这里的小问题 我想创建一个小的fb应用程序,为页面管理员和用户显示不同的视图,页面管理员可以将html添加到应用程序并将应用程序包含在他们的页面中(有点像旧的fbml应用程序)。
但问题是当我对应用进行身份验证时,它会从页面标签跳转到其应用页面。
我需要访问以下内容
[page] => stdClass Object
(
[id] => FAN_PAGE_ID
[liked] => 1
[admin] =>
)
为此我需要在验证时在fb页面选项卡中。怎么样 ? :(
我在这里发布我当前的代码。
请帮帮我。
ob_start();
$app_id = "----------";
$app_secret = "-----------------";
include_once 'src/facebook.php';
$my_url = "http://apps.facebook.com/-----beta/index.php";
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
));
session_start();
$code = $_REQUEST["code"];
//echo $code . "</br>";
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&display=popup&scope=manage_pages,email&redirect_uri=" . urlencode($my_url) . "&state=" . $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?" . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=" . $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
//echo $_REQUEST['signed_request'];echo "<hr>";
//var_dump($user);
$signedRequest = $facebook->getSignedRequest();
$appData = array();
if (!empty($signedRequest) && !empty($signedRequest['page'])) {
$appData = json_decode($signedRequest['page'], true);
}
var_dump($appData); echo "<hr>";
var_dump(parse_signed_request($_REQUEST['signed_request'] , $app_secret));
echo("<hr>Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
答案 0 :(得分:0)
我在选项卡中使用此脚本:
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
return null;
}
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$signed_request = $_REQUEST['signed_request'];
$secret = $app_secret;
$getdata = parse_signed_request($signed_request, $secret);
$fanpage = $getdata['page'];
$page_id = $fanpage['id']; // GET THE PAGE ID
$is_fan = $fanpage['liked']; // 0 if its not fan, 1 if its fan
$is_admin = $fanpage['admin']; //1 if user is admin of page. 0 if not
if($page_id){
//if app is tab
if($is_admin){
//if user is admin
}
if($is_fan){
//I am fan
}else{
// I am not a fan
}
}