因業務發展,公司有三個網站,需要做單點登錄
上網百度了一個demo,自己本地跑了一下,特此記錄
首先要有兩個域名 a.com 和 b.com
在a.com 下面有一個項目文件夾 test1和test2,以及外部的一個加密算法文件
test1中 index.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<title>sync login</title>
</head>
<body>
<?php if(empty($_SESSION['username'])):?>
<p>hello,遊客;請先<a href="login.php">登錄</a></p>
<p><a href="http://b.com/index.php">進入空間</a></p>
<?php else: ?>
<p>hello,<?php echo $_SESSION['username']; ?>;<a href="http://b.com/index.php">進入空間</a></p>
<?php endif; ?>
<a href="http://a.com/index.php">home</a>
</body>
</html>
login.php
<?php
session_start();
if(!empty($_POST['username'])){
require '../Des.php';
$_SESSION['username'] = $_POST['username'];
$redirect = 'http://a.com/index.php';
header('Location:http://a.com/sync.php?redirect='.urlencode($redirect).'&code='.Des::encode($_POST['username'],'a'));exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<title>sync login</title>
</head>
<body>
<form action="" method="post">
<input type="text" name="username" placeholder="用戶名"/>
<input type="text" name="password" placeholder="密碼"/>
<input type="submit" value="登錄"/>
</form>
</body>
</html>
sync.php
<?php
$redirect = empty($_GET['redirect']) ? 'a.com' : $_GET['redirect'];
if(empty($_GET['code'])){
header('Loaction:http://'.urldecode($redirect));
exit;
}
$apps = array(
'b.com/slogin.php'
);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<?php foreach($apps as $v): ?>
<script type="text/javascript" src="http://<?php echo $v.'?code='.$_GET['code'] ?>"></script>
<?php endforeach; ?>
<title>passport</title>
</head>
<body>
<script type="text/javascript">
window.onload=function(){
location.replace('<?php echo $redirect; ?>');
}
</script>
</body>
</html>
這個文件表達的是: a網站登陸成功後,把其他允許的apps下的網站帶着加密的code 順便也登陸一下,然後跨域生成本地session,訪問方式是script src 訪問
test2 index.php
<?php
session_start();
if(!empty($_SESSION['username']))
{
echo "歡迎來到".$_SESSION['username']."的空間";
}else{
echo "請先登錄";
}
?>
slogin.php
<?php
session_start();
header('Content-Type:text/javascript; charset=utf-8');
if(!empty($_GET['code'])){
require '../Des.php';
$username = Des::decode($_GET['code'],'a');
if(!empty($username)){
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$_SESSION['username'] = $username;
}
}
?>
des.php
<?php
class Des
{
/**
* 簡單對稱加密算法之加密
* @param String $string 需要加密的字串
* @param String $skey 加密EKY
* @return String
*/
public static function encode($string = '', $skey = 'php')
{
$strArr = str_split(base64_encode($string));
$strCount = count($strArr);
foreach (str_split($skey) as $key => $value) {
$key < $strCount && $strArr[$key] .= $value;
}
return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr));
}
/**
* 簡單對稱加密算法之解密
* @param String $string 需要解密的字串
* @param String $skey 解密KEY
* @return String
*/
public static function decode($string = '', $skey = 'php')
{
$strArr = str_split(str_replace(array('O0O0O', 'o000o', 'oo00o'), array('=', '+', '/'), $string), 2);
$strCount = count($strArr);
foreach (str_split($skey) as $key => $value) {
$key <= $strCount && isset($strArr[$key]) && $strArr[$key][1] === $value && $strArr[$key] = $strArr[$key][0];
}
return base64_decode(join('', $strArr));
}
}