浏览器重定向到Facebook外部,而不是重定向到iframe内部

时间:2012-03-18 20:11:43

标签: php facebook facebook-graph-api iframe

我刚刚创建了一个Facebook应用程序,这是我的第一次尝试,我完全关注了Facebook开发人员的文档,同时完成了所说的一切,我被困在这种奇怪的情况:

  1. 在我的应用验证过程中,该应用会将我的浏览器重定向到外部 将Facebook改为托管我网站的网站页面 在iframe中重定向它。我无法直接重定向到我的应用中的其他页面,也无法使用app namespace page
  2. 我无法从已签名的请求参数中检索user_id

    3. landhere.php的代码 

    <?php
    include ('src/facebook.php');
    $app_id = "*******";
    $app_secret = "*********";
    $redirect_uri = "http://myweb.com/myapp/landhere.php";
    //$redirect_uri = "http://appplatform.info/WFBRU/start.php";
    //$redirect_uri = "http://apps.facebook.com/wfbrumapp";

    $signed_request = $_REQUEST["signed_request"];
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);
    $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

    $id = $data["user_id"];
    $authorized_code = $_GET["code"];
    $oauth_token = $data["oauth_token"];
    $like_status = $data["page"]["liked"];
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";

    if (empty($authorized_code)) {
        echo "string";
        $_SESSION['state'] = md5(uniqid(rand(), TRUE));
        $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
        echo("<script> top.location.href='" . $dialog_url . "'</script>");
        //echo("<script> window.top.location='" . $dialog_url . "'</script>");
    } else {
        $authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
        $response = @file_get_contents($authenticate_url);
        $params = null;
        parse_str($response, $params);
        $access_token = $params['access_token'];

        $userId = $_POST["user_id"];
        echo $userId;
        if ($like_status) {
            echo "<form method=\"post\" action=\"start.php\" id=\"landingForm\">";
            echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
            echo "<input type=\"text\" name=\"oauth_token\" value=" . $oauth_token . " style=\"display: none\">";
            echo "</form>";
            echo "<script>document.forms['landingForm'].submit()</script>";
        } else {
            echo "<div class=\"likepage\">";
            echo("<b class=\"welcome\"></b><br/>");
            echo "</div>";
        }
    }
?>

    陷入无限循环: 

    if (!empty($_SESSION['access_token'])) {
    $signed_request = $_REQUEST["signed_request"];
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);
    $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

    $id = $data["user_id"];
    $authorized_code = $_GET["code"];
    $oauth_token = $data["oauth_token"];
    $like_status = $data["page"]["liked"];
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";
    if ($data["page"]["liked"]) {
        echo "<form method=\"post\" action=\"start.php\" id=\"landhereForm\">";
        echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
        echo "<input type=\"text\" name=\"oauth_token\" value=" . $oauth_token . " style=\"display: none\">";
        echo "</form>";
        echo "<script>document.forms['landhereForm'].submit()</script>";
    } else {
        echo "<div class=\"likepage\">";
        echo("<b class=\"welcome\"></b><br/>");
        echo "</div>";
    }
} else if (!empty($_GET["error"])) {
    echo "user hasn't authorized your app";
}else if (!empty($_GET["code"])) {
    $authorized_code = $_GET["code"];
    $authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" .    $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
    $response = @file_get_contents($authenticate_url);
    $params = null;
    parse_str($response, $params);
    $access_token = $params['access_token'];
    $_SESSION['access_token'] = $access_token;
    //header('Location: http://apps.facebook.com/myapp');
    header('Location: http://www.facebook.com/mypage/app_***********');
} else {
    echo "string";
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";
    $_SESSION['state'] = md5(uniqid(rand(), TRUE));
    $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
    echo("<script> top.location.href='" . $dialog_url . "'</script>");
    //echo("<script> window.top.location='" . $dialog_url . "'</script>");
}

2 个答案:

答案 0 :(得分:1)

是的,你错了很多。

您应该关注Authentication tutorial,它描述了所有步骤:

  1. 如果用户未经过身份验证,则在撰写时通过js脚本将其发送到auth对话框。

  2. Facebook重定向回您的网页,而不是iframe,这是主窗口的重定向。

  3. 如果用户拒绝了该应用,您将在GET数据中出现“error”,“error_reason”和“error_description”,请记住您当时不在facebook内。

  4. 如果用户授予了您的应用,请重定向到您的页面(在主窗口中),然后您应该使用活动访问令牌交换代码,然后将用户重定向到您的fb应用( http (一个或多个)://apps.facebook.com/YOUR-APP-NAME

  5. 当Facebook加载时,它会将您的应用加载到iframe中,然后您将获得已签名的请求,并且您可以显示您的画布页。

    6. 这是你的php代码的修改版本,其中一些是伪的,因为我不是一个php程序员。

    <?php
    include ('src/facebook.php');
    $app_id = "******";
    $app_secret = "******";

    if (access_token in session) {
        $signed_request = $_REQUEST["signed_request"];
        list($encoded_sig, $payload) = explode('.', $signed_request, 2);
        $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

        $id = $data["user_id"];
        $oauth_token = $data["oauth_token"];
        $like_status = $data["page"]["liked"];
        echo "<br>page id = $id";
        echo "<br>like status = $like_status";
        echo "<br>country = $oauth_token";
    } else if (error in get_data) {
        // user hasn't authorized your app
    } else if (code in get_data) {
        $authorized_code = $_GET["code"];
        $authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
        $response = @file_get_contents($authenticate_url);
        $params = null;
        parse_str($response, $params);
        $access_token = $params['access_token'];
        $_SESSION['access_token'] = $access_token;
        header('Location: http://apps.facebook.com/APP_NAME');
    } else {
        $redirect_uri = "http://myweb.com/myapp/landhere.php";
        echo "string";
        $_SESSION['state'] = md5(uniqid(rand(), TRUE));
        $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
        echo("<script> top.location.href='" . $dialog_url . "'</script>");
    }
?>

    它没有经过测试或其他任何东西,只是为了给你一个正确方向的推动。 希望这会有所帮助。

    修改

    第二段代码的修改版本:

    list($encoded_sig, $payload) = explode('.', $_REQUEST["signed_request"], 2);
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

$access_token = null;
if (!empty($_SESSION['access_token'])) {
    $access_token = $_SESSION['access_token'];
} else if (!empty($signed_request['oauth_token'])) {
    $access_token = $signed_request['oauth_token'];
}

if ($access_token != null) {
    $id = $access_token["user_id"];
    $authorized_code = $_GET["code"];
    $oauth_token = $access_token["oauth_token"];
    $like_status = $access_token["page"]["liked"];
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";
    if ($data["page"]["liked"]) {
        echo "<form method=\"post\" action=\"start.php\" id=\"landhereForm\">";
        echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
        echo "<input type=\"text\" name=\"oauth_token\" value=" . $access_token . " style=\"display: none\">";
        echo "</form>";
        echo "<script>document.forms['landhereForm'].submit()</script>";
    } else {
        echo "<div class=\"likepage\">";
        echo("<b class=\"welcome\"></b><br/>");
        echo "</div>";
    }
} else if (!empty($_GET["error"])) {
    echo "user hasn't authorized your app";
}else if (!empty($_GET["code"])) {
    $authorized_code = $_GET["code"];
    $authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" .    $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
    $response = @file_get_contents($authenticate_url);
    $params = null;
    parse_str($response, $params);
    $access_token = $params['access_token'];
    $_SESSION['access_token'] = $access_token;
    //header('Location: http://apps.facebook.com/myapp');
    header('Location: http://www.facebook.com/mypage/app_***********');
} else {
    echo "string";
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";
    $_SESSION['state'] = md5(uniqid(rand(), TRUE));
    $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
    echo("<script> top.location.href='" . $dialog_url . "'</script>");
    //echo("<script> window.top.location='" . $dialog_url . "'</script>");
}

答案 1 :(得分:0)

两件事:

1)$ redirect_uri应该指向你的Facebook应用程序,而不是你的网站

2)在javascript中,您应该检查“apps.facebook.com”是否位于顶部框架的网址中,如果没有,则执行重定向

if(top.location.href.indexOf("apps.facebook.com") > 0){
    top.location.href = YOUR_FACEBOOK_CANVAS_APP_URL;
}
相关问题
最新问题