Im creating a Facebook app using PHP-SDK.
In order to find a user's uid I do:
index.php
file
$user_id = $facebook->getUser();
if($user_id == 0) // not logged in user
{
// do stuff to log in user and get the current user id
}开发者_Python百科
Inside index.php
file I have the following jQuery code:
var get_url =
'do_stuff.php?id=' + <?php echo $user_id; ?> + '&field1=' + field1 + '&field2='+ field2;
$.get(get_url, function(data) {
alert("data: " + data);
});
do_stuff.php
inserts data on my MySQL database based on field1
and field2
. I want to be sure that the data inserted are really from user with $user_id
. And not just somebody who did a fake request like:
http://myapp.com/do_stuff.php?id=fake_user_id&field1=...&field2=...
So, I added the $user_id = $facebook->getUser();
at do_stuff.php
but instead of returning the current user id (which is visible at index.php
), it returns 0
which means no user is logged in. Why is this?
How I can fix it? So I will be sure that the data inserted on my MySQL database are from a real user and not a fake one?
This is because as far as do_stuff.php is concerned, no one is logged in. You probably need to look at capturing the access token and using that in do_stuff.php.
精彩评论