Facebook应用程序重定向验证页面问题?

时间:2011-08-02 17:07:47

标签: php facebook api authentication

如果$ user为空我想重定向到身份验证页面但我看到facebook徽标并要求点击此徽标否则不要进入身份验证页面。

这是我的重定向代码:

if($user)
{
      // code..
}
else
{
        $url = 'https://www.facebook.com/dialog/oauth?client_id=258561857493875&redirect_uri=http://apps.facebook.com/gunlukburcpaylas/&scope=email,read_stream,publish_stream,offline_access,user_birthday';
        header("location:".$url);
}

您可以从 here 我的应用程序中看到。

(抱歉我的英语。我的第一语言不是英语)

3 个答案:

答案 0 :(得分:4)

Facebook API不允许您为“身份验证”页面发出重定向标头。这是我使用的身份验证页面,其中只删除了与我的页面相关的部分。如果你把这段代码放进去,它就会起作用,因为我在我的facebook应用程序的生产中使用它。它还实现了CSRF保护。 编辑:我删除了APP_SECRET,因为我怀疑你是否需要它。

<?php  
$valid = false;

define(APP_ID, "");
define(CHROMED_URL, "");//this is the facebook app url in the form http://apps.facebook.com/[app name]

$desired_perms = "";//place the permisions you want here
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=".APP_ID."&redirect_uri=".urlencode(CHROMED_URL)."&scope=".$desired_perms;

$signed_request = $_REQUEST["signed_request"];

list($encoded_sig, $payload) = explode('.', $signed_request, 2);

$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

if ( empty($data["user_id"])) {
    //The user is not logged in, or the user has not authorized the app
    //We start a session to maintain a marker variable for XSS attack detection
    //The auth url will log the user in AND acquire permissions if needed.
    $_SESSION['marker'] = md5(uniqid(rand(), TRUE)); //CSRF protection
    session_write_close();
    echo("<script> top.location.href='".$auth_url."&marker=".$_SESSION['marker']."'</script>");
} else {
    if ($_SESSION['marker'] == $_GET['marker']) {
        //The user is logged in, has given the app permission, and appears to be operating under the correct session
        //marker, which protects against XSS attacks. 

        //lets verify the datas algorithm as a precaution

        if ($data["algorithm"] != "HMAC-SHA256") {
            echo("<script> top.location.href='./error.php?id=1'</script>");
            exit;
        }
        $valid = true;

    } else {
        //This branch means the user is logged in, but that it appears they have been subjected to
        //an XSS attack.
        echo("<script> top.location.href='./error.php?id=2'</script>");
            exit;
    }

}
?>
<?php if($valid): ?>
<!-- PUT The HTML to embed your application here -->
<?php endif; ?>

答案 1 :(得分:0)

确保通过输出一些文本来实际进入else子句。完成后,(确保你确实落在那里),停止输出文本(否则,标题将无法工作)并尝试执行以下命令:

header('Location: '.$url);

注意大写L和空格。另外,请确保您没有在之前输出任何文本,像<?php之前的空格一样输出空白字符。

编辑:您也可以尝试将$facebook->getLoginURL();作为$ url调用时获得的链接,请参阅Facebook API example

答案 2 :(得分:0)

尝试...但是当我点击链接时它正在工作。

$url = 'https://www.facebook.com/dialog/oauth?client_id=258561857493875&redirect_uri='.urlencode('http://apps.facebook.com/gunlukburcpaylas/').'&scope=email,read_stream,publish_stream,offline_access,user_birthday';
相关问题
最新问题