说到单点登录大家都很了解,一个站点登录其他域会自动登录。
单点登录SSO(Single Sign On)的方法有很多,比如:p3p、共享session、共享cookice、第三方OAuth认证。
这里模拟淘宝、天猫登录。是模拟噢,要做到安全就要进行很多安全验证RSA加密了,带签名的参数了等。
淘宝与天猫登录时都是在淘宝登录,登录后redirect跳转到各自的网站HTTP_REFERER。
本地模拟,MY淘宝:http://my-taobao.com:8080/ My天猫:http://my-tmall.com/
为什么本地模拟的时候要修改一个的默认端口80为8080或其他端口,参考:http://www.cnblogs.com/dcb3688/p/4608003.html
My淘宝有三个文件,分别是:index.php login.php 与api.php
index.php
<?php
session_start();
$session_name= isset($_SESSION['name'])?$_SESSION['name']:'';
$session_token= isset($_SESSION['token'])?$_SESSION['token']:''; if($session_name){
echo "<strong>{$session_name}</strong>您已登录My-Taobao.com <a href='/api.php?action=logout&token={$session_token}'>退出</a>";
}else{
echo "您还未登录My-Taobao.com <a href='/login.php'>登录</a>";
}
login.php
<meta charset="utf-8"/>
<form action="api.php" method="post">
<input type="text" name="name">
<input type="hidden" name="action" value="login">
<input type="hidden" name="redirect" value="<?php echo $_SERVER['HTTP_REFERER'] ?>">
<input type="submit">
</form>
<?php session_start();
$session = isset($_SESSION['token']) ? $_SESSION['token'] : '';
$redirect = isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : "/";
$action = isset($_POST['action']) ? $_POST['action'] : '';
/**
* post 登录
*/
if ($action == 'login') {
if ($session) { #已经是登录的状态
echo '<meta charset="UTF-8"><script type="text/javascript">window.location.href = "' . $redirect . '";</script>';
}
$session = md5(time() . uniqid());
$_SESSION['token'] = $session;
$_SESSION['name'] = $_POST['name'];
$_SESSION['create_time'] = time(); if (!is_dir('session')) {
mkdir('session');
}
$fopen = fopen('session/' . $_SESSION['token'], 'w+'); //新建文件命令
fputs($fopen, serialize($_SESSION)); //向文件中写入内容;
fclose($fopen); exit('<meta charset="UTF-8"><script type="text/javascript">window.location.href = "' . $redirect . '";</script>');
} /**
* curl登录验证
*/
if ($action == 'curl_valid') {
$token = isset($_POST['token']) ? $_POST['token'] : '';
$res = 0;
if ($token) {
if (file_exists('session/' . $token)) { # 存在该文件
$data = unserialize(file_get_contents('session/' . $token));
if (isset($data['create_time'])) {
if ($data['create_time'] > time() - 7200) {
$res = 1;
}
}
}
} exit( json_encode(["status"=>$res]));
} /**
* get 退出
*/
$actionLogout = isset($_GET['action']) ? $_GET['action'] : '';
if ($actionLogout == 'logout') {
if (isset($_GET['token'])) {
unlink("session/".$_SESSION['token']);
unset($_SESSION['token']);
unset($_SESSION['name']);
}
exit('<script type="text/javascript">window.location.href = "' . $_SERVER['HTTP_REFERER'] . '";</script>');
} /**
* jsonp 访问
*/
$jsonp = isset($_GET['jsonp_callback']) ? $_GET['jsonp_callback'] : '';
if ($jsonp) {
$status = 0;
$node = [];
$msg = '';
if (isset($_SESSION['token'])) {
$status = 1;
$msg = 'success';
$node = $_SESSION;
} else {
$msg = 'fail';
}
exit($jsonp . '(' . json_encode(['status' => $status, 'msg' => $msg, 'node' => $node]) . ')');
}
My天猫有两个文件: index.php 与 list.php
index.php
<span id="line"> </span>
<script src="http://yiiui.com/static/v1/JUI/js/jquery-1.7.2.min.js"></script> <script > /**
* 获取cookie
*/
function getCookie(cookiename) {
var result;
var mycookie = document.cookie;
var start2 = mycookie.indexOf(cookiename + "=");
if (start2 > -1) {
start = mycookie.indexOf("=", start2) + 1;
var end = mycookie.indexOf(";", start); if (end == -1) {
end = mycookie.length;
}
result = unescape(mycookie.substring(start, end));
}
return result;
}
/**
* 设置cookie
*/
function setCookie(name, value) {
var Days = 30;
var exp = new Date();
exp.setTime(exp.getTime() + Days * 24 * 60 * 60 * 1000);
document.cookie = name + "=" + escape(value) + ";expires=" + exp.toGMTString();
} var token = getCookie("token"); if (token === null) { // 首次访问my-tmall.com // php curl 不能获取session因为curl是服务器端请求,jsonp是本地的客户端请求。
$.getJSON("http://my-taobao.com:8080/api.php?jsonp_callback=?", function (data) {
if (data.status == 1) {
data = data.node;
setCookie('token', data.token);
console.log(data);
$("#line").html("<strong>" + data.name + "</strong>您已登录My-Tmall.com <a href='http://my-taobao.com:8080/api.php?action=logout&token=" + data.token + "'>退出 </a> <a href='list.php'>列表</a>");
} else {
$("#line").html("您还未登录My-Tmall.com <a href='http://my-taobao.com:8080/login.php'>登录</a>");
}
});
} else { // 已经登录过,查询现在登录状态
$.getJSON("http://my-taobao.com:8080/api.php?jsonp_callback=?", function (data) {
if (data.status == 1) { // 登录
data = data.node;
if (data.token != token) { // 登陆其他账户了
setCookie('token', data.token);
window.location.href = document.location.href;
} else {
$("#line").html("<strong>" + data.name + "</strong>您已登录My-Tmall.com <a href='http://my-taobao.com:8080/api.php?action=logout&token=" + data.token + "'>退出</a> <a href='list.php'>列表</a>");
}
} else { // 未登录
$("#line").html("您还未登录My-Tmall.com <a href='http://my-taobao.com:8080/login.php'>登录</a>");
}
});
} </script>
list.php
<?php $token = isset($_COOKIE["token"]) ? $_COOKIE["token"] : '';
//print_r($token); $curl = curl(["action" => 'curl_valid', "token" => $token], "http://my-taobao.com:8080/api.php");
$ac = json_decode($curl, TRUE); if (isset($ac['status']) && $ac['status'] == 1) { # 登录中
echo '<ul>'
. '<li>1111</li>'
. '<li>2222</li>'
. '<li>3333</li>'
. '<li>4444</li>'
. '<li>5555</li>'
. '</ul>';
} else {
echo '已退出';
} function curl($data, $url, $method = 'POST', $headers = array()) {
$ch = curl_init();
$method_upper = strtoupper($method);
if ($method_upper == 'POST') {
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
$url = $url . (strpos($url, '?') ? '&' : '?') . (is_array($data) ? http_build_query($data) : $data);
curl_setopt($ch, CURLOPT_URL, $url);
}
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method_upper);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_AUTOREFERER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); //SSL 报错时使用
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); //SSL 报错时使用
if ($headers) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
}
$tmpInfo = curl_exec($ch);
if (curl_errno($ch)) {
exit(curl_error($ch));
}
curl_close($ch);
return $tmpInfo;
}
很简单的原理,My淘宝是正常网站登录与注销(主站)。当任何一个网站登录且访问My天猫,My天猫就Jsonp请求当前浏览器中是否登录过MY淘宝。如果登录过就种下一个cookice保存MY淘宝sessionKey。
当要访问My天猫其他页面的时候可直接通过获取Cookice使用php的CURL请求网站MY淘宝是否登录。
