douyan1903 2011-10-02 19:30
浏览 98
已采纳

我的Facebook应用程序中的OAuth 2.0问题

evertything was running fine in my facebook application until I upgraded it to OAuth 2.0, and im not sure if im doing everything right.

The thing is that I already made the OAuth dialog to work and when the user authorizes the app, it renders my app into the iFrame, but I am having trouble with my $_GETs[], let me explain:

Here's my index.php, which I use as the main page, while i just include() some file in a div called content, depending on the $_GET['section']:

    $app_id = "xxx";
$application_secret = 'xxx';
    $canvas_page = "xxx";
    $auth_url = "http://www.facebook.com/dialog/oauth?client_id=".$app_id. "&redirect_uri=".urlencode($canvas_page)."&scope=publish_stream,offline_access";

 //OAuth 2.0

    function parse_signed_request($signed_request, $secret) {

        list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

        // decode the data
        $sig = base64_url_decode($encoded_sig);
        $data = json_decode(base64_url_decode($payload), true);

        if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
            error_log('Unknown algorithm. Expected HMAC-SHA256');
            return null;
        }

        // check sig
        $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
        if ($sig !== $expected_sig) {
            error_log('Bad Signed JSON signature!');
            return null;
        }

        return $data;
    }

    function base64_url_decode($input) {
        return base64_decode(strtr($input, '-_', '+/'));
    }
//
$data = parse_signed_request($_REQUEST["signed_request"],$application_secret);

    if (empty($data["user_id"])) {
          echo("<script> top.location.href='" . $auth_url . "'</script>");
    } else {

    $_SESSION['on'] = 1;
    include ('src/facebook.php');

    $files = array();
    $files['RE'] = 'xxx.php';
    $files['RC'] = 'yyy.php';
    $files['DP'] = 'zzz.php';

    $facebook = new Facebook(array(
        'appId'  => $app_id,
        'secret' => $application_secret,
        'cookie' => true, 
        'perms' => 'publish_stream, offline_access',
        ));
    $_SESSION["access_token"] = $data["oauth_token"];
    $me = $facebook->api('/me?oauth_token='.$_SESSION["access_token"]);

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" xmlns:fb="https://www.facebook.com/2008/fbml">
    <link rel="stylesheet" href="css/style.css" type="text/css">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <meta http-equiv="Content-Style-Type" content="text/css">
    <meta property="og:title" content="title" />
    <meta property="og:description" content="description" />
    <meta property="og:image" content="thumbnail_image" />
    </head>
    <body>
        <div class="wrapper">
            <?php include("inc/app_header.php");?>
            <div class="content">
            <?php 
                if(isset($_GET['section'])) 
                {
                    $file_to_include = 'inc/'.$files[$_GET['section']];
                }
                else 
                {
                    $file_to_include = 'inc/section_restaurantes.php';
                }

                include($file_to_include);
            ?>  
                <div class="content_bottom_space"></div>
            </div>
            <div class="footer">
            </div>
        </div>
    </body>
    </html>
    <?php } ?>

and the code for section_restaurantes is:

    <div class="section_restaurantes">
        <div class="restaurantes_container">
            <div class="restaurantes"><a href="index.php?section=DP"></a></div>
            <div class="restaurantes"><a href="index.php?section=PH"></a></div>
        </div>
    </div>

The thing is that when I click in those divs all my browser is reloaded, the ?code= parameter in the url changes twice and it reloads again on section_restaurantes.php, instead of loading the DP section, I hope I'm clear.

I think because its reloading twice i loose the $_GET['section'] parameter and then it loads the default which is "inc/section_restaurantes.php"

I need help please, I've tried to find solutions on the internet but I found nothing.

  • 写回答

1条回答 默认 最新

  • duafagm1066 2011-10-02 20:29
    关注

    You don't need to parse the signed_request if you are using the PHP-SDK as it'll take care of that for you. You just need to retrieve the user (getUser()) and if no user, redirect to the login url (refer to the example file).

    Here is a better code: 

    <?php
include ('src/facebook.php');
$app_id = "xxx";
$application_secret = 'xxx';
$canvas_page = "xxx";

$facebook = new Facebook(array(
    'appId'  => $app_id,
    'secret' => $application_secret
));

$user = $facebook->getUser();
if(!$user) {
    $loginUrl = $facebook->getLoginUrl(array(
        'redirect_uri' => $canvas_page,
        'scope' => 'publish_stream,offline_access'
    ));
    echo("<script> top.location.href='" . $loginUrl . "'</script>");
    exit;
}

$_SESSION['on'] = 1;
$files = array();
$files['RE'] = 'xxx.php';
$files['RC'] = 'yyy.php';
$files['DP'] = 'zzz.php';
try {
    $me = $facebook->api('/me');
} catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" xmlns:fb="https://www.facebook.com/2008/fbml">
<link rel="stylesheet" href="css/style.css" type="text/css">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta property="og:title" content="title" />
<meta property="og:description" content="description" />
<meta property="og:image" content="thumbnail_image" />
</head>
<body>
    <div class="wrapper">
        <?php include("inc/app_header.php");?>
        <div class="content">
        <?php 
            if(isset($_GET['section'])) 
            {
                $file_to_include = 'inc/'.$files[$_GET['section']];
            }
            else 
            {
                $file_to_include = 'inc/section_restaurantes.php';
            }

            include($file_to_include);
        ?>  
            <div class="content_bottom_space"></div>
        </div>
        <div class="footer">
        </div>
    </div>
</body>
</html>

    Now for your restaurant section, I would link to the parent document: 

    <div class="section_restaurantes">
    <div class="restaurantes_container">
        <div class="restaurantes"><a href="<?php echo $canvas_page; ?>?section=DP" target="_top"></a></div>
        <div class="restaurantes"><a href="<?php echo $canvas_page; ?>?section=PH" target="_top"></a></div>
    </div>
</div>

    Assuming your $canvas_page is the intended destination.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法
  • ¥15 可否在不同线程中调用封装数据库操作的类
  • ¥15 微带串馈天线阵列每个阵元宽度计算
  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据