//BBS site landing system require '. /functions.php '; (2) Verifying Yztoken (' taoip.cn '); (1) Determine whether to login, landing then jump home, not logged on to other sites to get Token$url = isset ($_get[' url ')? $_get[' url ': '; if (empty ($url)) {GetToken (' http://dengpeng.cc/login.php?url=http://bbs.taoip.cn/login.php ');}// (1) Determine if the user is logged in $bool = IsLogin (); $url = isset ($_get[' url ")?  $_get[' URL ']: '; if ($bool) {if (empty ($url)) {header (' location:index.php ');    } else {$username = isset ($_cookie[' username '))? $_cookie[' username ']: '; $token = isset ($_cookie[' token ')?    $_cookie[' token ']: '; $lurl = $url. '? Username= '. $username. '    &token= '. $token;  Header (' Location: '. $lurl);  }} if (!empty ($_post)) {$username = Isset ($_post[' username '])? $_post[' username ']: '; $password = isset ($_post[' password ')?   $_post[' password ': '; Query user password from library @ $link = mysql_connect (' localhost ', ' roOT ', ');  mysql_query (' Use SSO ', $link);  mysql_query (' Set names UTF8 ', $link);  $sql = "SELECT * from users where username = '". $username. "'";   $user = Mysql_fetch_assoc (mysql_query ($sql, $link));  Check $salt = ' Taoip ';   $_password = MD5 ($salt. $username);  Var_dump ($user [' password '] = = $_password);   Print_r ($user); exit ();    if ($user [' password '] = = $_password) {//Verify success, start landing setcookie (' username ', $username, Time () +3600, '/', ' taoip.cn ');    Setcookie (' token ', $_password, Time () +3600, '/', ' taoip.cn ');    If the URL does not have a value redirected to the first page, otherwise redirect to the URL page if (Empty ($url)) {header (' location:index.php ');    } else {header (' location: '. $lurl); }}}?> <! DOCTYPE html>
Create a new index.php and login.php two script files in the blog project directory

Edit index.php File

<?php/** * @author Dengpeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright Copyright (c) zixue.it GPL * @l Icense http://www.zixue.it/*///blog site//(1) Open session Sessions Session_name (' Taoip '); session_start ();//(2) Get username and token for verification $username = isset ($_cookie[' username ')? $_cookie[' username ': '; $token = isset ($_cookie[' token '])? $_cookie[' token ']: '; $salt = ' Taoip '; $_token = MD5 ($salt. $username);  if ($token! = $_token) {header (' location:login.php '); Exit ();} echo "Welcome {$username} user, visit blog site";?> <?php/** * @author Dengpeng <3@dengpeng.cc> * @since 2017/01/03 * @copyrig HT Copyright (c) zixue.it GPL * @license http://www.zixue.it/*//blog site//(1) Open session Sessions Session_name (' Taoip '); ses Sion_start ();//(2) Get username and token for checksum $username = isset ($_cookie[' username ')? $_cookie[' username ': '; $token = isset ($_cookie[' token '])? $_cookie[' token ']: '; $salt = ' Taoip '; $_token = MD5 ($salt. $username);  if ($token! = $_token) {header (' location:login.php '); Exit();} echo "Welcome {$username} user, visit blog site";?>
 Edit login.php file 
 

<?php/** * @author Dengpeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright Copyright (c) zixue.it GPL * @l Icense http://www.zixue.it/*//blog site landing system require '. /functions.php '; (2) Verifying Yztoken (' dengpeng.cc '); (1) Determine whether to login, landing then jump home, not logged on to other sites to get Token$url = isset ($_get[' url ')?  $_get[' url ': '; if (empty ($url)) {GetToken (' http://oa.taoip.cn/login.php?url=http://dengpeng.cc/login.php ');} (1) Determine if the user is logged in $bool = IsLogin (); $url = isset ($_get[' url ")?  $_get[' URL ']: '; if ($bool) {if (empty ($url)) {header (' location:index.php ');    } else {$username = isset ($_cookie[' username '))? $_cookie[' username ']: '; $token = isset ($_cookie[' token ')?    $_cookie[' token ']: '; $lurl = $url. '? Username= '. $username. '    &token= '. $token;  Header (' Location: '. $lurl);  }}//(3) Determine if the user submits the data if (!empty ($_post)) {$username = Isset ($_post[' username '])? $_post[' username ']: '; $password = isset ($_post[' password ')?   $_post[' password ': '; Query user password from library @ $link = Mysql_connECT (' localhost ', ' root ', ');  mysql_query (' Use SSO ', $link);  mysql_query (' Set names UTF8 ', $link);  $sql = "SELECT * from users where username = '". $username. "'";   $user = Mysql_fetch_assoc (mysql_query ($sql, $link));  Check $salt = ' Taoip ';   $_password = MD5 ($salt. $username);  Var_dump ($user [' password '] = = $_password);   Print_r ($user); exit ();    if ($user [' password '] = = $_password) {Setcook ($username, $_password, ' dengpeng.cc ');    if (empty ($url)) {header (' location:index.php ');    } else {header (' location: '. $lurl); }}}?> <! DOCTYPE html>
Configuring the local virtual host

Specific configuration steps, I think everyone should be, do not need me to repeat the one by one. You just need to follow the reference I gave, configure and map the corresponding directory of different domain names.

Domain/project directory/
oa.taoip.cn/oa/
bbs.taoip.cn/bbs/
dengpeng.cc/blog/

Congratulations, you have completed a simple SSO system

After the configuration is complete, remember to restart the Web server. Then you only need to visit these three different sites, you can achieve a site landing, other sites no longer send login requests.

Thank you for reading, hope to help everyone, thank you for the support of this site!