PHP编程 SSO详细介绍及简单实例

2024-03-05 06:04:02 255

PHPSSO详解

SSO有三种模式:①跨子域单点登陆②完全跨单点域登陆③站群共享身份认证

第一种模式很简单,只需要将Cookie的域设置成多个应用的根域即可

第二种方式,也很简单,就是将所以应用的认证地址更换成同一个认证地址,每次查看是否在认证中心登陆,如果登陆了,给调用应用发放一个加密令牌即可

第三种跨域,就是来回跳转来回验证token略有麻烦

配置目录结构

|–/网站根目录/
|–|–/oa/
|–|–/bbs/
|–|–/blog/

在根目录下新建functions.PHP脚本文件,具体内容如下:

<?php

/**
*获取登陆token
*@paramstring$url获取token的地址
*2017-01-03T13:08:43+0800
*/
functiongetToken($url)
{
$bool=isLogin();
if($bool){
//如果登陆了跳转到本站首页
header('location:index.php');
exit();
}

//否则没有登陆,去另一个站点看是否登陆
header('location:'.$url);
}

//校验令牌是否正确
functionyzToken($domain)
{
$url=isset($_GET['url'])?$_GET['url']:'';
$username=isset($_GET['username'])?$_GET['username']:'';
$token=isset($_GET['token'])?$_GET['token']:'';


if(!empty($username)&&!empty($token)){
$salt='taoip';
$_token=md5($salt.$username);
//校验第三方站点过来时的token是否正确
if($_token==$token){
//设置跳转过来的网站的Cookie
setCook($username,$_token,$domain);
header('location:index.php');
}
}

}

//设置cookie
functionsetCook($username,$_password,$domain)
{
//校验成功,开始登陆
setcookie('username',$username,time()+3600,'/',$domain);
setcookie('token',$_password,time()+3600,'/',$domain);
header('location:index.php');
}

//判断是否登陆
functionisLogin()
{
$username=isset($_COOKIE['username'])?$_COOKIE['username']:'';
$token=isset($_COOKIE['token'])?$_COOKIE['token']:'';
$salt='taoip';

$_token=md5($salt.$username);

if($token==$_token){
returntrue;
}else{
returnfalse;
}
}

?>

在oa项目目录下,新建index.php和login.php两个脚本文件

编辑index.php文件

<?php

//OA站点

//(1)开启Session会话
session_name('taoip');
session_start();
//(2)获取用户名和token进行校验
$username=isset($_COOKIE['username'])?$_COOKIE['username']:'';
$token=isset($_COOKIE['token'])?$_COOKIE['token']:'';

$salt='taoip';

$_token=md5($salt.$username);

if($token!=$_token){
header('location:login.php');
exit();
}

echo"欢迎{$username}用户,访问OA站点";

?>

编辑login.php文件

<?php

//OA站点登陆系统
require'../functions.php';

//(2)验证
yzToken('taoip.cn');

//(1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token
$url=isset($_GET['url'])?$_GET['url']:'';
if(empty($url)){
getToken('http://dengpeng.cc/login.php?url=http://oa.taoip.cn/login.php');
}

//(1)判断用户是否登陆
$bool=isLogin();
$url=isset($_GET['url'])?$_GET['url']:'';
if($bool){
if(empty($url)){
header('location:index.php');
}else{
$username=isset($_COOKIE['username'])?$_COOKIE['username']:'';
$token=isset($_COOKIE['token'])?$_COOKIE['token']:'';
$lurl=$url.'?username='.$username.'&token='.$token;
header('location:'.$lurl);
}
}


if(!empty($_POST)){
$username=isset($_POST['username'])?$_POST['username']:'';
$password=isset($_POST['password'])?$_POST['password']:'';

//从库中查询用户密码
@$link=mysql_connect('localhost','root','');
mysql_query('usesso',$link);
mysql_query('setnamesutf8',$link);
$sql="select*fromuserswhereusername='".$username."'";
$user=mysql_fetch_assoc(mysql_query($sql,$link));

//校验
$salt='taoip';
$_password=md5($salt.$username);

//var_dump($user['password']==$_password);
//print_r($user);exit();

if($user['password']==$_password){
//校验成功,开始登陆
setcookie('username',$username,time()+3600,'/','taoip.cn');
setcookie('token',$_password,time()+3600,'/','taoip.cn');
//如果URL没有值重定向到首页,否则重定向到URL页面
if(empty($url)){
header('location:index.php');
}else{
header('location:'.$lurl);
}
}
}

?>

<!DOCTYPEhtml>
<htmllang="en">
<head>
<metacharset="UTF-8">
<metaname="generator"content="SublimeText3114">
<metaname="author"content="3@dengpeng.cc">
<metaname="keywords"content="">
<metaname="description"content="">
<title>OA站点登陆系统</title>
</head>
<body>
<divclass="container">
<h2>oa.taoip.cn站点登陆系统</h2>
<formaction=""method="post">
<labelfor="">用户名</label>
<inputtype="text"name="username">
<br>
<labelfor="">密码</label>
<inputtype="text"name="password">
<hr>
<buttontype="submit">提交</button>
</form>
</div>
</body>
</html>

在bbs项目目录下,新建index.php和login.php两个脚本文件

编辑index.php文件

<?php
/**
*@authorDengPeng<3@dengpeng.cc>
*@since2017/01/03
*@copyrightcopyright(c)2017zixue.itGPL
*@licensehttp://www.zixue.it/
*/

//BBS站点

//(1)开启Session会话
session_name('taoip');
session_start();
//(2)获取用户名和token进行校验
$username=isset($_COOKIE['username'])?$_COOKIE['username']:'';
$token=isset($_COOKIE['token'])?$_COOKIE['token']:'';

$salt='taoip';

$_token=md5($salt.$username);

if($token!=$_token){
header('location:login.php');
exit();
}

echo"欢迎{$username}用户,访问BBS站点";

?>

编辑login.php文件

<?php
/**
*@authorDengPeng<3@dengpeng.cc>
*@since2017/01/03
*@copyrightcopyright(c)2017zixue.itGPL
*@licensehttp://www.zixue.it/
*/

//BBS站点登陆系统
require'../functions.php';

//(2)验证
yzToken('taoip.cn');

//(1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token
$url=isset($_GET['url'])?$_GET['url']:'';
if(empty($url)){
getToken('http://dengpeng.cc/login.php?url=http://bbs.taoip.cn/login.php');
}

//(1)判断用户是否登陆
$bool=isLogin();
$url=isset($_GET['url'])?$_GET['url']:'';
if($bool){
if(empty($url)){
header('location:index.php');
}else{
$username=isset($_COOKIE['username'])?$_COOKIE['username']:'';
$token=isset($_COOKIE['token'])?$_COOKIE['token']:'';
$lurl=$url.'?username='.$username.'&token='.$token;
header('location:'.$lurl);
}
}


if(!empty($_POST)){
$username=isset($_POST['username'])?$_POST['username']:'';
$password=isset($_POST['password'])?$_POST['password']:'';

//从库中查询用户密码
@$link=mysql_connect('localhost','root','');
mysql_query('usesso',$link);
mysql_query('setnamesutf8',$link);
$sql="select*fromuserswhereusername='".$username."'";
$user=mysql_fetch_assoc(mysql_query($sql,$link));

//校验
$salt='taoip';
$_password=md5($salt.$username);

//var_dump($user['password']==$_password);
//print_r($user);exit();

if($user['password']==$_password){
//校验成功,开始登陆
setcookie('username',$username,time()+3600,'/','taoip.cn');
setcookie('token',$_password,time()+3600,'/','taoip.cn');
//如果URL没有值重定向到首页,否则重定向到URL页面
if(empty($url)){
header('location:index.php');
}else{
header('location:'.$lurl);
}
}
}

?>

<!DOCTYPEhtml>
<htmllang="en">
<head>
<metacharset="UTF-8">
<metaname="generator"content="SublimeText3114">
<metaname="author"content="3@dengpeng.cc">
<metaname="keywords"content="">
<metaname="description"content="">
<title>BBS站点登陆系统</title>
</head>
<body>
<divclass="container">
<h2>bbs.taoip.cn站点登陆系统</h2>
<formaction=""method="post">
<labelfor="">用户名</label>
<inputtype="text"name="username">
<br>
<labelfor="">密码</label>
<inputtype="text"name="password">
<hr>
<buttontype="submit">提交</button>
</form>
</div>
</body>
</html>

在blog项目目录下,新建index.php和login.php两个脚本文件

编辑index.php文件

<?php
/**
*@authorDengPeng<3@dengpeng.cc>
*@since2017/01/03
*@copyrightcopyright(c)2017zixue.itGPL
*@licensehttp://www.zixue.it/
*/

//blog站点

//(1)开启Session会话
session_name('taoip');
session_start();
//(2)获取用户名和token进行校验
$username=isset($_COOKIE['username'])?$_COOKIE['username']:'';
$token=isset($_COOKIE['token'])?$_COOKIE['token']:'';

$salt='taoip';

$_token=md5($salt.$username);

if($token!=$_token){
header('location:login.php');
exit();
}

echo"欢迎{$username}用户,访问blog站点";

?>

<?php
/**
*@authorDengPeng<3@dengpeng.cc>
*@since2017/01/03
*@copyrightcopyright(c)2017zixue.itGPL
*@licensehttp://www.zixue.it/
*/

//blog站点

//(1)开启Session会话
session_name('taoip');
session_start();
//(2)获取用户名和token进行校验
$username=isset($_COOKIE['username'])?$_COOKIE['username']:'';
$token=isset($_COOKIE['token'])?$_COOKIE['token']:'';

$salt='taoip';

$_token=md5($salt.$username);

if($token!=$_token){
header('location:login.php');
exit();
}

echo"欢迎{$username}用户,访问blog站点";

?>

编辑login.php文件

<?php
/**
*@authorDengPeng<3@dengpeng.cc>
*@since2017/01/03
*@copyrightcopyright(c)2017zixue.itGPL
*@licensehttp://www.zixue.it/
*/

//blog站点登陆系统
require'../functions.php';

//(2)验证
yzToken('dengpeng.cc');

//(1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token
$url=isset($_GET['url'])?$_GET['url']:'';
if(empty($url)){
getToken('http://oa.taoip.cn/login.php?url=http://dengpeng.cc/login.php');
}


//(1)判断用户是否登陆
$bool=isLogin();
$url=isset($_GET['url'])?$_GET['url']:'';
if($bool){
if(empty($url)){
header('location:index.php');
}else{
$username=isset($_COOKIE['username'])?$_COOKIE['username']:'';
$token=isset($_COOKIE['token'])?$_COOKIE['token']:'';
$lurl=$url.'?username='.$username.'&token='.$token;
header('location:'.$lurl);
}
}


//(3)判断用户是否提交数据
if(!empty($_POST)){
$username=isset($_POST['username'])?$_POST['username']:'';
$password=isset($_POST['password'])?$_POST['password']:'';

//从库中查询用户密码
@$link=mysql_connect('localhost','root','');
mysql_query('usesso',$link);
mysql_query('setnamesutf8',$link);
$sql="select*fromuserswhereusername='".$username."'";
$user=mysql_fetch_assoc(mysql_query($sql,$link));

//校验
$salt='taoip';
$_password=md5($salt.$username);

//var_dump($user['password']==$_password);
//print_r($user);exit();

if($user['password']==$_password){
setCook($username,$_password,'dengpeng.cc');
if(empty($url)){
header('location:index.php');
}else{
header('location:'.$lurl);
}
}
}

?>

<!DOCTYPEhtml>
<htmllang="en">
<head>
<metacharset="UTF-8">
<metaname="generator"content="SublimeText3114">
<metaname="author"content="3@dengpeng.cc">
<metaname="keywords"content="">
<metaname="description"content="">
<title>blog站点登陆系统</title>
</head>
<body>
<divclass="container">
<h2>dengpeng.cc站点登陆系统</h2>
<formaction=""method="post">
<labelfor="">用户名</label>
<inputtype="text"name="username">
<br>
<labelfor="">密码</label>
<inputtype="text"name="password">
<hr>
<buttontype="submit">提交</button>
</form>
</div>
</body>
</html>

配置本地虚拟主机

具体配置步骤,我想大家应该都会了,不需要我一一赘述.你只需要按照我给的参照,配置和不同域名对应目录的映射即可.

域名/项目目录/
oa.taoip.cn/oa/
bbs.taoip.cn/bbs/
dengpeng.cc/blog/

恭喜您,已经完成了一个简单的SSO系统

配置完成后,记得重启Web服务器.然后你只需要访问这三个不同的站点,即可实现一个站点登陆,其他站点不再发送登陆请求.

感谢阅读，希望能帮助到大家，谢谢大家对本站的支持！

PHP编程 SSO详细介绍及简单实例

热门推荐

随机推荐