Of Stack

Solution to the Failure of Multi domain Name Login in web System in php

  • 2021-07-21 07:34:49
  • OfStack

This article describes the example of php web system multi-domain login failure solution, to share for your reference. The specific analysis is as follows:

The following is just a simple logical structure, which needs to be dealt with concretely for formal systems.

It should be noted here that security verification is required for encryption and decryption 1. But this method is not perfect, two sites must have the same level 1 domain name; In addition, this method based entirely on cookie is not safe enough 


function login()
{
  $info = callloginserver(); // Access the login server 
  if(!empty($info))  // Login succeeded 
}
// If the user is not logged in, log in in the system and call the login server interface 
function login()  // Normal login 
{
  .......// Verify the legitimacy of the user 
  $_session['uid'] = $user_id;
  setcookie('sign', encrypt($pass9), '', '/', 'the.com');
}

First check whether the user is logged in to the login system 


funtion sign()
{
 $sign = $_cookie['sign'];
 if(!empty($sign))
 {
   $sign = decrypt($sign);
  ........../// Login Successful 
 }
}

If the user is not logged in, log in in the system and call the login server interface 


function loging() // This system login 
{ 
 .....// Login Successful 
 callseverlogin();// Notify user to log in 
}

All sites share one login system; When the user logs in one of the sites successfully, the system calls the login interface of other sites to complete the user's login in other sites and set the corresponding login information at the same time; Or when the user logs in, only the login information of the user is saved in the system. When the user logs in at other sites, the system interface must be requested to obtain the information of whether the user logs in or not. The disadvantage of the first one is that no matter whether the user uses other sites or not, those sites need to save the user status; The latter way shifts all the pressure to the login system. If we want to realize the unified operation of user exit, we need the site to call the exit interface of the login system, and then the login system interface calls the exit interface of other sites; Or set a mark, if this mark does not exist, mark the user to quit. At this time, just empty the mark, and other sites will know that the user has quit the system when they find that the mark does not exist.

This approach requires that the login interface and logout interface be specified between the login system and each site. Through these interfaces, each site can easily handle user login or logout.

I hope this article is helpful to everyone's PHP programming.

Related articles: