我使用Facebook PHP-SDK允许用户通过Facebook登录。但是我看到继续得到这个跨站点请求伪造错误,我似乎无法解决。我的应用程序已正确设置,但State和Sesison State键永远不匹配。我创建了一个处理登录的FBlink.class,代码如下:
error_reporting(E_ALL);
ini_set('display_errors', 1);
require_once __DIR__ . '/src/Facebook/autoload.php';
$fb = new app\src\Facebook\Facebook([
'app_id' => '*', //(Ive hidden this info)
'app_secret' => '*',
'default_graph_version' => '*',
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email']; // optional
try {
if (isset($_SESSION['facebook_access_token'])) {
$accessToken = $_SESSION['facebook_access_token'];
} else {
$accessToken = $helper->getAccessToken();
}
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (isset($accessToken)) {
if (isset($_SESSION['facebook_access_token'])) {
$fb->setDefaultAccessToken($_SESSION['facebook_access_token']);
} else {
// getting short-lived access token
$_SESSION['facebook_access_token'] = (string) $accessToken;
// OAuth 2.0 client handler
$oAuth2Client = $fb->getOAuth2Client();
// Exchanges a short-lived access token for a long-lived one
$longLivedAccessToken = $oAuth2Client->getLongLivedAccessToken($_SESSION['facebook_access_token']);
$_SESSION['facebook_access_token'] = (string) $longLivedAccessToken;
// setting default access token to be used in script
$fb->setDefaultAccessToken($_SESSION['facebook_access_token']);
}
// redirect the user back to the same page if it has "code" GET variable
if (isset($_GET['code'])) {
header('Location: ./');
}
// getting basic info about user
try {
$profile_request = $fb->get('/me?fields=name,first_name,last_name,email');
$profile = $profile_request->getGraphNode()->asArray();
print_r($profile);
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
session_destroy();
// redirecting user back to app login page
header("Location: ./");
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
// printing $profile array on the screen which holds the basic info about user
// Now you can redirect to another page and use the access token from $_SESSION['facebook_access_token']
} else {
// replace your website URL same as added in the developers.facebook.com/apps e.g. if you used http instead of https and you used non-www version or www version of your website then you must add the same here
$loginUrl = $helper->getLoginUrl('**', $permissions);
echo '<a href="' . $loginUrl . '">Log in with Facebook!</a>';
}
我只是将此文件包含在我的index.php中,以便现在运行。验证CSRF功能如下:
protected function validateCsrf()
{
$state = $this->getState();
$savedState = $this->persistentDataHandler->get('state');
echo 'STATE: '. $state;
echo 'SAVED STATE: '. $savedState;
if (!$state || !$savedState) {
throw new FacebookSDKException('Cross-site request forgery validation failed. Required param "state" missing.');
}
$savedLen = strlen($savedState);
$givenLen = strlen($state);
if ($savedLen !== $givenLen) {
throw new FacebookSDKException('Cross-site request forgery validation failed. The "state" param from the URL and session do not match.');
}
$result = 0;
for ($i = 0; $i < $savedLen; $i++) {
$result |= ord($state[$i]) ^ ord($savedState[$i]);
}
if ($result !== 0) {
throw new FacebookSDKException('Cross-site request forgery validation failed. The "state" param from the URL and session do not match.');
}
}
我收到的错误是:
致命错误:未捕获的异常&#39; app \ src \ Facebook \ Exceptions \ FacebookSDKException&#39;消息&#39;跨站点请求伪造验证失败。 &#34;州&#34; URL和会话中的参数不匹配。&#39;在/var/www/html/app/src/Facebook/Helpers/FacebookRedirectLoginHelper.php:263堆栈跟踪:#0 /var/www/html/app/src/Facebook/Helpers/FacebookRedirectLoginHelper.php(225):app \ src \ Facebook \ Helpers \ FacebookRedirectLoginHelper-&gt; validateCsrf()#1 /var/www/html/app/FBlink.php(21):app \ src \ Facebook \ Helpers \ FacebookRedirectLoginHelper-&gt; getAccessToken()#2 / var /www/html/index.php(7):在/ var / www / html / app /中抛出require_once(&#39; / var / www / html / a ...&#39;)#3 {main}第263行的src / Facebook / Helpers / FacebookRedirectLoginHelper.php
有人可以向我指出为什么会发生这种情况吗?如果需要更多代码,我很乐意再添加一些代码。 感谢