基于PHP编程语言的SSO实例_php教程_php教程

SSO有三种模式:①跨子域单点登陆②完全跨单点域登陆③站群共享身份认证

第一种模式很简单,只需要将Cookie的域设置成多个应用的根域即可

第三种方式,也很简单,就是将所以应用的认证地址更换成同一个认证地址,每次查看是否在认证中心登陆,如果登陆了,给调用应用发放一个加密令牌即可

第二种跨域,就是来回跳转来回验证token略有麻烦

配置目录结构

|–/网站根目录/

|–|–/oa/

|–|–/bbs/

|–|–/blog/

在根目录下新建functions.php脚本文件,具体内容如下:

<?php

/**
 * 获取登陆token
 * @param  string $url 获取token的地址
 * 2017-01-03T13:08:43+0800
 */
function getToken($url)
{
    $bool = isLogin();
    if ($bool) {
        // 如果登陆了跳转到本站首页
        header('location: index.php');
        exit();
    }

    // 否则没有登陆,去另一个站点看是否登陆
    header('location: '.$url);
}

// 校验令牌是否正确
function yzToken($domain)
{
    $url = isset($_GET['url']) ? $_GET['url'] : '';
    $username = isset($_GET['username']) ? $_GET['username'] : '';
    $token = isset($_GET['token']) ? $_GET['token'] : '';


    if (!empty($username) && !empty($token)) {
        $salt = 'taoip';
        $_token = md5($salt.$username);
        // 校验第三方站点过来时的token是否正确
        if ($_token == $token) {
            // 设置跳转过来的网站的Cookie
            setCook($username, $_token, $domain);
            header('location: index.php');
        }
    }

}

// 设置cookie
function setCook($username, $_password, $domain)
{
    // 校验成功,开始登陆
    setcookie('username', $username, time()+3600, '/', $domain);
    setcookie('token', $_password, time()+3600, '/', $domain);
    header('location: index.php');
}

// 判断是否登陆
function isLogin()
{
    $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
    $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
    $salt = 'taoip';

    $_token = md5($salt.$username);

    if ($token == $_token) {
        return true;
    } else {
        return false;
    }
}

?>

在oa项目目录下,新建index.php和login.php两个脚本文件

编辑index.php文件

<?php

// OA站点

// (1)开启Session会话
session_name('taoip');
session_start();
// (2)获取用户名和token进行校验
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {
    header('location: login.php');
    exit();
}

echo "欢迎{$username}用户,访问OA站点";

?>

编辑login.php文件

<?php

// OA站点登陆系统
require '../functions.php';

// (2)验证
yzToken('taoip.cn');

// (1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token
$url = isset($_GET['url']) ? $_GET['url'] : '';
if (empty($url)) {
    getToken('http://dengpeng.cc/login.php?url=http://oa.taoip.cn/login.php');
}

// (1)判断用户是否登陆
$bool = isLogin();
$url = isset($_GET['url']) ? $_GET['url'] : '';
if ($bool) {
    if (empty($url)) {
        header('location: index.php');
    } else {
        $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
        $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
        $lurl = $url.'?username='.$username.'&token='.$token;
        header('location: '.$lurl);
    }
}


if (!empty($_POST)) {
    $username = isset($_POST['username']) ? $_POST['username'] : '';
    $password = isset($_POST['password']) ? $_POST['password'] : '';

    // 从库中查询用户密码
    @$link = mysql_connect('localhost', 'root', '');
    mysql_query('use sso', $link);
    mysql_query('set names utf8', $link);
    $sql = "select * from users where username = '".$username."'";
    $user = mysql_fetch_assoc(mysql_query($sql, $link));

    // 校验
    $salt = 'taoip';
    $_password = md5($salt.$username);

    // var_dump($user['password'] == $_password);
    // print_r($user);exit();

    if ($user['password'] == $_password) {
        // 校验成功,开始登陆
        setcookie('username', $username, time()+3600, '/', 'taoip.cn');
        setcookie('token', $_password, time()+3600, '/', 'taoip.cn');
        // 如果URL没有值重定向到首页,否则重定向到URL页面
        if (empty($url)) {
            header('location: index.php');
        } else {
            header('location: '.$lurl);
        }
    }
}

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="generator" content="Sublime Text 3114">
    <meta name="author" content="3@dengpeng.cc">
    <meta name="keywords" content="">
    <meta name="description" content="">
    <title>OA站点登陆系统</title>
</head>
<body>
    <div class="container">
        <h2>oa.taoip.cn站点登陆系统</h2>
        <form action="" method="post">
            <label for="">用户名</label>
            <input type="text" name="username">
            <br>
            <label for="">密码</label>
            <input type="text" name="password">
            <hr>
            <button type="submit">提交</button>
        </form>
    </div>
</body>
</html>

在bbs项目目录下,新建index.php和login.php两个脚本文件

编辑index.php文件

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// BBS站点

// (1)开启Session会话
session_name('taoip');
session_start();
// (2)获取用户名和token进行校验
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {
    header('location: login.php');
    exit();
}

echo "欢迎{$username}用户,访问BBS站点";

?>

编辑login.php文件

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// BBS站点登陆系统
require '../functions.php';

// (2)验证
yzToken('taoip.cn');

// (1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token
$url = isset($_GET['url']) ? $_GET['url'] : '';
if (empty($url)) {
    getToken('http://dengpeng.cc/login.php?url=http://bbs.taoip.cn/login.php');
}

// (1)判断用户是否登陆
$bool = isLogin();
$url = isset($_GET['url']) ? $_GET['url'] : '';
if ($bool) {
    if (empty($url)) {
        header('location: index.php');
    } else {
        $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
        $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
        $lurl = $url.'?username='.$username.'&token='.$token;
        header('location: '.$lurl);
    }
}


if (!empty($_POST)) {
    $username = isset($_POST['username']) ? $_POST['username'] : '';
    $password = isset($_POST['password']) ? $_POST['password'] : '';

    // 从库中查询用户密码
    @$link = mysql_connect('localhost', 'root', '');
    mysql_query('use sso', $link);
    mysql_query('set names utf8', $link);
    $sql = "select * from users where username = '".$username."'";
    $user = mysql_fetch_assoc(mysql_query($sql, $link));

    // 校验
    $salt = 'taoip';
    $_password = md5($salt.$username);

    // var_dump($user['password'] == $_password);
    // print_r($user);exit();

    if ($user['password'] == $_password) {
        // 校验成功,开始登陆
        setcookie('username', $username, time()+3600, '/', 'taoip.cn');
        setcookie('token', $_password, time()+3600, '/', 'taoip.cn');
        // 如果URL没有值重定向到首页,否则重定向到URL页面
        if (empty($url)) {
            header('location: index.php');
        } else {
            header('location: '.$lurl);
        }
    }
}

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="generator" content="Sublime Text 3114">
    <meta name="author" content="3@dengpeng.cc">
    <meta name="keywords" content="">
    <meta name="description" content="">
    <title>BBS站点登陆系统</title>
</head>
<body>
    <div class="container">
        <h2>bbs.taoip.cn站点登陆系统</h2>
        <form action="" method="post">
            <label for="">用户名</label>
            <input type="text" name="username">
            <br>
            <label for="">密码</label>
            <input type="text" name="password">
            <hr>
            <button type="submit">提交</button>
        </form>
    </div>
</body>
</html>

在blog项目目录下,新建index.php和login.php两个脚本文件

编辑index.php文件

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// blog站点

// (1)开启Session会话
session_name('taoip');
session_start();
// (2)获取用户名和token进行校验
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';

$salt = 'taoip';

$_token = md5($salt.$username);

if ($token != $_token) {
    header('location: login.php');
    exit();
}

echo "欢迎{$username}用户,访问blog站点";

?>

编辑login.php文件

<?php
/**
 * @author DengPeng <3@dengpeng.cc>
 * @since 2017/01/03
 * @copyright copyright (c) 2017 zixue.it GPL
 * @license http://www.zixue.it/
 */

// blog站点登陆系统
require '../functions.php';

// (2)验证
yzToken('dengpeng.cc');

// (1)判断是否登陆,登陆则跳转首页,未登录则去其他站点获取token
$url = isset($_GET['url']) ? $_GET['url'] : '';
if (empty($url)) {
    getToken('http://oa.taoip.cn/login.php?url=http://dengpeng.cc/login.php');
}


// (1)判断用户是否登陆
$bool = isLogin();
$url = isset($_GET['url']) ? $_GET['url'] : '';
if ($bool) {
    if (empty($url)) {
        header('location: index.php');
    } else {
        $username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
        $token = isset($_COOKIE['token']) ? $_COOKIE['token'] : '';
        $lurl = $url.'?username='.$username.'&token='.$token;
        header('location: '.$lurl);
    }
}


// (3)判断用户是否提交数据
if (!empty($_POST)) {
    $username = isset($_POST['username']) ? $_POST['username'] : '';
    $password = isset($_POST['password']) ? $_POST['password'] : '';

    // 从库中查询用户密码
    @$link = mysql_connect('localhost', 'root', '');
    mysql_query('use sso', $link);
    mysql_query('set names utf8', $link);
    $sql = "select * from users where username = '".$username."'";
    $user = mysql_fetch_assoc(mysql_query($sql, $link));

    // 校验
    $salt = 'taoip';
    $_password = md5($salt.$username);

    // var_dump($user['password'] == $_password);
    // print_r($user);exit();

    if ($user['password'] == $_password) {
        setCook($username, $_password, 'dengpeng.cc');
        if (empty($url)) {
            header('location: index.php');
        } else {
            header('location: '.$lurl);
        }
    }
}

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="generator" content="Sublime Text 3114">
    <meta name="author" content="3@dengpeng.cc">
    <meta name="keywords" content="">
    <meta name="description" content="">
    <title>blog站点登陆系统</title>
</head>
<body>
    <div class="container">
        <h2>dengpeng.cc站点登陆系统</h2>
        <form action="" method="post">
            <label for="">用户名</label>
            <input type="text" name="username">
            <br>
            <label for="">密码</label>
            <input type="text" name="password">
            <hr>
            <button type="submit">提交</button>
        </form>
    </div>
</body>
</html>

配置本地虚拟主机

具体配置步骤,我想大家应该都会了,不需要我一一赘述.你只需要按照我给的参照,配置和不同域名对应目录的映射即可.

域名 /项目目录/

oa.taoip.cn /oa/

bbs.taoip.cn /bbs/

dengpeng.cc /blog/

恭喜您,已经完成了一个简单的SSO系统

配置完成后,记得重启Web服务器.然后你只需要访问这三个不同的站点,即可实现一个站点登陆,其他站点不再发送登陆请求.

(责任编辑：最模板)