Ucenter member Synchronous Login Communication principle

1, the user login BBS, through the logging.php file, using the function UC _user_login authentication, if the validation succeeds, will call function _user_synlogin (in client.php file under Uc_client), In this function call UC _api_post (' User ', ' synlogin ', Array (' uid ' = = $uid)), and then to _api. ' /index.php ' data is passed; the UC _api here is the Uc_server URL address defined in config.inc.php

2, _ The server's index.php accepts parameter data, obtains model User,action as Synlogin, calls the Onsynlogin method in the User.php class under the control directory, notifies the JavaScript by using a foreach Loop Apps in the app list synchronize logins, i.e., by get to UC under API in the app directory. PHP some data;

3,uc. PHP receives notifications and processes get-over data, and in the function Synlogin (located in uc.php) through the function Uc_authcode encrypt the data (by default _key as the key), with the function Uc_setcookie set the cookie;

4, each application in the appropriate file with the corresponding key to decode the cookie set above, to obtain the user ID and other data, through this value to determine whether the user has been logged in other applications;

Take discuz Example:

One, user login check and user login verification logging.php

The following code snippet is in the logging.php of BBS

} elseif ($action = = ' Login ') {

if ($discuz _uid) {

$ synlogin = ';

ShowMessage (' login_s ceed ', $indexname);

}

Checks whether the user ID variable $discuz_uid is empty to determine whether the user is logged on (including logging in from another app). ）

If the user logs on from BBS, the following code is passed after the login verification is successful:

$ synlogin = $allowsynlogin? Uc_user_synlogin ($discuz _uid): ";

Notify other apps----"user has logged in from BBS, please notify other app settings Cookie"

(_server pass data to api/uc.php of other applications via JavaScript calls)

You can create a new file named test.php in the app directory to simulate a successful login and request UC _server to notify other apps. The contents of the file are:

---------------------file content starts----------------------

<?php

Include_once "config.inc.php";

Include_once "./_client/client.php";

Echo UC _user_synlogin (1);

echo "<pre>";

Var_dump ($_cookie);

echo "</pre>";

?>

<script type= "Text/javascript" >

var obj=document.getelementsbytagname ("script");

for (Var i=0;i<obj.length-1;i++) {

document.write ("<a href=\" "+obj[i].src+" \ ">" +obj[i].src+ "</a>

}

</script>

---------------------End of file content----------------------

PS: This test code can also test the synchronization of the situation, the use of the method, you can think about (also described later in this article), there are questions can be at the end of this article to comment and I discuss.

After running, look at the source code to see JavaScript;

It's important to note that these JavaScript notifications do not include the user login application. In other words, only "notify" the user is not logged in the app, because the user through _server login successful current application, of course, do not need to _server again notice. For the specific code, see: Webroot\ _server\control\user.php in the Onsynlogin function of this sentence:

if ($app [' Synlogin '] && $app [' AppID ']! = $this->app[' AppID '])

Code Explanation:

$app [' Synlogin '] is whether the app allows simultaneous logins

And the app ID doesn't equal the app ID that the user is currently logged on to

$app array is the array $_cache[' apps ' in UC _server\data\cache\apps.php;

$this->app is the user login application

Second, accept the other application's Synchronous login notification:

In the Discuz API directory under the uc.php function Synlogin, here to accept Uc_server sent over the "Synchronous login Notification" and set the discuz of the cookie, in this function you can view the cookie encryption key "algorithm";

If you want to see what data "notifications" are sent by UC _server, you can do this:

1, modify the Api\uc. PHP in the app directory to be notified, in $action = $get [' action ']; The following code is added below the code:

echo "<pre>", Var_dump ($get), echo "</pre>";d ie ("

2, the above-established test.php file is placed in other applications to allow synchronization of the directory, and run in the browser, and then click on the page corresponding to the first step of the application link, you can see the uc_server "notice" To change the application data;

---------------------------Split Line-------------------------------

function Synlogin ($get, $post)

In this function through the Uc_authcode function, the key $discuz_auth_key encrypt the cookie;

In order to avoid the cookie name conflict, prefix ($cookiepre) is prefixed with the cookie name (usually: auth), which is the value of the cookie prefix set in config.inc.php;

See the function Uc_setcookie for setting cookies:

(use parameter $prefix to determine whether to prefix the cookie name $cookiepre)

function Uc_setcookie ($var, $val, $life = 0, $prefix = 1) {

Global $cookiepre, $cookiedomain, $cookiepath, $timestamp, $_server;

Setcookie ($prefix? $cookiepre: ") $var, $val,

$life? $timestamp + $life: 0, $cookiepath,

$cookiedomain, $_server[' server_port '] = = 443? 1:0);

}

Key "algorithm":

$discuz _auth_key= MD5 ($_dcache[' Settings ' [' Authkey '].$_server[' http_user_agent ']);

That is, different users encrypt the cookie key may be different;

Third, check whether the user is logged in (whether the app is logged in):

Discuz's incl? there is such code in common.inc.php in the catalog:

$discuz _auth_key = MD5 ($_dcache[' Settings ' [' Authkey '].$_server[' http_user_agent ']);

List ($discuz _pw, $discuz _secqs, $discuz _uid) = Empty ($_dcookie[' auth '])? Array (', ', ', 0): Daddslashes (Explode ("\ t", Authcode ($_dcookie[' auth '), ' DECODE ')), 1);

This code is decoded in. php with the key ($discuz _auth_key) encrypted cookie value to obtain the user ID ($discuz _uid) Here the decryption function is located in bbs\incl?\global.func.php, although the function is not Pass the cookie key, but the function passes the global variable $globals[' Discuz_auth_key ') to obtain the key.

Ucenter member Synchronization Login principle