PHP編程 SSO詳細(xì)介紹及簡(jiǎn)單實(shí)例

更新時(shí)間：2017年01月13日 15:36:32 投稿：lqh

這篇文章主要介紹了PHP編程 SSO詳細(xì)介紹及簡(jiǎn)單實(shí)例的相關(guān)資料,這里介紹了三種模式跨子域單點(diǎn)登陸、完全跨單點(diǎn)域登陸、站群共享身份認(rèn)證,需要的朋友可以參考下

PHP SSO詳解

SSO有三種模式:①跨子域單點(diǎn)登陸②完全跨單點(diǎn)域登陸③站群共享身份認(rèn)證

第一種模式很簡(jiǎn)單,只需要將Cookie的域設(shè)置成多個(gè)應(yīng)用的根域即可

第二種方式,也很簡(jiǎn)單,就是將所以應(yīng)用的認(rèn)證地址更換成同一個(gè)認(rèn)證地址,每次查看是否在認(rèn)證中心登陸,如果登陸了,給調(diào)用應(yīng)用發(fā)放一個(gè)加密令牌即可

第三種跨域,就是來(lái)回跳轉(zhuǎn)來(lái)回驗(yàn)證token略有麻煩

配置目錄結(jié)構(gòu)

在服務(wù)器根目錄下,新建三個(gè)項(xiàng)目目錄:

|–/網(wǎng)站根目錄/
|–|–/oa/
|–|–/bbs/
|–|–/blog/

在根目錄下新建functions.PHP腳本文件,具體內(nèi)容如下:

<?php

/**
 * 獲取登陸token
 * @param string $url 獲取token的地址
 * 2017-01-03T13:08:43+0800
 */
function getToken($url)
{
  $bool = isLogin();
  if ($bool) {
    // 如果登陸了跳轉(zhuǎn)到本站首頁(yè)
    header('location: index.php');
    exit();
  }

  // 否則沒(méi)有登陸,去另一個(gè)站點(diǎn)看是否登陸
  header('location: '.$url);
}

// 校驗(yàn)令牌是否正確
function yzToken($domain)
{
  $url = isset($_GET['url']) ? $_GET['url'] : '';
  $username = isset($_GET['username']) ? $_GET['username'] : '';
  $token = isset($_GET['token']) ? $_GET['token'] : '';


  if (!empty($username) && !empty($token)) {
    $salt = 'taoip';
    $_token = md5($salt.$username);
    // 校驗(yàn)第三方站點(diǎn)過(guò)來(lái)時(shí)的token是否正確
    if ($_token == $token) {
      // 設(shè)置跳轉(zhuǎn)過(guò)來(lái)的網(wǎng)站的Cookie
      setCook($username, $_token, $domain);
      header('location: index.php');
    }
  }

}

// 設(shè)置cookie
function setCook($username, $_password, $domain)
{
  // 校驗(yàn)成功,開(kāi)始登陸
  setcookie('username', $username, time()+3600, '/', $domain);
  setcookie('token', $_password, time()+3600, '/', $domain);
  header('location: index.php');
}

// 判斷是否登陸
function isLogin()
{
  $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
  $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
  $salt = 'taoip';

  $_token = md5($salt.$username);

  if ($token == $_token) {
    return true;
  } else {
    return false;
  }
}

?>

在oa項(xiàng)目目錄下,新建index.php和login.php兩個(gè)腳本文件

編輯index.php文件

<?php

// OA站點(diǎn)

// (1)開(kāi)啟Session會(huì)話
session_name('taoip');
session_start();
// (2)獲取用戶名和token進(jìn)行校驗(yàn)
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {
  header('location: login.php');
  exit();
}

echo "歡迎{$username}用戶,訪問(wèn)OA站點(diǎn)";

?>

編輯login.php文件

<?php

// OA站點(diǎn)登陸系統(tǒng)
require '../functions.php';

// (2)驗(yàn)證
yzToken('taoip.cn');

// (1)判斷是否登陸,登陸則跳轉(zhuǎn)首頁(yè),未登錄則去其他站點(diǎn)獲取token
$url = isset($_GET['url']) ? $_GET['url'] : '';
if (empty($url)) {
  getToken('http://dengpeng.cc/login.php?url=http://oa.taoip.cn/login.php');
}

// (1)判斷用戶是否登陸
$bool = isLogin();
$url = isset($_GET['url']) ? $_GET['url'] : '';
if ($bool) {
  if (empty($url)) {
    header('location: index.php');
  } else {
    $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
    $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
    $lurl = $url.'?username='.$username.'&token='.$token;
    header('location: '.$lurl);
  }
}


if (!empty($_POST)) {
  $username = isset($_POST['username']) ? $_POST['username'] : '';
  $password = isset($_POST['password']) ? $_POST['password'] : '';

  // 從庫(kù)中查詢用戶密碼
  @$link = mysql_connect('localhost', 'root', '');
  mysql_query('use sso', $link);
  mysql_query('set names utf8', $link);
  $sql = "select * from users where username = '".$username."'";
  $user = mysql_fetch_assoc(mysql_query($sql, $link));

  // 校驗(yàn)
  $salt = 'taoip';
  $_password = md5($salt.$username);

  // var_dump($user['password'] == $_password);
  // print_r($user);exit();

  if ($user['password'] == $_password) {
    // 校驗(yàn)成功,開(kāi)始登陸
    setcookie('username', $username, time()+3600, '/', 'taoip.cn');
    setcookie('token', $_password, time()+3600, '/', 'taoip.cn');
    // 如果URL沒(méi)有值重定向到首頁(yè),否則重定向到URL頁(yè)面
    if (empty($url)) {
      header('location: index.php');
    } else {
      header('location: '.$lurl);
    }
  }
}

?>

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="generator" content="Sublime Text 3114">
  <meta name="author" content="3@dengpeng.cc">
  <meta name="keywords" content="">
  <meta name="description" content="">
  <title>OA站點(diǎn)登陸系統(tǒng)</title>
</head>
<body>
  <div class="container">
    <h2>oa.taoip.cn站點(diǎn)登陸系統(tǒng)</h2>
    <form action="" method="post">
      <label for="">用戶名</label>
      <input type="text" name="username">
      <br>
      <label for="">密碼</label>
      <input type="text" name="password">
      <hr>
      <button type="submit">提交</button>
    </form>
  </div>
</body>
</html>

在bbs項(xiàng)目目錄下,新建index.php和login.php兩個(gè)腳本文件

編輯index.php文件

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// BBS站點(diǎn)

// (1)開(kāi)啟Session會(huì)話
session_name('taoip');
session_start();
// (2)獲取用戶名和token進(jìn)行校驗(yàn)
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {
  header('location: login.php');
  exit();
}

echo "歡迎{$username}用戶,訪問(wèn)BBS站點(diǎn)";

?>

編輯login.php文件

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// BBS站點(diǎn)登陸系統(tǒng)
require '../functions.php';

// (2)驗(yàn)證
yzToken('taoip.cn');

// (1)判斷是否登陸,登陸則跳轉(zhuǎn)首頁(yè),未登錄則去其他站點(diǎn)獲取token
$url = isset($_GET['url']) ? $_GET['url'] : '';
if (empty($url)) {
  getToken('http://dengpeng.cc/login.php?url=http://bbs.taoip.cn/login.php');
}

// (1)判斷用戶是否登陸
$bool = isLogin();
$url = isset($_GET['url']) ? $_GET['url'] : '';
if ($bool) {
  if (empty($url)) {
    header('location: index.php');
  } else {
    $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
    $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
    $lurl = $url.'?username='.$username.'&token='.$token;
    header('location: '.$lurl);
  }
}


if (!empty($_POST)) {
  $username = isset($_POST['username']) ? $_POST['username'] : '';
  $password = isset($_POST['password']) ? $_POST['password'] : '';

  // 從庫(kù)中查詢用戶密碼
  @$link = mysql_connect('localhost', 'root', '');
  mysql_query('use sso', $link);
  mysql_query('set names utf8', $link);
  $sql = "select * from users where username = '".$username."'";
  $user = mysql_fetch_assoc(mysql_query($sql, $link));

  // 校驗(yàn)
  $salt = 'taoip';
  $_password = md5($salt.$username);

  // var_dump($user['password'] == $_password);
  // print_r($user);exit();

  if ($user['password'] == $_password) {
    // 校驗(yàn)成功,開(kāi)始登陸
    setcookie('username', $username, time()+3600, '/', 'taoip.cn');
    setcookie('token', $_password, time()+3600, '/', 'taoip.cn');
    // 如果URL沒(méi)有值重定向到首頁(yè),否則重定向到URL頁(yè)面
    if (empty($url)) {
      header('location: index.php');
    } else {
      header('location: '.$lurl);
    }
  }
}

?>

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="generator" content="Sublime Text 3114">
  <meta name="author" content="3@dengpeng.cc">
  <meta name="keywords" content="">
  <meta name="description" content="">
  <title>BBS站點(diǎn)登陸系統(tǒng)</title>
</head>
<body>
  <div class="container">
    <h2>bbs.taoip.cn站點(diǎn)登陸系統(tǒng)</h2>
    <form action="" method="post">
      <label for="">用戶名</label>
      <input type="text" name="username">
      <br>
      <label for="">密碼</label>
      <input type="text" name="password">
      <hr>
      <button type="submit">提交</button>
    </form>
  </div>
</body>
</html>

在blog項(xiàng)目目錄下,新建index.php和login.php兩個(gè)腳本文件

編輯index.php文件

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// blog站點(diǎn)

// (1)開(kāi)啟Session會(huì)話
session_name('taoip');
session_start();
// (2)獲取用戶名和token進(jìn)行校驗(yàn)
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {
  header('location: login.php');
  exit();
}

echo "歡迎{$username}用戶,訪問(wèn)blog站點(diǎn)";

?>

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// blog站點(diǎn)

// (1)開(kāi)啟Session會(huì)話
session_name('taoip');
session_start();
// (2)獲取用戶名和token進(jìn)行校驗(yàn)
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {
  header('location: login.php');
  exit();
}

echo "歡迎{$username}用戶,訪問(wèn)blog站點(diǎn)";

?>

編輯login.php文件

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// blog站點(diǎn)登陸系統(tǒng)
require '../functions.php';

// (2)驗(yàn)證
yzToken('dengpeng.cc');

// (1)判斷是否登陸,登陸則跳轉(zhuǎn)首頁(yè),未登錄則去其他站點(diǎn)獲取token
$url = isset($_GET['url']) ? $_GET['url'] : '';
if (empty($url)) {
  getToken('http://oa.taoip.cn/login.php?url=http://dengpeng.cc/login.php');
}


// (1)判斷用戶是否登陸
$bool = isLogin();
$url = isset($_GET['url']) ? $_GET['url'] : '';
if ($bool) {
  if (empty($url)) {
    header('location: index.php');
  } else {
    $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
    $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
    $lurl = $url.'?username='.$username.'&token='.$token;
    header('location: '.$lurl);
  }
}


// (3)判斷用戶是否提交數(shù)據(jù)
if (!empty($_POST)) {
  $username = isset($_POST['username']) ? $_POST['username'] : '';
  $password = isset($_POST['password']) ? $_POST['password'] : '';

  // 從庫(kù)中查詢用戶密碼
  @$link = mysql_connect('localhost', 'root', '');
  mysql_query('use sso', $link);
  mysql_query('set names utf8', $link);
  $sql = "select * from users where username = '".$username."'";
  $user = mysql_fetch_assoc(mysql_query($sql, $link));

  // 校驗(yàn)
  $salt = 'taoip';
  $_password = md5($salt.$username);

  // var_dump($user['password'] == $_password);
  // print_r($user);exit();

  if ($user['password'] == $_password) {
    setCook($username, $_password, 'dengpeng.cc');
    if (empty($url)) {
      header('location: index.php');
    } else {
      header('location: '.$lurl);
    }
  }
}

?>

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="generator" content="Sublime Text 3114">
  <meta name="author" content="3@dengpeng.cc">
  <meta name="keywords" content="">
  <meta name="description" content="">
  <title>blog站點(diǎn)登陸系統(tǒng)</title>
</head>
<body>
  <div class="container">
    <h2>dengpeng.cc站點(diǎn)登陸系統(tǒng)</h2>
    <form action="" method="post">
      <label for="">用戶名</label>
      <input type="text" name="username">
      <br>
      <label for="">密碼</label>
      <input type="text" name="password">
      <hr>
      <button type="submit">提交</button>
    </form>
  </div>
</body>
</html>

配置本地虛擬主機(jī)

具體配置步驟,我想大家應(yīng)該都會(huì)了,不需要我一一贅述.你只需要按照我給的參照,配置和不同域名對(duì)應(yīng)目錄的映射即可.

域名 /項(xiàng)目目錄/
oa.taoip.cn /oa/
bbs.taoip.cn /bbs/
dengpeng.cc /blog/

恭喜您,已經(jīng)完成了一個(gè)簡(jiǎn)單的SSO系統(tǒng)

配置完成后,記得重啟Web服務(wù)器.然后你只需要訪問(wèn)這三個(gè)不同的站點(diǎn),即可實(shí)現(xiàn)一個(gè)站點(diǎn)登陸,其他站點(diǎn)不再發(fā)送登陸請(qǐng)求.

感謝閱讀，希望能幫助到大家，謝謝大家對(duì)本站的支持！

您可能感興趣的文章: