1.准备两个虚拟域名
127.0.0.1 www.a.com
127.0.0.1 www.b.com
2.在a的根目录下创建以下文件
1 //index.php 2 3 <?php 4 session_start(); 5 ?> 6 <!DOCTYPE html> 7 <html> 8 <head> 9 <meta charset="UTF-8"/> 10 <title>sync login</title> 11 </head> 12 <body> 13 14 <?php if(empty($_SESSION['username'])):?> 15 <p>hello,游客;请先<a href="login.php">登录</a></p> 16 <p><a href="http://www.b.com/index.php">进入空间</a></p> 17 <?php else: ?> 18 <p>hello,<?php echo $_SESSION['username']; ?>;<a href="http://www.b.com/index.php">进入空间</a></p> 19 <?php endif; ?> 20 <a href="http://www.a.com/index.php">home</a> 21 </body> 22 </html> 23 24 //login.php 25 <?php 26 session_start(); 27 if(!empty($_POST['username'])){ 28 require './Des.php'; 29 $_SESSION['username'] = $_POST['username']; 30 $redirect = 'http://www.a.com/index.php'; 31 header('Location:http://www.a.com/sync.php?redirect='.urlencode($redirect).'&code='.Des::encode($_POST['username'],'a')); 32 exit; 33 } 34 ?> 35 <!DOCTYPE html> 36 <html> 37 <head> 38 <meta charset="UTF-8"/> 39 <title>sync login</title> 40 </head> 41 <body> 42 <form action="" method="post"> 43 <input type="text" name="username" placeholder="用户名"/> 44 <input type="text" name="password" placeholder="密码"/> 45 <input type="submit" value="登录"/> 46 </form> 47 </body> 48 </html> 49 50 //sync.php 51 <?php 52 $redirect = empty($_GET['redirect']) ? 'www.a.com' : $_GET['redirect']; 53 if (empty($_GET['code'])) { 54 header('Loaction:http://' . urldecode($redirect)); 55 exit; 56 } 57 58 $apps = array( 59 'www.b.com/slogin.php' 60 ); 61 ?> 62 <!DOCTYPE html> 63 <html> 64 <head> 65 <meta charset="UTF-8"/> 66 <?php foreach ($apps as $v): ?> 67 <script type="text/javascript" src="http://<?php echo $v . '?code=' . $_GET['code'] ?>"></script> 68 <?php endforeach; ?> 69 <title>passport</title> 70 </head> 71 <body> 72 <script type="text/javascript"> 73 window.onload = function () { 74 location.replace('<?php echo $redirect; ?>'); 75 } 76 </script> 77 </body> 78 </html> 79 80 //Des.php 81 //当在www.a.com登录后将session信息传到其他域名下的文件下进行处理,以script标签包含的形式进行运行。 82 <?php 83 84 class Des 85 { 86 /** 87 * 简单对称加密算法之加密 88 * @param String $string 需要加密的字串 89 * @param String $skey 加密EKY 90 * @return String 91 */ 92 public static function encode($string = '', $skey = 'cxphp') 93 { 94 $strArr = str_split(base64_encode($string)); 95 $strCount = count($strArr); 96 foreach (str_split($skey) as $key => $value) { 97 $key < $strCount && $strArr[$key] .= $value; 98 } 99 return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); 100 } 101 102 /** 103 * 简单对称加密算法之解密 104 * @param String $string 需要解密的字串 105 * @param String $skey 解密KEY 106 * @return String 107 */ 108 public static function decode($string = '', $skey = 'cxphp') 109 { 110 $strArr = str_split(str_replace(array('O0O0O', 'o000o', 'oo00o'), array('=', '+', '/'), $string), 2); 111 $strCount = count($strArr); 112 foreach (str_split($skey) as $key => $value) { 113 $key <= $strCount && isset($strArr[$key]) && $strArr[$key][1] === $value && $strArr[$key] = $strArr[$key][0]; 114 } 115 return base64_decode(join('', $strArr)); 116 } 117 }
3.在www.b.com的根目录下创建如下文件
1 //slogin.php文件 完成session的设置 2 <?php 3 session_start(); 4 header('Content-Type:text/javascript; charset=utf-8'); 5 if(!empty($_GET['code'])){ 6 require './Des.php'; 7 $username = Des::decode($_GET['code'],'a'); 8 if(!empty($username)){ 9 header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); 10 $_SESSION['username'] = $username; 11 } 12 } 13 ?> 14 15 //index.php 16 <?php 17 session_start(); 18 if(!empty($_SESSION['username'])) 19 { 20 echo "欢迎来到".$_SESSION['username']."的空间"; 21 }else{ 22 echo "请先登录"; 23 } 24 ?>
4.此时访问www.a.com和www.b.com都是未登录状态
登录后两个域名下都是登录状态
到此我们实现了一个简单的单点登录。
done!