我的Facebook应用程序中的OAuth 2.0问题

时间:2011-10-02 19:30:34

标签: php facebook

evertything在我的脸书应用程序中正常运行,直到我将其升级到OAuth 2.0,并且我不确定我是否做得对。

问题是我已经让OAuth对话框工作了,当用户授权应用程序时,它会将我的应用程序渲染到iFrame中,但是我的$ _GETs []出现问题,让我解释一下:

这是我的index.php,我用作主页面,而我只是在一个名为content的div中包含()一些文件,具体取决于$ _GET ['section']:

    $app_id = "xxx";
$application_secret = 'xxx';
    $canvas_page = "xxx";
    $auth_url = "http://www.facebook.com/dialog/oauth?client_id=".$app_id. "&redirect_uri=".urlencode($canvas_page)."&scope=publish_stream,offline_access";

 //OAuth 2.0

    function parse_signed_request($signed_request, $secret) {

        list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

        // decode the data
        $sig = base64_url_decode($encoded_sig);
        $data = json_decode(base64_url_decode($payload), true);

        if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
            error_log('Unknown algorithm. Expected HMAC-SHA256');
            return null;
        }

        // check sig
        $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
        if ($sig !== $expected_sig) {
            error_log('Bad Signed JSON signature!');
            return null;
        }

        return $data;
    }

    function base64_url_decode($input) {
        return base64_decode(strtr($input, '-_', '+/'));
    }
//
$data = parse_signed_request($_REQUEST["signed_request"],$application_secret);

    if (empty($data["user_id"])) {
          echo("<script> top.location.href='" . $auth_url . "'</script>");
    } else {

    $_SESSION['on'] = 1;
    include ('src/facebook.php');

    $files = array();
    $files['RE'] = 'xxx.php';
    $files['RC'] = 'yyy.php';
    $files['DP'] = 'zzz.php';

    $facebook = new Facebook(array(
        'appId'  => $app_id,
        'secret' => $application_secret,
        'cookie' => true, 
        'perms' => 'publish_stream, offline_access',
        ));
    $_SESSION["access_token"] = $data["oauth_token"];
    $me = $facebook->api('/me?oauth_token='.$_SESSION["access_token"]);

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" xmlns:fb="https://www.facebook.com/2008/fbml">
    <link rel="stylesheet" href="css/style.css" type="text/css">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <meta http-equiv="Content-Style-Type" content="text/css">
    <meta property="og:title" content="title" />
    <meta property="og:description" content="description" />
    <meta property="og:image" content="thumbnail_image" />
    </head>
    <body>
        <div class="wrapper">
            <?php include("inc/app_header.php");?>
            <div class="content">
            <?php 
                if(isset($_GET['section'])) 
                {
                    $file_to_include = 'inc/'.$files[$_GET['section']];
                }
                else 
                {
                    $file_to_include = 'inc/section_restaurantes.php';
                }

                include($file_to_include);
            ?>  
                <div class="content_bottom_space"></div>
            </div>
            <div class="footer">
            </div>
        </div>
    </body>
    </html>
    <?php } ?>

和section_restaurantes的代码是:

    <div class="section_restaurantes">
        <div class="restaurantes_container">
            <div class="restaurantes"><a href="index.php?section=DP"></a></div>
            <div class="restaurantes"><a href="index.php?section=PH"></a></div>
        </div>
    </div>

问题是,当我点击这些div时,我的所有浏览器都被重新加载,url中的?code =参数会改变两次并在section_restaurantes.php上重新加载,而不是加载DP部分,我希望我是清楚。

我认为因为它重新加载两次我松开$ _GET ['section']参数然后加载默认值“inc / section_restaurantes.php”

我需要帮助,我试图在互联网上找到解决方案,但我一无所获。

1 个答案:

答案 0 :(得分:1)

如果您使用的是PHP-SDK,则无需解析signed_request,因为它会为您解决这个问题。您只需要检索用户(getUser()),如果没有用户,则重定向到登录URL(请参阅example文件)。

这是一个更好的代码:

<?php
include ('src/facebook.php');
$app_id = "xxx";
$application_secret = 'xxx';
$canvas_page = "xxx";

$facebook = new Facebook(array(
    'appId'  => $app_id,
    'secret' => $application_secret
));

$user = $facebook->getUser();
if(!$user) {
    $loginUrl = $facebook->getLoginUrl(array(
        'redirect_uri' => $canvas_page,
        'scope' => 'publish_stream,offline_access'
    ));
    echo("<script> top.location.href='" . $loginUrl . "'</script>");
    exit;
}

$_SESSION['on'] = 1;
$files = array();
$files['RE'] = 'xxx.php';
$files['RC'] = 'yyy.php';
$files['DP'] = 'zzz.php';
try {
    $me = $facebook->api('/me');
} catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" xmlns:fb="https://www.facebook.com/2008/fbml">
<link rel="stylesheet" href="css/style.css" type="text/css">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta property="og:title" content="title" />
<meta property="og:description" content="description" />
<meta property="og:image" content="thumbnail_image" />
</head>
<body>
    <div class="wrapper">
        <?php include("inc/app_header.php");?>
        <div class="content">
        <?php 
            if(isset($_GET['section'])) 
            {
                $file_to_include = 'inc/'.$files[$_GET['section']];
            }
            else 
            {
                $file_to_include = 'inc/section_restaurantes.php';
            }

            include($file_to_include);
        ?>  
            <div class="content_bottom_space"></div>
        </div>
        <div class="footer">
        </div>
    </div>
</body>
</html>

现在您的餐厅部分,我会链接到父文件:

<div class="section_restaurantes">
    <div class="restaurantes_container">
        <div class="restaurantes"><a href="<?php echo $canvas_page; ?>?section=DP" target="_top"></a></div>
        <div class="restaurantes"><a href="<?php echo $canvas_page; ?>?section=PH" target="_top"></a></div>
    </div>
</div>

假设您的$canvas_page是预定目的地。

相关问题
最新问题