编辑:见图:http://trackauthoritymusic.com/wwwroot/images/fb-issue-bug.jpg。
到目前为止,我把这个漏洞放在一边,因为我的原发帖子 4月24日:....
试用n错误和研究已经有3天了:
我的环境: LAMP使用facebook sdk 3& CodeIgniter 2
登录代码:
$CI->load->library('facebook', array("appId"=>APP_ID, "secret"=>APP_SECRET));
$this->visitor['access_token'] = $CI->facebook->getAccessToken();
$fb_id = $CI->facebook->getUser();
var_dump($CI->facebook); // see picture above
var_dump($fb_id); // == 0
if ($fb_id && $fb_id > 0) {
$temp = $CI->users->getUserByFb($fb_id);
if (!$temp) {
$this->insertFBUser($fb_id);
$this->visitor['redirect'] = "?prompt=newfb";
} else {
$this->visitor = array_merge($this->visitor, $temp);
if (isset($this->visitor['user_allowed']) && $this->visitor['user_allowed'] == 0) {
$CI->users->updateUser(array("user_allowed" => 1), $this->visitor['user_id']);
}
}
} else {
array_push($this->errors, $CI->input->get_post("error_msg", false));
array_push($this->errors, $CI->input->get_post("error_code", false));
array_push($this->errors, $CI->input->get_post("error_reason", false));
array_push($this->errors, $CI->input->get_post("error", false));
array_push($this->errors, $CI->input->get_post("error_description", false));
if ($CI->input->get_post("autoclose", false) == true) {
array_push($this->errors, "javascript stackoverflow is encoding weird, but basically changes the hashtag of the pop-window, so the parent page automatically closes it");
}
var_dump($this->errors);
die("nada");
}
研究与发展调试:
这篇文章也描述了我的问题,但解决方案不起作用: stackoverflow.com/questions/8587098/suddenly-getuser-became-to-return-0-php-3-1- 1-sdk 在此页面的DROP_QUERY_PARAMS数组中包含或不包含尾随逗号。
Facebook在网址,帖子或会话中向我发送没有错误消息,并且我的页面正在刮我的
几天前一切正常,我对这段代码的改动很少。
无论我使用http还是https
弹出链接打开:
www.facebook.com/dialog/oauth?client_id=222912307731474&redirect_uri=https%3A%2F%2Ftrackauthoritymusic.com%2Fmanage%2Fusers%2Flogin%3Fautoclose%3Dtrue&state=4522cb9da5bf5107d690a22eee6c5a2e&scope=email&display=popup 而同时具有状态和代码参数显然有效的成功重定向到我的期望登录网址: trackauthoritymusic.com/manage/users/login?autoclose=true&state=4522cb9da5bf5107d690a22eee6c5a2e&code=AQBfSkI4y_VxhCuF3coVvNmjetdGZjugyFv0UsLlKt5sR5MEGdY8KqpDXZKvqHTGaSHhzY4pHXuR_zmilkwmoQ5y6M9jh15GPI6DXz5E2fSBizAVlrlebriNGcNZb4DRaDFK8cxPJoa9xB2ERuimtuizmlZERNa8hwJxLXtztqkWWhkLFCaGjQvAyyf5jJRkuoztmvfKDIZz3W9lslM6fk_m
但此时,sdk无法获取任何访问令牌或facebook会话数据。
请帮助!
答案 0 :(得分:0)
我通过在Facebook SDK中使用codeigniter的输入库来修复此问题,以获取代码/令牌以及所有$ _GET / $ _ POST / $ _ REQUEST全局变量。
在facebook sdk上查看git diff。我仍然不确定我做了什么来打破这个。 OAuth / Login WAS在某一点之前始终如一地工作。我确信这不仅仅是代码生成器偶尔清除全局的一些竞争条件
@@ -490,10 +490,11 @@
*/
public function getSignedRequest() {
if (!$this->signedRequest) {
- if (!empty($_REQUEST['signed_request'])) {
- $this->signedRequest = $this->parseSignedRequest(
- $_REQUEST['signed_request']);
- } elseif (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
+ $CI = & get_instance();
+ $signed_request = $CI->input->get_post("signed_request");
+ if (!empty($signed_request)) {
+ $this->signedRequest = $this->parseSignedRequest($signed_request);
+ } else if (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
$this->signedRequest = $this->parseSignedRequest(
$_COOKIE[$this->getSignedRequestCookieName()]);
}
@@ -691,15 +692,18 @@
protected function getCode() {
- if (isset($_REQUEST['code'])) {
- if ($this->state !== null &&
- isset($_REQUEST['state']) &&
- $this->state === $_REQUEST['state']) {
-
+ $CI = & get_instance();
+ $code = $CI->input->get_post("code");
+ if (!empty($code)) {
+ $state = $CI->input->get_post("state");
+ if ($this->state !== null && $state && $this->state === $state) {
// CSRF state has done its job, so clear it
$this->state = null;
$this->clearPersistentData('state');
- return $_REQUEST['code'];
+ return $code;
} else {
self::errorLog('CSRF state token does not match one provided.');
return false;
$params['access_token'] = $this->getAccessToken();
}