集中登录/注册的可能问题
[英]Possible issues with centralizing the login/registration
问题描述
I've build two seperate browsergames and I want them to share the same login system. 
我已经构建了两个单独的浏览器游戏,希望它们共享相同的登录系统。 So that if you have one account which you use for both games. 这样一来,如果您拥有一个用于两个游戏的帐户。 I want this because of payment reasons (if they buy something I have to pay per website so I want all payments to come from one website) and user experience (why sign up multiple times?). 我要这样做是出于付款原因(如果他们要买东西,我必须每个网站付款,所以我希望所有付款都来自一个网站)和用户体验(为什么要多次注册?)。
But when they first sign up and login I do not want to redirect them to the centralized system because I want the sign-up/login-proccess to be as simple as possible because I'm afraid they'll lose interest. 但是,当他们首次注册并登录时,我不想将它们重定向到集中式系统,因为我希望注册/登录过程尽可能简单,因为我担心他们会失去兴趣。
So I was thinking about letting them sign in to the website normally and then using cURL to send the requests to the centralized website by building an API. 因此,我正在考虑让他们正常登录网站,然后使用cURL通过构建API将请求发送到集中式网站。
I am however wondering if this is a good approach because none of the websites are on the same network. 但是,我想知道这是否是一个好方法,因为没有一个网站在同一网络上。 I guess I'll have to build the centralized login system in such a way that it only accepts requests from the domains the games are on. 我想我将必须以这种方式构建集中式登录系统,使其仅接受来自游戏所在域的请求。 But are there any other things I have to worry about? 但是我还有其他需要担心的事情吗? How should I send for example passwords? 我应该如何发送例如密码? Because sending them plain text seems like a horrible idea so I guess I'll have to hash them on the side of the game. 因为向他们发送纯文本似乎是一个可怕的主意,所以我想我必须在游戏方面对它们进行哈希处理。 I guess I'll have to make a small copy of the users table for for example the username and user_id. 我猜我将不得不复制用户表的一个小副本,例如用户名和user_id。
I don't want to use for example OpenID or Facebook Connect or something because that does mean redirecting to an external system (which is bad for user experience) and the average age off players on the website is about fourteen, so they have no clue about OpenID and I don't want to force them to connect their Facebook accounts to my websites. 我不想使用例如OpenID或Facebook Connect之类的东西,因为那确实意味着重定向到外部系统(这对用户体验不利),并且网站上的平均离开玩家年龄只有14岁左右,因此他们一无所知关于OpenID的信息,我不想强迫他们将其Facebook帐户连接到我的网站。
Also I'm sorry if I'm unclear or writing in bad English, I'm not a native and having a hard time expressing myself the right way. 同样,如果我不清楚或英语写得不好,我也很抱歉,我不是母语人士,很难以正确的方式表达自己。
Thanks in advance! 提前致谢!
1 个解决方案
解决方案1
0 2014-02-18 09:32:45
If I were you, i'd create a API for registration system. 如果您是我,我会为注册系统创建一个API。
Website A (game1) uses that API to create accounts and verify them, same does the website B. 网站A(game1)使用该API创建帐户并验证帐户,网站B也是一样。
API would validate data, respond with errors (username taken etc), or return success messages. API将验证数据,响应错误(采用用户名等)或返回成功消息。 It should be protected (LAN access only or some authentication) 它应该受到保护(仅LAN访问或某些身份验证)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.