PHP简单实现单点登录功能示例

Posted 2021-01-16 matengfei

1.准备两个虚拟域名

127.0.0.1  www.openpoor.com
127.0.0.1  www.myspace.com

2.在openpoor的根目录下创建以下文件

index.php

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

<?php session_start(); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"/> <title>sync login</title> </head> <body> <?php if(empty($_SESSION[‘username‘])):?> hello,游客;请先<a href="login.php" rel="external nofollow" >登录</a><a href="http://www.myspace.com/index.php" rel="external nofollow" rel="external nofollow" >进入空间</a> <?php else: ?> hello,<?php echo $_SESSION[‘username‘]; ?>;<a href="http://www.myspace.com/index.php" rel="external nofollow" rel="external nofollow" >进入空间</a> <?php endif; ?>  <a href="http://www.openpoor.com/index.php" rel="external nofollow" >home</a> </body> </html>

login.php

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

<?php session_start(); if(!empty($_POST[‘username‘])){  require ‘../Des.php‘;  $_SESSION[‘username‘] = $_POST[‘username‘];  $redirect = ‘http://www.openpoor.com/index.php‘;  header(‘Location:http://www.openpoor.com/sync.php?redirect=‘.urlencode($redirect).‘&code=‘.Des::encrypt($_POST[‘username‘],‘openpoor‘));exit; } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"/> <title>sync login</title> </head> <body> <form action="" method="post">  <input type="text" name="username" placeholder="用户名"/>  <input type="text" name="password" placeholder="密码"/>  <input type="submit" value="登录"/> </form> </body> </html>

sync.php

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

<?php $redirect = empty($_GET[‘redirect‘]) ? ‘www.openpoor.com‘ : $_GET[‘redirect‘]; if(empty($_GET[‘code‘])){  header(‘Loaction:http://‘.urldecode($redirect));  exit; } $apps = array(  ‘www.myspace.com/slogin.php‘ ); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"/> <?php foreach($apps as $v): ?> <script type="text/javascript" src="http://<?php echo $v.‘?code=‘.$_GET[‘code‘] ?>"></script> <?php endforeach; ?> <title>passport</title> </head> <body> <script type="text/javascript"> window.onload=function(){  location.replace(‘<?php echo $redirect; ?>‘); } </script> </body> </html>

3.在myspace的根目录下创建如下文件

slogin文件 完成session的设置

 

1 2 3 4 5 6 7 8 9 10 11 12

<?php session_start(); header(‘Content-Type:text/javascript; charset=utf-8‘); if(!empty($_GET[‘code‘])){  require ‘../Des.php‘;  $username = Des::decrypt($_GET[‘code‘],‘openpoor‘);  if(!empty($username)){   header(‘P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"‘);   $_SESSION[‘username‘] = $username;  } } ?>

index.php

?

1 2 3 4 5 6 7 8 9

<?php session_start(); if(!empty($_SESSION[‘username‘])) {   echo "欢迎来到".$_SESSION[‘username‘]."的空间"; }else{   echo "请先登录"; } ?>

4.Des.php的文件内容如下

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

<?php /**  *@see Yii CSecurityManager;  */ class Des{  public static function encrypt($data,$key){    $module=mcrypt_module_open(‘des‘,‘‘, MCRYPT_MODE_CBC,‘‘);    $key=substr(md5($key),0,mcrypt_enc_get_key_size($module));    srand();    $iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND);    mcrypt_generic_init($module,$key,$iv);    $encrypted=$iv.mcrypt_generic($module,$data);    mcrypt_generic_deinit($module);    mcrypt_module_close($module);    return md5($data).‘_‘.base64_encode($encrypted);  }  public static function decrypt($data,$key){    $_data = explode(‘_‘,$data,2);    if(count($_data)<2){   return false;    }    $data = base64_decode($_data[1]);    $module=mcrypt_module_open(‘des‘,‘‘, MCRYPT_MODE_CBC,‘‘);    $key=substr(md5($key),0,mcrypt_enc_get_key_size($module));    $ivSize=mcrypt_enc_get_iv_size($module);    $iv=substr($data,0,$ivSize);    mcrypt_generic_init($module,$key,$iv);    $decrypted=mdecrypt_generic($module,substr($data,$ivSize,strlen($data)));    mcrypt_generic_deinit($module);    mcrypt_module_close($module);    $decrypted = rtrim($decrypted,"");    if($_data[0]!=md5($decrypted)){   return false;    }    return $decrypted;  } } ?>

当在openpoor登录后将session信息传到其他域名下的文件下进行处理，以script标签包含的形式进行运行。

5.此时访问www.openpoor.com和www.myspace.com都是未登录状态

登录后两个域名下都是登录状态

到此我们实现了一个简单的单点登录。