如何设置manage_pages权限到特定的Facebook页面?

时间:2012-03-19 11:53:10

标签: php facebook-graph-api

我如何才能将应用程序的manage_pages权限设置为特定页面。现在我的应用程序获得管理fb用户的所有页面的权限..我如何限制此权限并获得仅访问特定页面的权限?

我使用的是一种简单的身份验证方法。

$app_id     = 'xxxxxxxxxxxxx';
$app_secret = 'xxxxxxxxxxxxxxxx';
$my_url     = 'http://xxxxxxxxxxx.com/xxxx/facebook?client=params';

$code        = $_REQUEST["code"];

//auth user
if(empty($code)) {
$dialog_url = 'https://www.facebook.com/dialog/oauth?client_id=' 
                . $app_id . '&redirect_uri=' . urlencode($my_url).'&scope=offline_access,read_stream,publish_stream,manage_pages';
                echo("<script>top.location.href='" . $dialog_url . "'</script>");
            }

//get user access_token
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id='
            . $app_id . '&redirect_uri=' . urlencode($my_url) 
            . '&client_secret=' . $app_secret 
            . '&code=' . $code;
$access_token = file_get_contents($token_url);


am using the above code for authentication. when i try to print the $_REQUEST params, i couldnt find any variable names 'signed_request'.  is any other method can we use with the above code..??

2 个答案:

答案 0 :(得分:2)

不幸的是,这是不可能的。很烦人但很好..这是facebook所以没有别的期待。

答案 1 :(得分:0)

你应该从你这边做。 Facebook会在signed_request向您发送页面ID,以便您验证页面并显示/禁用内容:

<?php
if(!empty($_REQUEST["signed_request"])) {
    $app_secret = "APP_SECRET";
    $data = parse_signed_request($_REQUEST["signed_request"], $app_secret);

    if (isset($data["page"])) {
        echo $data["page"]["id"];
    } else {
        echo "Not in a page";
    }
}

function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }

    return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}

此代码取自this回答。只需检查$data["page"]["id"]与您想要的那个。