垃圾访问使用Facebook登录

Question

我正在使用oauth登录facebook。有时候我会在accessToken

中获得正确的accessToken或者某种垃圾值

{"source":"uni","s":"s","p":{"z":"0","c":"0","i":"287"},"r":  {"z":"1","c":"15239"},"node_id":"23.57.77.12"}. 

因为我的下一次图形API请求失败。那是什么东西，我该如何处理？

我有多个域名。 www.example.com，www.example12.com，www.example22.com等。 我在facebook上为www.example.com创建了应用程序，并使用window.postmessage将其用于所有域名：

homepage.php（当用户点击Facebook登录按钮时）：

       if(!window.addEventListener){
            window.attachEvent("onclick", processFacebookLogin);
        }
        else{
            window.addEventListener("message", processFacebookLogin, false);
        }

        var width = 500;
        var height = 500;

        var left = ((window.innerWidth / 2) - (width / 2)) + window.screenLeft;
        var top = ((window.innerHeight / 2) - (height / 2)) + window.screenTop;

        winObj = window.open("http://www.example.com/fb-login?currentDomain=www.example12.com", "fbwindow", "height="+width+",width="+height+",top="+top+",left="+left);

        function processFacebookLogin(e) {
            winObj.close();
            if(e.data != "error" && e.data != "missing_param"){
                accessToken = e.data;
                $.ajax({
                    async: false,
                    url: "UrlToProcessFacebookLogin",
                    type: "POST",
                    dataType: "json",
                    data: 
                    {
                        "medium" :"facebook",
                        "accessToken" : accessToken
                    },
                    success: function(data)
                    {   
                        //redirect to some another url
                    }
                });
            }
        }

子窗口url页面包含以下代码fbLoginController.php： 上面的window.open包含fbLoginController的indexAction url（我使用的是Zend Framework）：

public function indexAction()
{
    $communityDomain = preg_replace('#^https?://#', '', $_GET['community']);

    $fbLoginUrl = "https://www.facebook.com/v1.0/dialog/oauth?client_id=FbAppClientId&scope=AllRequiredScopes&auth_type=rerequest&return_scopes=true&display=popup&redirect_uri=http://www.example.com/fb-login/fb-response?community=".$communityDomain;

        $this->_redirect($fbLoginUrl);

    exit;
}

public function fbResponseAction()
{
    $arrParams  = $this->_getAllParams();

    $code = $arrParams['code'];
    $communityDomain = $arrParams['community'];
    $grantedScopes = $arrParams['granted_scopes'];
    $error = $arrParams['error'];

    if(!empty($error))
    {
        echo "<script>window.opener.postMessage('error', 'http://".$communityDomain."');</script>";
        exit;
    }

    if(empty($communityDomain) || empty($grantedScopes))
    {
        echo "<script>window.opener.postMessage('missing_param', 'http://".$communityDomain."');</script>";
        exit;
    }

    $curlUrl = "https://graph.facebook.com/v1.0/oauth/access_token?client_id=FbAppClientId&client_secret=FbAppClientSecret&code=" . $code . "&redirect_uri=http://www.example.com/fb-login/fb-response?community=" . $communityDomain;


    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL, $curlUrl);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_NOSIGNAL, 1);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,10);
    curl_setopt($ch, CURLOPT_TIMEOUT_MS, 5000);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
    curl_setopt($ch, CURLOPT_ENCODING, "");
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    curl_setopt($ch, CURLOPT_DNS_USE_GLOBAL_CACHE, 0);
    curl_setopt($ch, CURLOPT_POST, 0);

    $curlResponse   = curl_exec($ch);
    $curlError      = curl_error($ch);

    curl_close($ch);

    parse_str($curlResponse,$parsedStr);

    echo "<script>window.opener.postMessage('".$parsedStr['access_token']."', 'http://".$communityDomain."');</script>";

    exit;
}

为了正确理解我已将每一行代码放在这个问题中。