Of Stack

An SSO solution for php application of cookie verification in detail

  • 2021-08-10 07:21:30
  • OfStack

An SSO solution for php application verified by cookie in detail

Recently, the project needs to access an PHP application that has been in disrepair for a long time, Because the system has been built for many years, and is made by the information center's own people through some tools, and is written by PHP, which I have not really touched, and is not on the same server as our system, that is, there is a cross-domain problem. I want to realize it by simulating the login of the client, but it is always unsuccessful.

No way, had to try 1 cut way to view the page source code, and then, find the server php file, analysis.

Because I am not familiar with php, and I didn't look at it carefully, I only had a preliminary understanding of the php file of the login page, which was basically realized through cookie. In fact, I didn't know the real verification mechanism and how to verify it clearly, so I started a new journey in a hurry, and the result was repeated attempts and failures.
Let's talk about the implementation of 1 under 1:

At the beginning

Add an iframe to the system, try to assign the user name and password of the designated page of the remote system in iframe from the local application, and simulate the click event of the "login" button. This is bound to fail, because, cross-domain, js1 can not cross-domain remote operation of other people's things.

And then

Remote action of local form. Add 1 form to the local page, This form is added with the content of the login interface like the target system 1 (that is, the user name and password input box, especially the application has no verification code), and then when the page is loaded, the elements in form are assigned values. When clicking the "single sign-on" on the local page, this form is submitted, trying to realize the login verification of this php system according to the login verification mode of java. However, still, you can't log in normally.

Next

Carefully analyze the logged-in php file. It is found that the verification process is actually realized through cookie, and it is vaguely remembered that many early BBS were in this way. Looking for relevant personnel to get a general understanding of the mechanism and process of login verification through various channels, it turned out that after login, the information was written into cookie, and each page would introduce an php file that read cookie and judge according to the contents of cookie. In this way, we understand the verification mechanism. Therefore, I want to write cookie across domains. Because my application is portal application, it takes some effort to write cross-domain application. In the end, it is no problem to write local cookie, but cross-domain cookie can't be generated without even thinking about it.

Finally

By analyzing the login interface of php, it is found that every time the directed login php file is verified, there is a judgment such as if (isset ($submit) and $submit = = "login"). I don't particularly understand what this sentence means. isset seems to judge whether the parameter is empty, and then judge that the parameter value is "login"! Because my php level is too low, I don't know what effect this judgment has and whether it can be implemented. Finally, we can only discuss with the customer whether we can add an php file specially used to receive single sign-on requirements on the server side. Only the original login php file was modified to remove these judgments, and after the original login was verified, the target page jumped to was jumped through the information obtained from the address bar, so this part of the content was also increased. In this way, the following ssologon. php file is finally formed 


<?php require($DOCUMENT_ROOT."/db.inc"); 
 
    $dbh=db_connect(); 
    if(!$dbh) die("mysql connect failed. please wait to retry..."); 
    $sql="select * from user_code where ((user_name='$username') and (user_password='$password'))";            
    $result=mysql_query($sql,$dbh); 
    if(!$result) die("mysql system error, please connact with admin"); 
    $num=mysql_num_rows($result);       
    if($num<1){ //not such a man 
      db_close($dbh); 
      echo "$header  Wrong name or password  $footer"; 
      exit;   
    } 
    else{ // Verify through , Settings cookie 
      $row=mysql_fetch_object($result); 
      db_close($dbh); 
      $temp=$row->user_id."*".$row->user_cnname."*".$row->user_password;            
      $ret=setcookie("WEBOAUSER","$temp"); 
      echo "<meta http-equiv='refresh' content='0;url=http://192.168.1.4/uuu/default.php'>"; 
       
      exit;                 
    } 
?>

Then, the action of the form in the local application is specified as this php file, done!

To sum up, for things that need to be analyzed to get done, 1 must not be too anxious, be careful and understand the principle, so as to get twice the result with half the effort.

If you have any questions, please leave a message or go to this site community to exchange and discuss, thank you for reading, hope to help everyone, thank you for your support to this site!

Related articles: