我需要整合两个网站，什么是最好的方式来继承登录信息？ [英] I need to integrate two sites, what's the best way to carry over login information?

问题描述

所以，我有两个网站，网站A和B.我需要使B的A部分。我这样做是通过添加一个模块到A，并在该模块内，一个iframe包含一个链接到B.所以，实际上，B仍然可以作为独立站点访问，但也可以通过A.访问。
现在，这两个站点都需要登录才能允许访问。我需要绕过站点B的登录，当它通过站点A访问时。我设法绕过它，但是只有当两个站点托管在同一个服务器（我使用会话变量），但现在我需要能够绕过B上的登录屏幕，而不管其托管的服务器。
那么，我该怎么做呢？

So, I have two sites, sites A and B. I need to make B part of A. I did this by adding a module to A, and within that module, an iframe that contained a link to B. So, effectively speaking, B can still be accessed as a standalone site, but it can also be accessed through A. Now, both sites require a login to allow access. I need to bypass the login for site B when it is accessed through Site A. I managed to bypass it, but only if the two sites are hosted on the same server (I used session variables), but now I need to be able to bypass the login screen on B regardless of the server it is hosted on. So, how do I do this?

最初我认为cookie，但cookie是特定于域的，这两个网站可能托管在不同的域。

At first I thought cookies, but cookies are domain specific, the two sites might be hosted on separate domains.

有办法使用GET吗？因此，网站A使用在网址中写入的用户名调用网址，然后网站B读取网址，解析并相应登录。我不知道如何实现这个，我要调用什么样的URL，网站B需要什么样的PHP代码，最后，你怎么做这样的东西安全？

Is there way a to use GET? So, Site A calls a url with the username written in the url, and then site B reads the url, parses it and logs in accordingly. I have no idea how I can implement this, what kind of url would I have to call, what kind of php code would Site B need, and lastly, how do you make something like this secure?

感谢您的帮助。

推荐答案

向站点B发送带有散列的UUID。

Send a UUID with a hash to site B. The hash should be something that only both servers will know and can decode so something like the following should work.

<?php
$salt = 'ashfiu8435t43434t fgfjgfgfuguSGDSBDY77;';
$uuid = ''; // this should be set to the users ID
$hash = sha1($salt . $uuid);
?>
<a href="http://siteb.com?hash=<?php echo ($hash); ?>&uuid=<?php echo $uuid; ?>">Site B</a>

在现场B

On site B

<?php
$salt = 'ashfiu8435t43434t fgfjgfgfuguSGDSBDY77;';
$uuid = $_GET['uuid'];
$sent_hash = $_GET['hash'];
$local_hash = sha1($salt . $uuid);

if($sent_hash === $local_hash) {
   echo 'Logged in! Yay!';
} else {
   echo 'Authentication failed';
}

您应该使散列更难伪造或弄虚作假，在给定的时间之后，以便人们不能仅仅保存哈希并重用它们或传递它们。我故意保持简单，显示这将工作。

You should make the hash more difficult to fake or figure out and make it expire after a given time so that people can't just save hashes and re-use them or pass them about. I have deliberately kept it simple to show this would work.

这篇关于我需要整合两个网站，什么是最好的方式来继承登录信息？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！