The example in this article describes the solution to PHP web system multiple domain name login failure, and shares it with everyone for your reference. The specific analysis is as follows:
The following is just a simple logical structure, and specific processing is required for a formal system.
What needs to be noted here is: encryption and decryption must require security verification. However, this method is not perfect. The two sites must have the same first-level domain name; in addition, this completely cookie-based method is not secure enough
function login() { $info = callloginserver(); //访问登录服务器 if(!empty($info)) //登录成功了 } //用户没有登录,则在本系统中登录并调用登录服务器接口 function login() //正常的登录 { .......//验证用户的合法性 $_session['uid'] = $user_id; setcookie('sign', encrypt($pass9), '', '/', 'the.com'); }
First check if the user is logged in in the login system
funtion sign() { $sign = $_cookie['sign']; if(!empty($sign)) { $sign = decrypt($sign); ..........///登录成功 } }
If the user is not logged in, log in to this system and call the login server interface
function loging() //本系统登录 { .....//登录成功 callseverlogin();//通知用户登录 }
All sites share a login system; when a user successfully logs in on one of the sites, the system calls the login interface of other sites to complete the user's login on other sites and sets the corresponding login information; or when the user logs in When the user logs in, only the user login information is saved in this system. When the user logs in at other sites, the system interface must be requested to obtain information about whether the user is logged in. The disadvantage of the former method is that no matter whether the user uses other sites, those sites need to save the user status; the latter method transfers all the pressure to the login system. If you want to realize the unified operation of user exit, you need the site to call the exit interface of the login system, and then the login system interface calls the exit interface of other sites; or set a mark to indicate the user to exit if the mark does not exist. At this time, just put Just clear the mark. If other sites find that the mark does not exist, they will know that the user has exited the system.
This processing method requires stipulating the login interface and logout interface between the login system and the individual site. Through these interfaces, each site can easily handle user login or logout.
I hope this article will be helpful to everyone’s PHP programming design.
You should read it carefully in the PHP manual as it is very clear
bool setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly]]]]]]
Just use the SETCOOKIE function. There is an optional parameter: string $domain. This is the domain name. For example, you want to set www.aa.com and bbs.aa.com It is also valid if this parameter is ".aa.com". Remember there is a .
in front of it.
PHP domain names and virtual hosts are generally more foreign, such as whmcs, awbs, and cpanel.
The only one available in China is prima, but this software is relatively expensive and has not been updated for a long time. There are many domestic ASP-based domain name hosting systems.
Xu Fei
[authoritative expert]