因业务发展,公司有三个网站,需要做单点登录
上网百度了一个demo,自己本地跑了一下,特此记录
首先要有两个域名 a.com 和 b.com
在a.com 下面有一个项目文件夹 test1和test2,以及外部的一个加密算法文件
test1中 index.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<title>sync login</title>
</head>
<body>
<?php if(empty($_SESSION['username'])):?>
<p>hello,游客;请先<a href="login.php">登录</a></p>
<p><a href="http://b.com/index.php">进入空间</a></p>
<?php else: ?>
<p>hello,<?php echo $_SESSION['username']; ?>;<a href="http://b.com/index.php">进入空间</a></p>
<?php endif; ?>
<a href="http://a.com/index.php">home</a>
</body>
</html>
login.php
<?php
session_start();
if(!empty($_POST['username'])){
require '../Des.php';
$_SESSION['username'] = $_POST['username'];
$redirect = 'http://a.com/index.php';
header('Location:http://a.com/sync.php?redirect='.urlencode($redirect).'&code='.Des::encode($_POST['username'],'a'));exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<title>sync login</title>
</head>
<body>
<form action="" method="post">
<input type="text" name="username" placeholder="用户名"/>
<input type="text" name="password" placeholder="密码"/>
<input type="submit" value="登录"/>
</form>
</body>
</html>
sync.php
<?php
$redirect = empty($_GET['redirect']) ? 'a.com' : $_GET['redirect'];
if(empty($_GET['code'])){
header('Loaction:http://'.urldecode($redirect));
exit;
}
$apps = array(
'b.com/slogin.php'
);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<?php foreach($apps as $v): ?>
<script type="text/javascript" src="http://<?php echo $v.'?code='.$_GET['code'] ?>"></script>
<?php endforeach; ?>
<title>passport</title>
</head>
<body>
<script type="text/javascript">
window.onload=function(){
location.replace('<?php echo $redirect; ?>');
}
</script>
</body>
</html>
这个文件表达的是: a网站登陆成功后,把其他允许的apps下的网站带着加密的code 顺便也登陆一下,然后跨域生成本地session,访问方式是script src 访问
test2 index.php
<?php
session_start();
if(!empty($_SESSION['username']))
{
echo "欢迎来到".$_SESSION['username']."的空间";
}else{
echo "请先登录";
}
?>
slogin.php
<?php
session_start();
header('Content-Type:text/javascript; charset=utf-8');
if(!empty($_GET['code'])){
require '../Des.php';
$username = Des::decode($_GET['code'],'a');
if(!empty($username)){
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$_SESSION['username'] = $username;
}
}
?>
des.php
<?php
class Des
{
/**
* 简单对称加密算法之加密
* @param String $string 需要加密的字串
* @param String $skey 加密EKY
* @return String
*/
public static function encode($string = '', $skey = 'php')
{
$strArr = str_split(base64_encode($string));
$strCount = count($strArr);
foreach (str_split($skey) as $key => $value) {
$key < $strCount && $strArr[$key] .= $value;
}
return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr));
}
/**
* 简单对称加密算法之解密
* @param String $string 需要解密的字串
* @param String $skey 解密KEY
* @return String
*/
public static function decode($string = '', $skey = 'php')
{
$strArr = str_split(str_replace(array('O0O0O', 'o000o', 'oo00o'), array('=', '+', '/'), $string), 2);
$strCount = count($strArr);
foreach (str_split($skey) as $key => $value) {
$key <= $strCount && isset($strArr[$key]) && $strArr[$key][1] === $value && $strArr[$key] = $strArr[$key][0];
}
return base64_decode(join('', $strArr));
}
}