使用 fsockopen curl 在 php 中使用身份验证系统

发布于 2024-10-16 05:38:44 字数 1102 浏览 5 评论 0 原文

我有一台服务器和许多客户端。身份验证必须在服务器上完成。当用户提交 ID 和密码时,它通过 post 方法发送,服务器对其进行身份验证并发送雕像消息(有效/无效)。这样做不安全。首先,我应该使用一些像 facebook 那样的令牌系统。所以,为了帮助我在这里发布了一些问题。如果我想遵循令牌系统,建议我使用 openId 。我已经经历过,但是非常复杂。我不需要那么复杂。

然后我想到了fsockopen。表单提交后,就会进入客户端系统的功能之一。我从该函数发送和接收数据。

    $url = 'http://www.server.net/auth_system/test'.'/'.$email_id.'/'.$password.'/'.$site_id; 

     $fp = fsockopen($url_parsed['host'],"80",$err_num,$err_str,30); 
     fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n"); 
     fputs($fp, "Host: $url_parsed[host]\r\n"); 
     fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); 
     fputs($fp, "Content-length: ".strlen($post_string)."\r\n"); 
     fputs($fp, "Connection: close\r\n\r\n"); 
     fputs($fp, $post_string . "\r\n\r\n"); 

在服务器上:

    $status =   Database...($email_id, $password, $site_id);            
                    echo "<br>split-delimiter".$email_id."split-delimiter<br>";
                    echo "split-delimiter".$status."split-delimiter";

**请告诉我我所做的事情是正确的吗?有什么更好的办法吗?使用卷曲怎么样?

I has a server and many clients. authentication must be done at server. when user submits id and password it send by post method and server authenticate it and send the statues message(valid/notvalid). doing it not safe. first i though, i should use some token system like how facebook does.so, for help i posted some question here. I have been suggested to use openId if i want follow token system . i have gone through it, but it is very complicated. I don't require that complex.

Then i though of fsockopen. once form submitted, it come to one of the function in client system. FROM that function i am sending and receiving data.

    $url = 'http://www.server.net/auth_system/test'.'/'.$email_id.'/'.$password.'/'.$site_id; 

     $fp = fsockopen($url_parsed['host'],"80",$err_num,$err_str,30); 
     fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n"); 
     fputs($fp, "Host: $url_parsed[host]\r\n"); 
     fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); 
     fputs($fp, "Content-length: ".strlen($post_string)."\r\n"); 
     fputs($fp, "Connection: close\r\n\r\n"); 
     fputs($fp, $post_string . "\r\n\r\n"); 

at server:

    $status =   Database...($email_id, $password, $site_id);            
                    echo "<br>split-delimiter".$email_id."split-delimiter<br>";
                    echo "split-delimiter".$status."split-delimiter";

** pls tell me what i am i doing is correct?. is any better way? what about using curl?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

穿越时光隧道 2024-10-23 05:38:44

最近我和我的好朋友的看法非常不同。他还认为 openID 太复杂,他喜欢自己进行身份验证。

复杂性

但我向您(和他)提出的问题是:

  • 您认为 OpenID 的复杂性在哪里。我实在是看不下去了。当你使用友好的 OpenID 界面时,我认为它很简单/友好。看一下 stackoverflow 的登录。您是否觉得身份验证很复杂?我根本没有看到任何复杂性。

为什么你不应该进行身份验证

为什么我认为你不应该进行身份验证:

我最近更喜欢编写node.js(JavaScript),然后是PHP,但我创建了一个小 库< /a> 它使用极其简单的 LightOpenID 库和 openid-selector 来使其友好。您只需克隆存储库即可开始使用。在我看来,简单得就像地狱一样。我喜欢做更多的提交(我认为不会有更多的提交),这样也可以很容易地使用 myopenid.com 创建 OpenID 帐户(就像 stackoverflow.com 一样)。

您可以在我的小型 PHP 虚拟主机提供商 http://westerveld.name/php-openid/。它看起来像下面的屏幕截图:

PS:我仍然认为当我再做几次提交库时将会处于一个相当不错的状态。在我看来已经很不错了。

Lately I have a really different opinion with good friend of mine. He also thinks openID is to complex and he likes to do authentication himself.

Complexity

But my question to you(and him) is:

  • what do you find complex about OpenID. I really can't see it. When you use a friendly OpenID interface I think it is easy/friendly. Have a look at stackoverflow's login. Did you find it complex to authenticate? I am not seeing any complexity at all.

Why you should not do authentication

Why I think you should not do authentication:

  • storing your passwords safely is hard and to be honest I have been looking a lot into this lately and I think cryptography is extremely complicated(Some parts I just can't completely wrap my mind about). P.S: I think you should also read this very interesting article explaining how Lifehacker got hacked by Jeff Atwood(Stackoverflow author).

Library

I much rather like to code node.js(JavaScript) lately then PHP, but I created a little library which uses the extremely simple LightOpenID library in conjunction with openid-selector to make it friendly. You just clone the repository and you are ready to go. Simple as hell in my opinion. I like to do a couple more commits(I don't think many more commits are coming) to also make it very easy to create an OpenID account using myopenid.com(just like stackoverflow.com).

You can view a working example(it is just a simple git clone which stays up to date with github) on my little PHP webhosting provider at http://westerveld.name/php-openid/. It looks something like the screenshot below:

enter image description here

P.S: I still think when I do a couple more commits the library is going to be in a pretty good state. It is already pretty good in my opinion.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文