Best way to way a php script that logs a user in when they click a link on another website? [duplicate]

This question already has answers here: Closed 11 years ago.

Possible Duplicate:

Single Sign On - how to implement?

I have a two website which are totally unrelated. I need to write a php script that will send a user to the second site and log them in. Need t开发者_StackOverflow中文版o do this securely and also send over the user information (like username, profile details etc).

What is the best way to achieve this?

---

Setup an SSL connection between the 2 sites.

And add the user information to for example an JSON string and send it to the other site.

On the other site you need to check the credentials (in the JSON string) again.

---

What you are talking about is SSO (single sign on).

There are many many approaches.

A simple approach is to implement would be some form of token sharing to ensure the requested user is an existing and valid user before then passing them on, or accepting a request to by-pass login on the target site.

---

I am solving it by having all necessary data in link:

  http://example.com?id=user-info

Where "user-info" is crypted everything what i need:

$cyphre = new Crypt_Xtea;  
$user-info = $username."-".$password."-".$any-other-info-i-need; 
$user-info = urlencode(base64_encode($cyphre->encrypt((string)$user-info, "[cyphre key]")));

On other side i have

$cyphre = new Crypt_Xtea;  
$user-info = $cyphre->decrypt(base64_decode(urldecode($_GET["id"])),"[cyphre key]");
$user-info = explode("-",$user-info);

In this example:

$user-info[0] = $username;
$user-info[1] = $password;
etc

Downsides of this approach:

• You have to have access to the source code of both sides
• Its not bulletproof (Salt, Salt, Salt! )