Home > Backend Development > PHP Tutorial > Solution to multi-domain login failure in PHP web system_PHP tutorial

Solution to multi-domain login failure in PHP web system_PHP tutorial

WBOY
Release: 2016-07-20 11:09:19
Original
890 people have browsed it

The following is just a simple logical structure, and specific processing is required for a formal system.


What needs to be noted here is: encryption and decryption must require security verification. But this method is not perfect. The two sites must have the same first-level domain name; in addition, this completely cookie-based method is not secure enough

function login()
{
$info = callloginserver(); //Access the login server
if (!empty($info)) //Login successful
}

//The user is not logged in, then in In this system, log in and call the login server interface

function login() //Normal login
{
.......//Verify the legitimacy of the user
$_session ['uid'] = $user_id;
setcookie('sign', encrypt($pass9), '', '/', 'the.com');
}
First check if the user is Log in to the system
funtion sign()
{
$sign = $_cookie['sign'];
if(!empty($sign))
{
$sign = decrypt($sign);
...........///Login successful
}
}

If the user is not logged in, log in to this system and Call the login server interface

function logging() //Login to this system
{
.....//Login successful
callseverlogin();//Notify the user to log in

}

All sites share a login system; when a user successfully logs in at one of the sites, the system calls the login interface of other sites to complete the user's login on other sites. Log in, and set the corresponding login information at the same time; or when the user logs in, only save the user login information in the system. When the user logs in on other sites, the system interface must be requested to obtain information about whether the user is logged in. The disadvantage of the former method is that no matter whether the user uses other sites, those sites need to save the user status; the latter method transfers all the pressure to the login system. If you want to realize the unified operation of user exit, you need the site to call the exit interface of the login system, and then the login system interface calls the exit interface of other sites; or set a mark to indicate the user to exit if the mark does not exist. At this time, just put Just clear the mark. If other sites find that the mark does not exist, they will know that the user has exited the system.

This processing method requires stipulating the login interface and logout interface between the login system and the individual site. Through these interfaces, a site can easily handle user login or logout:


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/444806.htmlTechArticleThe following is just a simple logical structure, and specific processing is required for the formal system. What needs to be noted here is that encryption and decryption must require security verification. But this method is not perfect either...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template