说到单点登录大家都很了解,一个站点登录其他域会自动登录。
单点登录SSO(Single Sign On)的方法有很多,比如:p3p、共享session、共享cookice、第三方OAuth认证。
这里模拟淘宝、天猫登录。是模拟噢,要做到安全就要进行很多安全验证RSA加密了,带签名的参数了等。
淘宝与天猫登录时都是在淘宝登录,登录后redirect跳转到各自的网站HTTP_REFERER。
本地模拟,MY淘宝:http://my-taobao.com:8080/ My天猫:http://my-tmall.com/
为什么本地模拟的时候要修改一个的默认端口80为8080或其他端口,参考:http://www.cnblogs.com/dcb3688/p/4608003.html
My淘宝有三个文件,分别是:index.php login.php 与api.php
index.php
<?php session_start(); $session_name= isset($_SESSION[\'name\'])?$_SESSION[\'name\']:\'\'; $session_token= isset($_SESSION[\'token\'])?$_SESSION[\'token\']:\'\'; if($session_name){ echo "<strong>{$session_name}</strong>您已登录My-Taobao.com <a href=\'/api.php?action=logout&token={$session_token}\'>退出</a>"; }else{ echo "您还未登录My-Taobao.com <a href=\'/login.php\'>登录</a>"; }
login.php
<meta charset="utf-8"/>
<form action="api.php" method="post">
<input type="text" name="name">
<input type="hidden" name="action" value="login">
<input type="hidden" name="redirect" value="<?php echo $_SERVER[\'HTTP_REFERER\'] ?>">
<input type="submit">
</form>
<?php session_start(); $session = isset($_SESSION[\'token\']) ? $_SESSION[\'token\'] : \'\'; $redirect = isset($_REQUEST[\'redirect\']) ? $_REQUEST[\'redirect\'] : "/"; $action = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\'; /** * post 登录 */ if ($action == \'login\') { if ($session) { #已经是登录的状态 echo \'<meta charset="UTF-8"><script type="text/javascript">window.location.href = "\' . $redirect . \'";</script>\'; } $session = md5(time() . uniqid()); $_SESSION[\'token\'] = $session; $_SESSION[\'name\'] = $_POST[\'name\']; $_SESSION[\'create_time\'] = time(); if (!is_dir(\'session\')) { mkdir(\'session\'); } $fopen = fopen(\'session/\' . $_SESSION[\'token\'], \'w+\'); //新建文件命令 fputs($fopen, serialize($_SESSION)); //向文件中写入内容; fclose($fopen); exit(\'<meta charset="UTF-8"><script type="text/javascript">window.location.href = "\' . $redirect . \'";</script>\'); } /** * curl登录验证 */ if ($action == \'curl_valid\') { $token = isset($_POST[\'token\']) ? $_POST[\'token\'] : \'\'; $res = 0; if ($token) { if (file_exists(\'session/\' . $token)) { # 存在该文件 $data = unserialize(file_get_contents(\'session/\' . $token)); if (isset($data[\'create_time\'])) { if ($data[\'create_time\'] > time() - 7200) { $res = 1; } } } } exit( json_encode(["status"=>$res])); } /** * get 退出 */ $actionLogout = isset($_GET[\'action\']) ? $_GET[\'action\'] : \'\'; if ($actionLogout == \'logout\') { if (isset($_GET[\'token\'])) { unlink("session/".$_SESSION[\'token\']); unset($_SESSION[\'token\']); unset($_SESSION[\'name\']); } exit(\'<script type="text/javascript">window.location.href = "\' . $_SERVER[\'HTTP_REFERER\'] . \'";</script>\'); } /** * jsonp 访问 */ $jsonp = isset($_GET[\'jsonp_callback\']) ? $_GET[\'jsonp_callback\'] : \'\'; if ($jsonp) { $status = 0; $node = []; $msg = \'\'; if (isset($_SESSION[\'token\'])) { $status = 1; $msg = \'success\'; $node = $_SESSION; } else { $msg = \'fail\'; } exit($jsonp . \'(\' . json_encode([\'status\' => $status, \'msg\' => $msg, \'node\' => $node]) . \')\'); }
My天猫有两个文件: index.php 与 list.php
index.php
<span id="line">
</span>
<script src="http://yiiui.com/static/v1/JUI/js/jquery-1.7.2.min.js"></script>
<script >
/**
* 获取cookie
*/
function getCookie(cookiename) {
var result;
var mycookie = document.cookie;
var start2 = mycookie.indexOf(cookiename + "=");
if (start2 > -1) {
start = mycookie.indexOf("=", start2) + 1;
var end = mycookie.indexOf(";", start);
if (end == -1) {
end = mycookie.length;
}
result = unescape(mycookie.substring(start, end));
}
return result;
}
/**
* 设置cookie
*/
function setCookie(name, value) {
var Days = 30;
var exp = new Date();
exp.setTime(exp.getTime() + Days * 24 * 60 * 60 * 1000);
document.cookie = name + "=" + escape(value) + ";expires=" + exp.toGMTString();
}
var token = getCookie("token");
if (token === null) { // 首次访问my-tmall.com
// php curl 不能获取session因为curl是服务器端请求,jsonp是本地的客户端请求。
$.getJSON("http://my-taobao.com:8080/api.php?jsonp_callback=?", function (data) {
if (data.status == 1) {
data = data.node;
setCookie(\'token\', data.token);
console.log(data);
$("#line").html("<strong>" + data.name + "</strong>您已登录My-Tmall.com <a href=\'http://my-taobao.com:8080/api.php?action=logout&token=" + data.token + "\'>退出 </a> <a href=\'list.php\'>列表</a>");
} else {
$("#line").html("您还未登录My-Tmall.com <a href=\'http://my-taobao.com:8080/login.php\'>登录</a>");
}
});
} else { // 已经登录过,查询现在登录状态
$.getJSON("http://my-taobao.com:8080/api.php?jsonp_callback=?", function (data) {
if (data.status == 1) { // 登录
data = data.node;
if (data.token != token) { // 登陆其他账户了
setCookie(\'token\', data.token);
window.location.href = document.location.href;
} else {
$("#line").html("<strong>" + data.name + "</strong>您已登录My-Tmall.com <a href=\'http://my-taobao.com:8080/api.php?action=logout&token=" + data.token + "\'>退出</a> <a href=\'list.php\'>列表</a>");
}
} else { // 未登录
$("#line").html("您还未登录My-Tmall.com <a href=\'http://my-taobao.com:8080/login.php\'>登录</a>");
}
});
}
</script>
list.php
<?php $token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : \'\'; //print_r($token); $curl = curl(["action" => \'curl_valid\', "token" => $token], "http://my-taobao.com:8080/api.php"); $ac = json_decode($curl, TRUE); if (isset($ac[\'status\']) && $ac[\'status\'] == 1) { # 登录中 echo \'<ul>\' . \'<li>1111</li>\' . \'<li>2222</li>\' . \'<li>3333</li>\' . \'<li>4444</li>\' . \'<li>5555</li>\' . \'</ul>\'; } else { echo \'已退出\'; } function curl($data, $url, $method = \'POST\', $headers = array()) { $ch = curl_init(); $method_upper = strtoupper($method); if ($method_upper == \'POST\') { curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); } else { $url = $url . (strpos($url, \'?\') ? \'&\' : \'?\') . (is_array($data) ? http_build_query($data) : $data); curl_setopt($ch, CURLOPT_URL, $url); } curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method_upper); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_AUTOREFERER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); //SSL 报错时使用 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); //SSL 报错时使用 if ($headers) { curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); } $tmpInfo = curl_exec($ch); if (curl_errno($ch)) { exit(curl_error($ch)); } curl_close($ch); return $tmpInfo; }
很简单的原理,My淘宝是正常网站登录与注销(主站)。当任何一个网站登录且访问My天猫,My天猫就Jsonp请求当前浏览器中是否登录过MY淘宝。如果登录过就种下一个cookice保存MY淘宝sessionKey。
当要访问My天猫其他页面的时候可直接通过获取Cookice使用php的CURL请求网站MY淘宝是否登录。
