Facebook身份验证会为少数用户引发错误

时间:2011-11-04 23:51:56

标签: php facebook facebook-graph-api facebook-php-sdk oauth-2.0

我正在与一个团队合作建立一个Facebook游戏。对于团队中的一个人来说,它会抛出错误而不会得到他的id或数据。它适用于已经测试的其他人,约20人。

引发的错误:

Warning: file_get_contents(https://graph.facebook.com/oauth/access_token?
client_id=165114483572553&redirect_uri=http%3A%2F%2Fapps.facebook.com%2F
(*INSERT APP*)%2F&client_secret=(*SECRET_CODE*)&code=AQBnvIjs0jaUnoUKkjsh3K7G7JK
QYMrIx525Jn6jYmDtWS74nEa_TTZf6e4p7jPadyjaS9t-M_GXGFFg_K8r6MZtUdWr4C6MRUR6p
COgqN5YqWXNVqlbyfmFJcrKlsu2D4oUQ4YkKNIDw-vaij4s_dliKnzndJwFs7i0
gL2J5a3229fgdCkU2Jps8YnKNMUsD-A) 
[function.file-get-contents ((*INSERT SECURE URL*))]: failed to open stream: 
HTTP request failed! HTTP/1.0 400 Bad Request in (*URL/*)game/index.php on line 24

Warning: file_get_contents(https://graph.facebook.com/me?access_token=) 
[function.file-get-contents ((SECURE_URL)/game/function.file-get-contents)]: 
failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request in 
(SECURE_URL)/game/index.php on line 31

编辑:我忘记发布的代码。

EDIT2:删除旧代码。添加了更新的代码和更多详细信息。 

<?php
    $app_id = "(ID)";
    $canvas_page = "https://apps.facebook.com/(APP)/";
    $signed_request = $_REQUEST["signed_request"];
    $auth_url = GetCH();

    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

    $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);  

    if (empty($data["user_id"])) 
    {
        echo("<script> top.location.href='" . $auth_url . "'</script>");
    } 
    else 
    {
        include_once 'game.php';
    }

    function GetCH()
    {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "https://www.facebook.com/dialog/oauth?client_id={appd_id}&redirect_uri={$canvas_page}");
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
        curl_setopt($ch,CURLOPT_CONNECTTIMEOUT_MS,20000);
        if(substr($url,0,8)=='https://')
        {
            curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY);
            curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
        }
        $sendCH = curl_exec($ch);
        curl_close($ch);
        return $sendCH;
    }

这是我的索引页面。 Facebook会在有人打开应用时加载此功能。从这里我包括具有背景和swf文件的game.php。 SWF调用database.php将其信息加载到游戏中。 saveplayer.php保存游戏。这可能和database.php有关,因为我也遇到了麻烦。

编辑3: database.php中

<?php

    error_log("database");
    include 'src/facebook.php';
    $facebook = new Facebook(array(
        'appId'  => '165114483572553',
        'secret' => 'c65114e7dbc8b1eeed9f6535c1aee888',
    ));

    try
    {
        $user = $facebook->getUser();
        $user_profile = $facebook->api('/me');  
    }

    catch (FacebookApiException $e) 
    {
        error_log($e);
            $user = null;
        }

    try 
        {
                //$friends = $facebook->api('/me/friends');
                mysql_connect("localhost", "(USER)", "(PASS)") or die("Could not connect");
            mysql_select_db("stus_zombies") or die("Could not select database");

            $query = mysql_query("SELECT * FROM users WHERE facebook_id = " . $user_profile[id]);  
            $result = mysql_fetch_array($query);

            if(empty($result))
            { 
                $addInfo = mysql_query("INSERT INTO users (first_name, last_name, facebook_id) 
                VALUES ('{$user_profile['first_name']}','{$user_profile['last_name']}','{$user_profile['id']}')");  
                    $addInfo = mysql_query("SELECT * FROM users WHERE id = " . mysql_insert_id());  

                $query = mysql_query("INSERT INTO players (facebook_id, coins, health, stamina, xp)
                VALUES ('{$user_profile['id']}','0','25','25','0')");
            }

            $checkProgress = mysql_query("SELECT * FROM players WHERE facebook_id = " . $user_profile[id]);
            $playerCheck = mysql_fetch_array($checkProgress);

            $playerInfo = array(
            first_name => $user_profile[first_name],
                last_name => $user_profile[last_name],
                facebook_id => $user_profile[id], 
                coins => $playerCheck[coins],
            health => $playerCheck[health],
            stamina => $playerCheck[stamina],
            xp => $playerCheck[xp],); 

            echo json_encode($playerInfo);
    }

    catch (FacebookApiException $e) 
    {
        error_log($e);
            $user = null;
        }

1 个答案:

答案 0 :(得分:1)

正如暴徒所说,你应该使用curl来检索你的应用程序的访问令牌。我使用以下方法。这可能无法解决您的用户的问题,我会让用户重新进行身份验证,但它将解决在发生错误时暴露您的应用程序秘密的问题。

  

添加到网址时,只需要包含/?app_access_token   acess_token = ############。

function GetCH(){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/oauth/access_token?client_id={app_id}&client_secret={secret}&grant_type=client_credentials");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT_MS,20000);
if(substr($url,0,8)=='https://'){
    // The following ensures SSL always works. A little detail:
    // SSL does two things at once:
    //  1. it encrypts communication
    //  2. it ensures the target party is who it claims to be.
    // In short, if the following code is allowed, CURL won't check if the 
    // certificate is known and valid, however, it still encrypts communication.
    curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY);
    curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
}
$sendCH = curl_exec($ch);
curl_close($ch);
return $sendCH;
};
$app_access_token = GetCH();
相关问题
最新问题