0

我在两个域中有两个文件

     http://example1.com/remote_login.php


     http://example2.com/login.php

当用户访问http://example1.com/remote_login.php时,我想在 remote_login.php 中进行一些验证,之后我想发布usernameandpasswordhttp://example2.com/login.php如果结果成功,用户应该被重定向到http://example2.com/index.php(我也在检查会话http://example2.com/index.php

任何的想法

Sorry for my bad english

我已经尝试使用它curl,但它不起作用它会登录,但不会设置会话。所以用户无法重定向到index.php

$cookie="cookie.txt"; 
$data = array();
$data['global_id'] = "raj";
$data['global_password'] = "raj";

foreach ($data as $key => $value){
    $post_items[] = $key . '=' . $value;
}

//create the final string to be posted using implode()
$post_string = implode ('&', $post_items);


$curl_connection = curl_init('http://example2.com/login.php');
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);

curl_setopt($curl_connection, CURLOPT_USERAGENT,"Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1");

curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl_connection, CURLOPT_FAILONERROR, TRUE);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_REFERER, 'http://example2.com/login.php');
curl_setopt($curl_connection, CURLOPT_POST, true);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl_connection, CURLOPT_HEADER, FALSE);
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($curl_connection, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($curl_connection, CURLOPT_SSLVERSION, 3); // OpenSSL issue
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, 0);  // Wildcard certificate
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($curl_connection);


if($result){
    header("Location: http://example2.com/index.php");

}
else{
    echo "Login failed";
}
4

2 回答 2

0

这是一个相当大的任务。用户未登录的原因是会话不会设置在他们的机器上,而是设置在服务器上(如果它接受 cookie)。所以你现在做的很没用。

话虽如此,您可以设置某种系统,在该系统中,每次远程登录都会触发某种“验证 ID”,然后可以将其返回给该特定用户,然后将用户重定向到链接(validateSession.php?),传递特定 ID 以确认身份,所有会话都在那里设置...

这是一项艰巨的任务。

另请注意:这不是 100% 安全的,除非您使用 SSL 来防止中间人攻击。中间人攻击是指一些邪恶的怪物监听从客户端发送到服务器的内容,反之亦然。所以如果有人拿到了那个ID,你就有麻烦了。或者更糟糕的是,如果他们掌握了用户的用户名并通过了……哦,天哪……

于 2012-08-10T04:05:47.117 回答
0

把你的代码按原样

在 if($result) 中更改您的代码

if($result){

<form id="myform" action="http://example2.com/index.php" method="post">
<input type="hidden" name="username" value=$username>
<input type="hidden" name="password" value=$password>
</form>

<script type="text/javascript">    // java script
function submitform()               // this is function send from data useing post method 
{
document.forms["myform"].submit();
alert("Value is sumitted");
}
function submitform();  //  calling function on page load
</script>

}
于 2012-08-10T04:49:11.040 回答