PHP SSO详解SSO有三种模式:①跨子域单点登陆②完全跨单点域登陆③站群共享身份认证第一种模式很简单,只需要将Cookie的域设置成多个应用的根域即可
第二种方式,也很简单,就是将所以应用的认证地址更换成同一个认证地址,每次查看是否在认证中心登陆,如果登陆了,给调用应用发放一个加密令牌即可
第三种跨域,就是来回跳转来回验证token略有麻烦
配置目录结构在服务器根目录下,新建三个项目目录:
|–/网站根目录/
|–|–/oa/
|–|–/bbs/
|–|–/blog/
在根目录下新建functions.PHP脚本文件,具体内容如下:
<?php/** * 获取登陆token * @param string $url 获取token的地址 * 2017-01-03T13:08:43+0800 */function getToken($url){$bool = isLogin();if ($bool) {// 如果登陆了跳转到本站首页header("location: index.php");exit();}// 否则没有登陆,去另一个站点看是否登陆header("location: ".$url);}// 校验令牌是否正确function yzToken($domain){$url = isset($_GET["url"]) ? $_GET["url"] : "";$username = isset($_GET["username"]) ? $_GET["username"] : "";$token = isset($_GET["token"]) ? $_GET["token"] : "";if (!empty($username) && !empty($token)) {$salt = "taoip";$_token = md5($salt.$username);// 校验第三方站点过来时的token是否正确if ($_token == $token) {// 设置跳转过来的网站的CookiesetCook($username, $_token, $domain);header("location: index.php");}}}// 设置cookiefunction setCook($username, $_password, $domain){// 校验成功,开始登陆setcookie("username", $username, time()+3600, "/", $domain);setcookie("token", $_password, time()+3600, "/", $domain);header("location: index.php");}// 判断是否登陆function isLogin(){$username = isset($_COOKIE["username"]) ? $_COOKIE["username"] : "";$token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : "";$salt = "taoip";$_token = md5($salt.$username);if ($token == $_token) {return true;} else {return false;}}?>在oa项目目录下,新建index.php和login.php两个脚本文件
编辑index.php文件
<?php// OA站点// (1)开启Session会话session_name("taoip");session_start();// (2)获取用户名和token进行校验$username = isset($_COOKIE["username"]) ? $_COOKIE["username"] : "";$token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : "";$salt = "taoip";$_token = md5($salt.$username);if ($token != $_token) {header("location: login.php");exit();}echo "欢迎{$username}用户,访问OA站点";?>编辑login.php文件
<?php// OA站点登陆系统require "../functions.php";// (2)验证yzToken("taoip.cn");// (1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token$url = isset($_GET["url"]) ? $_GET["url"] : "";if (empty($url)) {getToken("http://dengpeng.cc/login.php?url=http://oa.taoip.cn/login.php");}// (1)判断用户是否登陆$bool = isLogin();$url = isset($_GET["url"]) ? $_GET["url"] : "";if ($bool) {if (empty($url)) {header("location: index.php");} else {$username = isset($_COOKIE["username"]) ? $_COOKIE["username"] : "";$token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : "";$lurl = $url."?username=".$username."&token=".$token;header("location: ".$lurl);}}if (!empty($_POST)) {$username = isset($_POST["username"]) ? $_POST["username"] : "";$password = isset($_POST["password"]) ? $_POST["password"] : "";// 从库中查询用户密码@$link = mysql_connect("localhost", "root", "");mysql_query("use sso", $link);mysql_query("set names utf8", $link);$sql = "select * from users where username = "".$username.""";$user = mysql_fetch_assoc(mysql_query($sql, $link));// 校验$salt = "taoip";$_password = md5($salt.$username);// var_dump($user["password"] == $_password);// print_r($user);exit();if ($user["password"] == $_password) {// 校验成功,开始登陆setcookie("username", $username, time()+3600, "/", "taoip.cn");setcookie("token", $_password, time()+3600, "/", "taoip.cn");// 如果URL没有值重定向到首页,否则重定向到URL页面if (empty($url)) {header("location: index.php");} else {header("location: ".$lurl);}}}?><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="generator" content="Sublime Text 3114"><meta name="author" content="3@dengpeng.cc"><meta name="keywords" content=""><meta name="description" content=""><title>OA站点登陆系统</title></head><body><div class="container"><h2>oa.taoip.cn站点登陆系统</h2><form action="" method="post"><label for="">用户名</label><input type="text" name="username"><br><label for="">密码</label><input type="text" name="password"><hr><button type="submit">提交</button></form></div></body></html>在bbs项目目录下,新建index.php和login.php两个脚本文件
编辑index.php文件
<?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// BBS站点// (1)开启Session会话session_name("taoip");session_start();// (2)获取用户名和token进行校验$username = isset($_COOKIE["username"]) ? $_COOKIE["username"] : "";$token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : "";$salt = "taoip";$_token = md5($salt.$username);if ($token != $_token) {header("location: login.php");exit();}echo "欢迎{$username}用户,访问BBS站点";?>编辑login.php文件
<?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// BBS站点登陆系统require "../functions.php";// (2)验证yzToken("taoip.cn");// (1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token$url = isset($_GET["url"]) ? $_GET["url"] : "";if (empty($url)) {getToken("http://dengpeng.cc/login.php?url=http://bbs.taoip.cn/login.php");}// (1)判断用户是否登陆$bool = isLogin();$url = isset($_GET["url"]) ? $_GET["url"] : "";if ($bool) {if (empty($url)) {header("location: index.php");} else {$username = isset($_COOKIE["username"]) ? $_COOKIE["username"] : "";$token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : "";$lurl = $url."?username=".$username."&token=".$token;header("location: ".$lurl);}}if (!empty($_POST)) {$username = isset($_POST["username"]) ? $_POST["username"] : "";$password = isset($_POST["password"]) ? $_POST["password"] : "";// 从库中查询用户密码@$link = mysql_connect("localhost", "root", "");mysql_query("use sso", $link);mysql_query("set names utf8", $link);$sql = "select * from users where username = "".$username.""";$user = mysql_fetch_assoc(mysql_query($sql, $link));// 校验$salt = "taoip";$_password = md5($salt.$username);// var_dump($user["password"] == $_password);// print_r($user);exit();if ($user["password"] == $_password) {// 校验成功,开始登陆setcookie("username", $username, time()+3600, "/", "taoip.cn");setcookie("token", $_password, time()+3600, "/", "taoip.cn");// 如果URL没有值重定向到首页,否则重定向到URL页面if (empty($url)) {header("location: index.php");} else {header("location: ".$lurl);}}}?><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="generator" content="Sublime Text 3114"><meta name="author" content="3@dengpeng.cc"><meta name="keywords" content=""><meta name="description" content=""><title>BBS站点登陆系统</title></head><body><div class="container"><h2>bbs.taoip.cn站点登陆系统</h2><form action="" method="post"><label for="">用户名</label><input type="text" name="username"><br><label for="">密码</label><input type="text" name="password"><hr><button type="submit">提交</button></form></div></body></html>在blog项目目录下,新建index.php和login.php两个脚本文件
编辑index.php文件
<?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// blog站点// (1)开启Session会话session_name("taoip");session_start();// (2)获取用户名和token进行校验$username = isset($_COOKIE["username"]) ? $_COOKIE["username"] : "";$token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : "";$salt = "taoip";$_token = md5($salt.$username);if ($token != $_token) {header("location: login.php");exit();}echo "欢迎{$username}用户,访问blog站点";?><?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// blog站点// (1)开启Session会话session_name("taoip");session_start();// (2)获取用户名和token进行校验$username = isset($_COOKIE["username"]) ? $_COOKIE["username"] : "";$token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : "";$salt = "taoip";$_token = md5($salt.$username);if ($token != $_token) {header("location: login.php");exit();}echo "欢迎{$username}用户,访问blog站点";?>编辑login.php文件
<?php/** * @author DengPeng <3@dengpeng.cc> * @since 2017/01/03 * @copyright copyright (c) 2017 zixue.it GPL * @license http://www.zixue.it/ */// blog站点登陆系统require "../functions.php";// (2)验证yzToken("dengpeng.cc");// (1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token$url = isset($_GET["url"]) ? $_GET["url"] : "";if (empty($url)) {getToken("http://oa.taoip.cn/login.php?url=http://dengpeng.cc/login.php");}// (1)判断用户是否登陆$bool = isLogin();$url = isset($_GET["url"]) ? $_GET["url"] : "";if ($bool) {if (empty($url)) {header("location: index.php");} else {$username = isset($_COOKIE["username"]) ? $_COOKIE["username"] : "";$token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : "";$lurl = $url."?username=".$username."&token=".$token;header("location: ".$lurl);}}// (3)判断用户是否提交数据if (!empty($_POST)) {$username = isset($_POST["username"]) ? $_POST["username"] : "";$password = isset($_POST["password"]) ? $_POST["password"] : "";// 从库中查询用户密码@$link = mysql_connect("localhost", "root", "");mysql_query("use sso", $link);mysql_query("set names utf8", $link);$sql = "select * from users where username = "".$username.""";$user = mysql_fetch_assoc(mysql_query($sql, $link));// 校验$salt = "taoip";$_password = md5($salt.$username);// var_dump($user["password"] == $_password);// print_r($user);exit();if ($user["password"] == $_password) {setCook($username, $_password, "dengpeng.cc");if (empty($url)) {header("location: index.php");} else {header("location: ".$lurl);}}}?><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="generator" content="Sublime Text 3114"><meta name="author" content="3@dengpeng.cc"><meta name="keywords" content=""><meta name="description" content=""><title>blog站点登陆系统</title></head><body><div class="container"><h2>dengpeng.cc站点登陆系统</h2><form action="" method="post"><label for="">用户名</label><input type="text" name="username"><br><label for="">密码</label><input type="text" name="password"><hr><button type="submit">提交</button></form></div></body></html>配置本地虚拟主机具体配置步骤,我想大家应该都会了,不需要我一一赘述.你只需要按照我给的参照,配置和不同域名对应目录的映射即可.
域名 /项目目录/
oa.taoip.cn /oa/
bbs.taoip.cn /bbs/
dengpeng.cc /blog/
恭喜您,已经完成了一个简单的SSO系统
配置完成后,记得重启Web服务器.然后你只需要访问这三个不同的站点,即可实现一个站点登陆,其他站点不再发送登陆请求.
感谢阅读,希望能帮助到大家,谢谢大家对本站的支持!
易网时代-编程资源站