PHP 卷曲和饼干 [英] PHP Curl And Cookies

问题描述

我在 PHP Curl 和 cookie 身份验证方面遇到了一些问题.

I have some problem with PHP Curl and cookies authentication.

我有一个文件 Connector.php，它验证另一台服务器上的用户并返回当前用户的 cookie.

I have a file Connector.php which authenticates users on another server and returns the cookie of the current user.

问题是我想使用 curl 对数千名用户进行身份验证，但它一次仅对一个用户进行身份验证并保存 COOKIES.

The Problem is that I want to authenticate thousands of users with curl but it authenticates and saves COOKIES only for one user at a time.

connector.php 的代码是这样的:

The code for connector.php is this:

    <?php
    if(!count($_REQUEST)) {
        die("No Access!");
    }


    //Core Url For Services
    define ('ServiceCore', 'http://example.com/core/');


    //Which Internal Service Should Be Called
    $path = $_GET['service'];


    //Service To Be Queried
    $url = ServiceCore.$path;

    //Open the Curl session
    $session = curl_init($url);

    // If it's a GET, put the GET data in the body
    if ($_GET['service']) {
        //Iterate Over GET Vars
        $postvars = '';
        foreach($_GET as $key=>$val) {
            if($key!='service') {
                $postvars.="$key=$val&";
            }
        }
        curl_setopt ($session, CURLOPT_POST, true);
        curl_setopt ($session, CURLOPT_POSTFIELDS, $postvars);
    }


    //Create And Save Cookies
    $tmpfname = dirname(__FILE__).'/cookie.txt';
    curl_setopt($session, CURLOPT_COOKIEJAR, $tmpfname);
    curl_setopt($session, CURLOPT_COOKIEFILE, $tmpfname);

    curl_setopt($session, CURLOPT_HEADER, false);
    curl_setopt($session, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($session, CURLOPT_FOLLOWLOCATION, true);

    // EXECUTE
    $json = curl_exec($session);
        echo $json;
    curl_close($session);
?>

这里是认证过程:

1. 用户输入用户名和密码:Connector.php?service=logon&user_name=user32&user_pass=123
2. Connector.php?service=logosessionInfo 根据之前使用登录服务保存的 cookie 返回有关用户的信息.

1. User enters username and password: Connector.php?service=logon&user_name=user32&user_pass=123
2. Connector.php?service=logosessionInfo returns info about the user based on the cookies saved earlier with logon service.

问题在于，此代码将 cookie 保存在每个用户的一个文件中，并且无法处理多个用户身份验证.

The problem is that this code saves the cookie in one file for each user and can't handle multiple user authentications.

推荐答案

上述解决方案，即使使用唯一的 CookieFile 名称，也会在规模上造成很多问题.

Solutions which are described above, even with unique CookieFile names, can cause a lot of problems on scale.

我们不得不使用此解决方案提供大量身份验证，并且我们的服务器由于大量文件读写操作而停机.

We had to serve a lot of authentications with this solution and our server went down because of high file read write actions.

对此的解决方案是使用 Apache 反向代理并完全忽略 CURL 请求.

The solution for this was to use Apache Reverse Proxy and omit CURL requests at all.

可以在此处找到如何在 Apache 上使用代理的详细信息:https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

Details how to use Proxy on Apache can be found here: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html

这篇关于PHP 卷曲和饼干的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！