Skip to content

Instantly share code, notes, and snippets.

@asgrim

asgrim/provider.php

Created September 9, 2013 13:54
Show Gist options
  • Save asgrim/6495890 to your computer and use it in GitHub Desktop.
Save asgrim/6495890 to your computer and use it in GitHub Desktop.
Download ZIP
SSO idea (don't use this - it's not secure, it's just an academic idea)
Raw
provider.php
<?php
require_once('shared.php');
$user = 'james';
$sig = generateSignature($user);
sleep(1);
header('Location: ' . $siteUrl . '?user=' . $user . '&sig=' . $sig);
Raw
shared.php
<?php
date_default_timezone_set('UTC');
$baseUrl = "http://localhost/sso";
$siteUrl = "{$baseUrl}/site1.php";
$providerUrl = "{$baseUrl}/provider.php";
function generateSignature($user)
{
// key shared between server/client
$key = 'mysecretkey';
// prevent replay attack
$time = date('YmdHi');
return sha1($user . $key . $time);
}
Raw
site1.php
<?php
error_reporting(E_ALL ^ E_NOTICE);
require_once('shared.php');
session_start();
if ($_GET['logout'] == '1')
{
unset($_SESSION['user']);
header('Location: ' . $siteUrl);
}
else if ($_SESSION['user'])
{
echo "Logged in (from session)... user=" . $_SESSION['user'] . ".</p>";
echo "<a href=\"{$siteUrl}?logout=1\">Logout</a>";
}
else if ($_GET['user'] && !$_SESSION['user'])
{
if (generateSignature($_GET['user']) == $_GET['sig'])
{
$_SESSION['user'] = $_GET['user'];
header('Location: ' . $siteUrl);
}
else
{
echo "Login failed.";
}
}
else
{
echo "Not logged in.</p>";
echo "<a href=\"{$providerUrl}\">Login</a>";
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment