Question

我正在开发一个基本上将在Kiosk中运行的应用程序，关键是允许用户在公司工作时能够登录到Facebook并在登录后发布消息说他们在那里之后他们会获得优惠券。

问题出现了，在他们登录然后注销后，下一个用他们的帐户登录的人最终以上一个用户的身份发布，这继续为adnauseum。

获得优惠券后，脚本会在15秒后自动将其注销，并将应用程序返回到主屏幕以供下一位用户使用。当他们登录时，他们能够做到这一点，将它们返回到要求发布权限的页面，但它会提取所有以前的用户信息。这是在发送到登录facebook后在页面中调用的代码。

<?php
//include the Facebook PHP SDK
include_once 'couponGenerator/facebook.php';

//start the session if necessary
if( session_id() ) {

} else {
session_start();
}

//instantiate the Facebook library with the APP ID and APP SECRET
 $facebook = new Facebook(array(
'appId' => '00000000000',
'secret' => '000000000000000000000',
'cookie' => true,
'status' => true,
'oath' => true
));

$access_token = $facebook->getAccessToken();
$_SESSION['active'][$access_token];
//get the news feed of the active page using the page's access token
$page_feed = $facebook->api(
'/me/feed',
'GET',
array(
    'access_token' => $_SESSION['active']['access_token']
)
);
$fbuser = $facebook->api('/me');
//var_dump($page_feed); exit;
?>

我在删除facebook cookies和会话的主页上尝试了这个并没有解决任何问题，我只想弄清楚我做错了什么，并且非常欢迎任何建议。

$facebook->destroySession();
$facebook->_killFacebookCookies();

 public function _killFacebookCookies() 
{ 
    // get your api key 
    $apiKey = $this->getAppId();
    // get name of the cookie 
    $cookie = $this->getSignedRequestCookieName();

    $cookies = array('user', 'session_key', 'expires', 'ss'); 
    foreach ($cookies as $name)  
    { 
        setcookie($apiKey . '_' . $name, false, time() - 3600); 
        unset($_COOKIE[$apiKey . '_' . $name]); 
    } 

    setcookie($apiKey, false, time() - 3600); 
    unset($_COOKIE[$apiKey]);
    $this->clearAllPersistentData();
    }

这是更新的连接类 `

<?php
//include the Facebook PHP SDK
include_once 'facebook.php';

//instantiate the Facebook library with the APP ID and APP SECRET
$facebook = new Facebook(array(
    'appId' => '122628977190080',
    'secret' => '123123123123123123123123',
    'cookie' => true
));
    $access_token = $facebook->getAccessToken();
    unset ($_SESSION['active'][$access_token]); 
    session_unregister ($_SESSION['active'][$access_token]); 
//Get the FB UID of the currently logged in user
$user = $facebook->getUser();

//if the user has already allowed the application, you'll be able to get his/her FB UID
if($user) {
    //start the session if needed
    if( session_id() ) {

    } else {
        session_start();
    }

    //do stuff when already logged in

    //get the user's access token
    $access_token = $facebook->getAccessToken();

    //check permissions list
    $permissions_list = $facebook->api(
        '/me/permissions',
        'GET',
        array(
            'access_token' => $access_token
        )
    );

    //check if the permissions we need have been allowed by the user
    //if not then redirect them again to facebook's permissions page
    $permissions_needed = array('publish_stream', 'email');
    foreach($permissions_needed as $perm) {
        if( !isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1 ) {
            $login_url_params = array(
                'scope' => 'publish_stream,email',
                'fbconnect' =>  1,
                'display'   =>  "page",
                'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
            );
            $login_url = $facebook->getLoginUrl($login_url_params);
            header("Location: {$login_url}");
            exit();
        }
    }

    //if the user has allowed all the permissions we need,
    //get the information about the pages that he or she managers
    $accounts = $facebook->api(
        '/me/accounts',
        'GET',
        array(
            'access_token' => $access_token
        )
    );

    //save the information inside the session
    $_SESSION['access_token'] = $access_token;
    $_SESSION['accounts'] = $accounts['data'];
    //save the first page as the default active page
    $_SESSION['active'] = $accounts['data'][0];

    //redirect to manage.php
    header('Location: ../facebook_result.php');
} else {
    //if not, let's redirect to the ALLOW page so we can get access
    //Create a login URL using the Facebook library's getLoginUrl() method
    $login_url_params = array(
        'scope' => 'read_stream,email',
        'fbconnect' =>  1,
        'display'   =>  "page",
        'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
    );
    $login_url = $facebook->getLoginUrl($login_url_params);

    //redirect to the login URL on facebook
    header("Location: {$login_url}");
    exit();
}

＆GT;`

在调用注销脚本后，我在主页上运行这段代码，看看是否所有内容都已设置。

<?php
        try {
    $uid = $facebook->getUser();
    $fbme = $facebook->api('/me');
    echo "$uid";
} catch (FacebookApiException $e) { 
    print_r($e);
}
        ?>

它给了我这个结果

FacebookApiException Object ( [result:protected] => 
Array ( [error] => Array ( [message] => 
An active access token must be used to query information about the current user. 
[type] => OAuthException [code] => 2500 ) ) 
[message:protected] => An active access token must be 
used to query information about the current user. 
[string:private] => [code:protected] => 0 [file:protected] =>
/home/m3dev/public_html/couponsite/couponGenerator/base_facebook.php 

[line:protected] => 1046 [trace:private] => Array ( [0] => Array ( [file] =>   /home/m3dev/public_html/couponsite/couponGenerator/base_facebook.php [line] => 751 [function] => throwAPIException [class] => BaseFacebook [type] => -> [args] => Array ( [0] => Array ( [error] => Array ( [message] => An active access token must be used to query information about the current user. [type] => OAuthException [code] => 2500 ) ) ) ) [1] => Array ( [function] => _graph [class] => BaseFacebook [type] => -> [args] => Array ( [0] => /me ) ) [2] => Array ( [file] => /home/m3dev/public_html/couponsite/couponGenerator/base_facebook.php [line] => 560 [function] => call_user_func_array [args] => Array ( [0] => Array ( [0] => Facebook Object ( [appId:protected] => 162628977190080 [apiSecret:protected] => **SECRET KEY REMOVED ** [user:protected] => 0 [signedRequest:protected] => Array ( [algorithm] => HMAC-SHA256 [code] => 961628b1ca0354544541d58e.1-34319949|p3D3pSNoawlC1wBllhiN7zoEpJY [issued_at] => 1331218933 [user_id] => 34319949 ) [state:protected] => [accessToken:protected] => 162628977190080|**SECRET KEY REMOVED** [fileUploadSupport:protected] => ) [1] => _graph ) [1] => Array ( [0] => /me ) ) ) [3] => Array ( [file] => /home/m3dev/public_html/couponsite/index.php [line] => 71 [function] => api [class] => BaseFacebook [type] => -> [args] => Array ( [0] => /me ) ) ) )

Answer 1

您可能正在销毁Facebook会话，但您似乎并没有破坏自己的会话。

清除

$_SESSION['active'][$access_token];

Answer 2

您需要为每个用户强制Facebook Re-Authentication。

我不确定您使用的PHP API是否支持此功能，但OAuth对话框可以接收auth_type，当值reauthenticate时强制用户提供其凭据：

$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
            . $app_id . "&redirect_uri=" . urlencode($my_url) 
            . '&auth_type=reauthenticate&auth_nonce=' . $auth_nonce;

这也可以使用Javascript API。

facebook php api多个用户一台计算机强制注销

2 个答案: