1.單點登錄基本過程
1.1應用第一次登錄
1.2其他應用第二次登錄
1.3退出登錄
2.部分代碼
2.1應用端
if(isset($_GET['token'])){
$result= file_get_contents('http://ids.domain.net/check.php?token ='.$_GET['token']);
$result=json_decode($result,TRUE);
if($result['success']){
$_SESSION['logged']=$result['user'];
header('Location: http://app.domain.net',true,302);
}else{
header('Location: http://app.domain.net',true,302);
}
exit;
}
if ( ! isset($_SESSION['logged'])) {
header('Location: http://ids.domain.net?service=http://app.domain.net',true,302);
exit;
}
2.2認證中心
$user_info=[
"user1" => "password1",
"user2" => "password2",
];
session_start();
if(isset($_GET['action'])){
$action=$_GET['action'];
if($action == 'logout'){
unset($_SESSION['user']);
if(isset($_GET['service'])){
header('Location: '.$_GET['service'],true,302);
exit;
}
header('Location: /',true,302);
exit;
}
}
if(isset($_SESSION['user'])){
show_logined();
exit;
}
if(isset($_POST['login'])){
$username=trim($_POST['username']);
$password=trim($_POST['password']);
if(($username == '')||($password == '')){
reshow_loginfo('用戶名或密碼不能爲空');
exit;
}
$logined=false;
foreach($user_info as $k=>$v){
if($username == $k && $password == $v){
$logined=true;
}
}
if($logined){
$_SESSION['user']=$username;
if(isset($_GET['service'])){
header('Location: /?service='.$_GET['service'],true,302);
}else{
header('Location: /',true,302);
}
exit;
}else{
reshow_loginfo('用戶名或密碼錯誤');
exit;
}
}
reshow_loginfo('');
function reshow_loginfo($info){
?>
<html>
<head>
<title>統一身份認證</title>
</head>
<body>
<p><font color="#e32"><?php echo $info; ?></font></p>
<form action="<?php
if(isset($_GET['service'])){
echo "/?service=".$_GET['service'];
}else{
echo "/";
}
?>" method="post">
<input type="hidden" name="login" value="login"/>
<input type="text" name="username" class="text" value="<?php echo $_POST['username'] ?>" placeholder="用戶名" >
<input type="password" name="password" value="" placeholder="密碼" >
<input type="submit" value="登錄" >
</form>
</body>
</html>
<?php
}
function show_logined(){
if(isset($_GET['service'])){
$token=uuid();
$redis = new redis();
$redis->connect('127.0.0.1', 6379);
$redis->set($token,$_SESSION['user']);
$redis->expire($token,180);
header('Location: '.$_GET['service'].'?token='.$token,true,302);
exit;
}
?>
<html>
<head>
<title>登錄管理</title>
</head>
<body>
<h2>歡迎<?php echo $_SESSION['user'] ?></h2>
<a href="/?action=logout" class="logout">退出</a>
</body>
</html>
<?php
}
function uuid($prefix = '')
{
$chars = md5(uniqid(mt_rand(), true));
$uuid = substr($chars,0,8) . '-';
$uuid .= substr($chars,8,4) . '-';
$uuid .= substr($chars,12,4) . '-';
$uuid .= substr($chars,16,4) . '-';
$uuid .= substr($chars,20,12);
return $prefix . $uuid;
}
2.3驗證token
<?php
header('Content-Type: application/json; charset=utf-8');
$result=[
'success'=>false,
'reason'=>null,
'user'=>null,
];
if( ! isset($_GET['token'])){
$result['reason']='no token';
echo json_encode($result);
exit;
}
$token=$_GET['token'];
$redis= new redis();
$redis->connect('127.0.0.1',6379);
$user=$redis->get($token);
if($user != null){
$result['success']=true;
$result['user']=$user;
echo json_encode($result);
}else{
$result['reason']='null user';
echo json_encode($result);
}
?>