分享程序员开发的那些事...
更新时间:2023-12-05 21:44:58
卷曲以检索您的应用的访问令牌。我使用以下方法。这可能无法解决您的用户的问题,我会让用户重新认证,但它会解决在发生错误时暴露您的应用程序的秘密的问题。
添加到所有您需要的URL是/?app_access_token它包括
acess_token = ####### #####。
函数GetCH(){
$ ch = curl_init();
curl_setopt($ ch,CURLOPT_URL,https://graph.facebook.com/oauth/access_token?client_id={app_id}&client_secret={secret}&grant_type=client_credentials);
curl_setopt($ ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ ch,CURLOPT_USERAGENT,$ _SERVER ['HTTP_USER_AGENT']);
curl_setopt($ ch,CURLOPT_CONNECTTIMEOUT_MS,20000);
if(substr($ url,0,8)=='https://'){
//以下内容确保SSL始终可以工作。一点细节:
// SSL同时执行两件事:
// 1.它加密通信
// 2.它确保目标方是谁宣称的。
//简而言之,如果允许以下代码,CURL将不会检查
//证书是否已知且有效,但是它仍然会加密通信。
curl_setopt($ ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY);
curl_setopt($ ch,CURLOPT_SSL_VERIFYPEER,false);
}
$ sendCH = curl_exec($ ch);
curl_close($ ch);
return $ sendCH;
};
$ app_access_token = GetCH();
I am working with a team to build a Facebook game. For one of the people on the team, it will throw errors and not get his id or data. It works for everyone else that has tested, ~20 people.
The error that is thrown:
Warning: file_get_contents(https://graph.facebook.com/oauth/access_token?
client_id=165114483572553&redirect_uri=http%3A%2F%2Fapps.facebook.com%2F
(*INSERT APP*)%2F&client_secret=(*SECRET_CODE*)&code=AQBnvIjs0jaUnoUKkjsh3K7G7JK
QYMrIx525Jn6jYmDtWS74nEa_TTZf6e4p7jPadyjaS9t-M_GXGFFg_K8r6MZtUdWr4C6MRUR6p
COgqN5YqWXNVqlbyfmFJcrKlsu2D4oUQ4YkKNIDw-vaij4s_dliKnzndJwFs7i0
gL2J5a3229fgdCkU2Jps8YnKNMUsD-A)
[function.file-get-contents ((*INSERT SECURE URL*))]: failed to open stream:
HTTP request failed! HTTP/1.0 400 Bad Request in (*URL/*)game/index.php on line 24
Warning: file_get_contents(https://graph.facebook.com/me?access_token=)
[function.file-get-contents ((SECURE_URL)/game/function.file-get-contents)]:
failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request in
(SECURE_URL)/game/index.php on line 31
EDIT: The Code I forgot to post.
EDIT2: Removed old code. Added updated code and more detail.
<?php
$app_id = "(ID)";
$canvas_page = "https://apps.facebook.com/(APP)/";
$signed_request = $_REQUEST["signed_request"];
$auth_url = GetCH();
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"]))
{
echo("<script> top.location.href='" . $auth_url . "'</script>");
}
else
{
include_once 'game.php';
}
function GetCH()
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.facebook.com/dialog/oauth?client_id={appd_id}&redirect_uri={$canvas_page}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT_MS,20000);
if(substr($url,0,8)=='https://')
{
curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
}
$sendCH = curl_exec($ch);
curl_close($ch);
return $sendCH;
}
This is my index page. Facebook loads this when someone opens the app. From here I include game.php that has the background and swf files. The SWF calls database.php which loads their information into the game. saveplayer.php saves the game. Is this possibly and issue with the database.php as I'am having trouble with that as well.
EDIT 3: Database.php
<?php
error_log("database");
include 'src/facebook.php';
$facebook = new Facebook(array(
'appId' => '165114483572553',
'secret' => 'c65114e7dbc8b1eeed9f6535c1aee888',
));
try
{
$user = $facebook->getUser();
$user_profile = $facebook->api('/me');
}
catch (FacebookApiException $e)
{
error_log($e);
$user = null;
}
try
{
//$friends = $facebook->api('/me/friends');
mysql_connect("localhost", "(USER)", "(PASS)") or die("Could not connect");
mysql_select_db("stus_zombies") or die("Could not select database");
$query = mysql_query("SELECT * FROM users WHERE facebook_id = " . $user_profile[id]);
$result = mysql_fetch_array($query);
if(empty($result))
{
$addInfo = mysql_query("INSERT INTO users (first_name, last_name, facebook_id)
VALUES ('{$user_profile['first_name']}','{$user_profile['last_name']}','{$user_profile['id']}')");
$addInfo = mysql_query("SELECT * FROM users WHERE id = " . mysql_insert_id());
$query = mysql_query("INSERT INTO players (facebook_id, coins, health, stamina, xp)
VALUES ('{$user_profile['id']}','0','25','25','0')");
}
$checkProgress = mysql_query("SELECT * FROM players WHERE facebook_id = " . $user_profile[id]);
$playerCheck = mysql_fetch_array($checkProgress);
$playerInfo = array(
first_name => $user_profile[first_name],
last_name => $user_profile[last_name],
facebook_id => $user_profile[id],
coins => $playerCheck[coins],
health => $playerCheck[health],
stamina => $playerCheck[stamina],
xp => $playerCheck[xp],);
echo json_encode($playerInfo);
}
catch (FacebookApiException $e)
{
error_log($e);
$user = null;
}
As mob mentioned you should use curl to retrieve access tokens for your app. I use the below method. This may not resolve the issue with your user, i would have the user re-authenticate, but it will resolve the issue of exposing your app's secret when an error occurs.
When adding to a url all you need is /?app_access_token it includes the acess_token=############.
function GetCH(){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/oauth/access_token?client_id={app_id}&client_secret={secret}&grant_type=client_credentials");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT_MS,20000);
if(substr($url,0,8)=='https://'){
// The following ensures SSL always works. A little detail:
// SSL does two things at once:
// 1. it encrypts communication
// 2. it ensures the target party is who it claims to be.
// In short, if the following code is allowed, CURL won't check if the
// certificate is known and valid, however, it still encrypts communication.
curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
}
$sendCH = curl_exec($ch);
curl_close($ch);
return $sendCH;
};
$app_access_token = GetCH();