douyan1903 2011-10-02 19:30
浏览 98
已采纳

我的Facebook应用程序中的OAuth 2.0问题

evertything was running fine in my facebook application until I upgraded it to OAuth 2.0, and im not sure if im doing everything right.

The thing is that I already made the OAuth dialog to work and when the user authorizes the app, it renders my app into the iFrame, but I am having trouble with my $_GETs[], let me explain:

Here's my index.php, which I use as the main page, while i just include() some file in a div called content, depending on the $_GET['section']:

    $app_id = "xxx";
$application_secret = 'xxx';
    $canvas_page = "xxx";
    $auth_url = "http://www.facebook.com/dialog/oauth?client_id=".$app_id. "&redirect_uri=".urlencode($canvas_page)."&scope=publish_stream,offline_access";

 //OAuth 2.0

    function parse_signed_request($signed_request, $secret) {

        list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

        // decode the data
        $sig = base64_url_decode($encoded_sig);
        $data = json_decode(base64_url_decode($payload), true);

        if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
            error_log('Unknown algorithm. Expected HMAC-SHA256');
            return null;
        }

        // check sig
        $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
        if ($sig !== $expected_sig) {
            error_log('Bad Signed JSON signature!');
            return null;
        }

        return $data;
    }

    function base64_url_decode($input) {
        return base64_decode(strtr($input, '-_', '+/'));
    }
//
$data = parse_signed_request($_REQUEST["signed_request"],$application_secret);

    if (empty($data["user_id"])) {
          echo("<script> top.location.href='" . $auth_url . "'</script>");
    } else {

    $_SESSION['on'] = 1;
    include ('src/facebook.php');

    $files = array();
    $files['RE'] = 'xxx.php';
    $files['RC'] = 'yyy.php';
    $files['DP'] = 'zzz.php';

    $facebook = new Facebook(array(
        'appId'  => $app_id,
        'secret' => $application_secret,
        'cookie' => true, 
        'perms' => 'publish_stream, offline_access',
        ));
    $_SESSION["access_token"] = $data["oauth_token"];
    $me = $facebook->api('/me?oauth_token='.$_SESSION["access_token"]);

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" xmlns:fb="https://www.facebook.com/2008/fbml">
    <link rel="stylesheet" href="css/style.css" type="text/css">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <meta http-equiv="Content-Style-Type" content="text/css">
    <meta property="og:title" content="title" />
    <meta property="og:description" content="description" />
    <meta property="og:image" content="thumbnail_image" />
    </head>
    <body>
        <div class="wrapper">
            <?php include("inc/app_header.php");?>
            <div class="content">
            <?php 
                if(isset($_GET['section'])) 
                {
                    $file_to_include = 'inc/'.$files[$_GET['section']];
                }
                else 
                {
                    $file_to_include = 'inc/section_restaurantes.php';
                }

                include($file_to_include);
            ?>  
                <div class="content_bottom_space"></div>
            </div>
            <div class="footer">
            </div>
        </div>
    </body>
    </html>
    <?php } ?>

and the code for section_restaurantes is:

    <div class="section_restaurantes">
        <div class="restaurantes_container">
            <div class="restaurantes"><a href="index.php?section=DP"></a></div>
            <div class="restaurantes"><a href="index.php?section=PH"></a></div>
        </div>
    </div>

The thing is that when I click in those divs all my browser is reloaded, the ?code= parameter in the url changes twice and it reloads again on section_restaurantes.php, instead of loading the DP section, I hope I'm clear.

I think because its reloading twice i loose the $_GET['section'] parameter and then it loads the default which is "inc/section_restaurantes.php"

I need help please, I've tried to find solutions on the internet but I found nothing.

  • 写回答

1条回答 默认 最新

  • duafagm1066 2011-10-02 20:29
    关注

    You don't need to parse the signed_request if you are using the PHP-SDK as it'll take care of that for you. You just need to retrieve the user (getUser()) and if no user, redirect to the login url (refer to the example file).

    Here is a better code: 

    <?php
include ('src/facebook.php');
$app_id = "xxx";
$application_secret = 'xxx';
$canvas_page = "xxx";

$facebook = new Facebook(array(
    'appId'  => $app_id,
    'secret' => $application_secret
));

$user = $facebook->getUser();
if(!$user) {
    $loginUrl = $facebook->getLoginUrl(array(
        'redirect_uri' => $canvas_page,
        'scope' => 'publish_stream,offline_access'
    ));
    echo("<script> top.location.href='" . $loginUrl . "'</script>");
    exit;
}

$_SESSION['on'] = 1;
$files = array();
$files['RE'] = 'xxx.php';
$files['RC'] = 'yyy.php';
$files['DP'] = 'zzz.php';
try {
    $me = $facebook->api('/me');
} catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" xmlns:fb="https://www.facebook.com/2008/fbml">
<link rel="stylesheet" href="css/style.css" type="text/css">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta property="og:title" content="title" />
<meta property="og:description" content="description" />
<meta property="og:image" content="thumbnail_image" />
</head>
<body>
    <div class="wrapper">
        <?php include("inc/app_header.php");?>
        <div class="content">
        <?php 
            if(isset($_GET['section'])) 
            {
                $file_to_include = 'inc/'.$files[$_GET['section']];
            }
            else 
            {
                $file_to_include = 'inc/section_restaurantes.php';
            }

            include($file_to_include);
        ?>  
            <div class="content_bottom_space"></div>
        </div>
        <div class="footer">
        </div>
    </div>
</body>
</html>

    Now for your restaurant section, I would link to the parent document: 

    <div class="section_restaurantes">
    <div class="restaurantes_container">
        <div class="restaurantes"><a href="<?php echo $canvas_page; ?>?section=DP" target="_top"></a></div>
        <div class="restaurantes"><a href="<?php echo $canvas_page; ?>?section=PH" target="_top"></a></div>
    </div>
</div>

    Assuming your $canvas_page is the intended destination.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的
  • ¥20 Cotex M3的调试和程序执行方式是什么样的?
  • ¥20 java项目连接sqlserver时报ssl相关错误
  • ¥15 一道python难题3
  • ¥15 牛顿斯科特系数表表示
  • ¥15 arduino 步进电机
  • ¥20 程序进入HardFault_Handler
  • ¥15 关于#python#的问题:自动化测试