facebook application redirect to authenticate page problem?_问答_开发者

facebook application redirect to authenticate page problem?

开发者 https://www.devze.com 2023-03-24 11:43 出处：网络

if $user is empty i want to redirect to authenticate page but i am seeing facebook logo and require click this logo else dont go to the auth开发者_如何学Centicate page.

This is my redirect code:

if($user)
{
      // code..
}
else
{
        $url = 'https://www.facebook.com/dialog/oauth?client_id=258561857493875&redirect_uri=http://apps.facebook.com/gunlukburcpaylas/&scope=email,read_stream,publish_stream,offline_access,user_birthday';
        header("location:".$url);
}

You can see from here my application.

(Sorry for my English. My first language is not English)

The Facebook API does not allow you to issue Redirect headers for the Authetication page. Heres the Authentication page I use, with the pieces relevant to only my page removed. If you put this code in, it will work, as I use it in production for my facebook application. It also implements CSRF protection. EDIT: I removed the APP_SECRET, because I doubt you need it.

<?php  
$valid = false;

define(APP_ID, "");
define(CHROMED_URL, "");//this is the facebook app url in the form http://apps.facebook.com/[app name]

$desired_perms = "";//place the permisions you want here
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=".APP_ID."&redirect_uri=".urlencode(CHROMED_URL)."&scope=".$desired_perms;

$signed_request = $_REQUEST["signed_request"];

list($encoded_sig, $payload) = explode('.', $signed_request, 2);

$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

if ( empty($data["user_id"])) {
    //The user is not logged in, or the user has not authorized the app
    //We start a session to maintain a marker variable for XSS attack detection
    //The auth url will log the user in AND acquire permissions if needed.
    $_SESSION['marker'] = md5(uniqid(rand(), TRUE)); //CSRF protection
    session_write_close();
    echo("<script> top.location.href='".$auth_url."&marker=".$_SESSION['marker']."'</script>");
} else {
    if ($_SESSION['marker'] == $_GET['marker']) {
        //The user is logged in, has given the app permission, and appears to be operating under the correct session
        //marker, which protects against XSS attacks. 

        //lets verify the datas algorithm as a precaution

        if ($data["algorithm"] != "HMAC-SHA256") {
            echo("<script> top.location.href='./error.php?id=1'</script>");
            exit;
        }
        $valid = true;

    } else {
        //This branch means the user is logged in, but that it appears they have been subjected to
        //an XSS attack.
        echo("<script> top.location.href='./error.php?id=2'</script>");
            exit;
    }

}
?>
<?php if($valid): ?>
<!-- PUT The HTML to embed your application here -->
<?php endif; ?>

Make sure you actually get into the else clause by outputting some text. That done, (having ensured that you actually land there), stop outputting text (otherwise, the header won't work) and try following command:

header('Location: '.$url);

Note the capital L and the space. Also, make sure that you are not outputting any text before, white-space characters like a space before <?php matter, too.

EDIT: you could also try the link you get when you call $facebook->getLoginURL(); as the $url, see the Facebook API example.

Try... but it is working when I click on the link.

$url = 'https://www.facebook.com/dialog/oauth?client_id=258561857493875&redirect_uri='.urlencode('http://apps.facebook.com/gunlukburcpaylas/').'&scope=email,read_stream,publish_stream,offline_access,user_birthday';