PHP SSO詳解
SSO有三種模式:①跨子域單點登陸②完全跨單點域登陸③站群共用身份認證
第一種模式很簡單,只需要將Cookie的網域設定成多個應用的根域即可
第二種方式,也很簡單,就是將所以應用的認證地址更換成同一個認證地址,每次查看是否在認證中心登陸,如果登陸了,給調用應用發放一個加密令牌即可
第三種跨域,就是來回跳轉來回驗證token略有麻煩
配置目錄結構
在伺服器根目錄下,建立三個項目目錄:
|–/網站根目錄/
|–|–/oa/
|–|–/bbs/
|–|–/blog/
在根目錄下建立functions.PHP指令檔,具體內容如下:
<?php/** * 擷取登陸token * @param string $url 擷取token的地址 * 2017-01-03T13:08:43+0800 */function getToken($url){ $bool = isLogin(); if ($bool) { // 如果登陸了跳轉到本站首頁 header('location: index.php'); exit(); } // 否則沒有登陸,去另一個網站看是否登陸 header('location: '.$url);}// 校正令牌是否正確function yzToken($domain){ $url = isset($_GET['url']) ? $_GET['url'] : ''; $username = isset($_GET['username']) ? $_GET['username'] : ''; $token = isset($_GET['token']) ? $_GET['token'] : ''; if (!empty($username) && !empty($token)) { $salt = 'taoip'; $_token = md5($salt.$username); // 校正第三方網站過來時的token是否正確 if ($_token == $token) { // 設定跳轉過來的網站的Cookie setCook($username, $_token, $domain); header('location: index.php'); } }}// 設定cookiefunction setCook($username, $_password, $domain){ // 校正成功,開始登陸 setcookie('username', $username, time()+3600, '/', $domain); setcookie('token', $_password, time()+3600, '/', $domain); header('location: index.php');}// 判斷是否登陸function isLogin(){ $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : ''; $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : ''; $salt = 'taoip'; $_token = md5($salt.$username); if ($token == $_token) { return true; } else { return false; }}?>
在oa項目目錄下,建立index.php和login.php兩個指令檔
編輯index.php檔案
<?php// OA網站// (1)開啟Session會話session_name('taoip');session_start();// (2)擷取使用者名稱和token進行校正$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';$salt = 'taoip';$_token = md5($salt.$username);if ($token != $_token) { header('location: login.php'); exit();}echo "歡迎{$username}使用者,訪問OA網站";?>
編輯login.php檔案
<?php// OA網站登陸系統require '../functions.php';// (2)驗證yzToken('taoip.cn');// (1)判斷是否登陸,登陸則跳轉首頁,未登入則去其他網站擷取token$url = isset($_GET['url']) ? $_GET['url'] : '';if (empty($url)) { getToken('http://dengpeng.cc/login.php?url=http://oa.taoip.cn/login.php');}// (1)判斷使用者是否登陸$bool = isLogin();$url = isset($_GET['url']) ? $_GET['url'] : '';if ($bool) { if (empty($url)) { header('location: index.php'); } else { $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : ''; $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : ''; $lurl = $url.'?username='.$username.'&token='.$token; header('location: '.$lurl); }}if (!empty($_POST)) { $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; // 從庫中查詢使用者密碼 @$link = mysql_connect('localhost', 'root', ''); mysql_query('use sso', $link); mysql_query('set names utf8', $link); $sql = "select * from users where username = '".$username."'"; $user = mysql_fetch_assoc(mysql_query($sql, $link)); // 校正 $salt = 'taoip'; $_password = md5($salt.$username); // var_dump($user['password'] == $_password); // print_r($user);exit(); if ($user['password'] == $_password) { // 校正成功,開始登陸 setcookie('username', $username, time()+3600, '/', 'taoip.cn'); setcookie('token', $_password, time()+3600, '/', 'taoip.cn'); // 如果URL沒有值重新導向到首頁,否則重新導向到URL頁面 if (empty($url)) { header('location: index.php'); } else { header('location: '.$lurl); } }}?><!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="generator" content="Sublime Text 3114"> <meta name="author" content="3@dengpeng.cc"> <meta name="keywords" content=""> <meta name="description" content=""> <title>OA網站登陸系統</title></head><body> <p class="container"> <h2>oa.taoip.cn網站登陸系統</h2> <form action="" method="post"> <label for="">使用者名稱</label> <input type="text" name="username"> <br> <label for="">密碼</label> <input type="text" name="password"> <hr> <button type="submit">提交</button> </form> </p></body></html>
在bbs項目目錄下,建立index.php和login.php兩個指令檔
編輯index.php檔案
<?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// BBS網站// (1)開啟Session會話session_name('taoip');session_start();// (2)擷取使用者名稱和token進行校正$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';$salt = 'taoip';$_token = md5($salt.$username);if ($token != $_token) { header('location: login.php'); exit();}echo "歡迎{$username}使用者,訪問BBS網站";?>
編輯login.php檔案
<?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// BBS網站登陸系統require '../functions.php';// (2)驗證yzToken('taoip.cn');// (1)判斷是否登陸,登陸則跳轉首頁,未登入則去其他網站擷取token$url = isset($_GET['url']) ? $_GET['url'] : '';if (empty($url)) { getToken('http://dengpeng.cc/login.php?url=http://bbs.taoip.cn/login.php');}// (1)判斷使用者是否登陸$bool = isLogin();$url = isset($_GET['url']) ? $_GET['url'] : '';if ($bool) { if (empty($url)) { header('location: index.php'); } else { $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : ''; $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : ''; $lurl = $url.'?username='.$username.'&token='.$token; header('location: '.$lurl); }}if (!empty($_POST)) { $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; // 從庫中查詢使用者密碼 @$link = mysql_connect('localhost', 'root', ''); mysql_query('use sso', $link); mysql_query('set names utf8', $link); $sql = "select * from users where username = '".$username."'"; $user = mysql_fetch_assoc(mysql_query($sql, $link)); // 校正 $salt = 'taoip'; $_password = md5($salt.$username); // var_dump($user['password'] == $_password); // print_r($user);exit(); if ($user['password'] == $_password) { // 校正成功,開始登陸 setcookie('username', $username, time()+3600, '/', 'taoip.cn'); setcookie('token', $_password, time()+3600, '/', 'taoip.cn'); // 如果URL沒有值重新導向到首頁,否則重新導向到URL頁面 if (empty($url)) { header('location: index.php'); } else { header('location: '.$lurl); } }}?><!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="generator" content="Sublime Text 3114"> <meta name="author" content="3@dengpeng.cc"> <meta name="keywords" content=""> <meta name="description" content=""> <title>BBS網站登陸系統</title></head><body> <p class="container"> <h2>bbs.taoip.cn網站登陸系統</h2> <form action="" method="post"> <label for="">使用者名稱</label> <input type="text" name="username"> <br> <label for="">密碼</label> <input type="text" name="password"> <hr> <button type="submit">提交</button> </form> </p></body></html>
在blog項目目錄下,建立index.php和login.php兩個指令檔
編輯index.php檔案
<?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// blog網站// (1)開啟Session會話session_name('taoip');session_start();// (2)擷取使用者名稱和token進行校正$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';$salt = 'taoip';$_token = md5($salt.$username);if ($token != $_token) { header('location: login.php'); exit();}echo "歡迎{$username}使用者,訪問blog網站";?><?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// blog網站// (1)開啟Session會話session_name('taoip');session_start();// (2)擷取使用者名稱和token進行校正$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';$salt = 'taoip';$_token = md5($salt.$username);if ($token != $_token) { header('location: login.php'); exit();}echo "歡迎{$username}使用者,訪問blog網站";?>
編輯login.php檔案
<?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// blog網站登陸系統require '../functions.php';// (2)驗證yzToken('dengpeng.cc');// (1)判斷是否登陸,登陸則跳轉首頁,未登入則去其他網站擷取token$url = isset($_GET['url']) ? $_GET['url'] : '';if (empty($url)) { getToken('http://oa.taoip.cn/login.php?url=http://dengpeng.cc/login.php');}// (1)判斷使用者是否登陸$bool = isLogin();$url = isset($_GET['url']) ? $_GET['url'] : '';if ($bool) { if (empty($url)) { header('location: index.php'); } else { $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : ''; $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : ''; $lurl = $url.'?username='.$username.'&token='.$token; header('location: '.$lurl); }}// (3)判斷使用者是否提交資料if (!empty($_POST)) { $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; // 從庫中查詢使用者密碼 @$link = mysql_connect('localhost', 'root', ''); mysql_query('use sso', $link); mysql_query('set names utf8', $link); $sql = "select * from users where username = '".$username."'"; $user = mysql_fetch_assoc(mysql_query($sql, $link)); // 校正 $salt = 'taoip'; $_password = md5($salt.$username); // var_dump($user['password'] == $_password); // print_r($user);exit(); if ($user['password'] == $_password) { setCook($username, $_password, 'dengpeng.cc'); if (empty($url)) { header('location: index.php'); } else { header('location: '.$lurl); } }}?><!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="generator" content="Sublime Text 3114"> <meta name="author" content="3@dengpeng.cc"> <meta name="keywords" content=""> <meta name="description" content=""> <title>blog網站登陸系統</title></head><body> <p class="container"> <h2>dengpeng.cc網站登陸系統</h2> <form action="" method="post"> <label for="">使用者名稱</label> <input type="text" name="username"> <br> <label for="">密碼</label> <input type="text" name="password"> <hr> <button type="submit">提交</button> </form> </p></body></html>
配置本地虛擬機器主機
具體配置步驟,我想大家應該都會了,不需要我一一贅述.你只需要按照我給的參照,配置和不同網域名稱對應目錄的映射即可.
網域名稱 /項目目錄/
oa.taoip.cn /oa/
bbs.taoip.cn /bbs/
dengpeng.cc /blog/
恭喜您,已經完成了一個簡單的SSO系統
配置完成後,記得重啟Web伺服器.然後你只需要訪問這三個不同的網站,即可實現一個網站登陸,其他網站不再發送登陸請求.
以上就是本文的全部內容,希望對大家的學習有所協助。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
