仅使用Facebook社交登录+ php / mysql
[英]Using Facebook social login only + php / mysql
问题描述
I already have people stored in my database with their email addresses. 
我已经将人们及其电子邮件地址存储在数据库中。 I would like to make it possible for them to click a button and log in to my website with their facebook profiles only (I don't want to manage passwords ) 我想让他们单击一个按钮并仅使用其Facebook个人资料登录我的网站(我不想管理密码)
My guess is I use this code to retrieve an email address from facebook... Facebook Login for the Web with the JavaScript SDK 我的猜测是我使用此代码从Facebook检索电子邮件地址... Facebook使用JavaScript SDK登录网络
Then, check that email address against my database 然后,对照我的数据库检查该电子邮件地址
Then, save something in their cookies so that they can see the pages of my site. 然后,在他们的cookie中保存一些内容,以便他们可以看到我网站的页面。
- Am I wrong? 我错了吗?
- What do I store in the cookies so that it's secure? 我将什么存储在cookie中以确保安全?
1 个解决方案
解决方案1
1 已采纳 2016-11-26 18:34:48
The idea you've described sounds good in general. 您所描述的想法通常听起来不错。 Make sure to implement the Facebook login functionality correctly without any security flaws. 确保正确实施Facebook登录功能,而没有任何安全漏洞。 Make sure you've solved all scenarios described here: https://developers.facebook.com/docs/facebook-login/testing-your-login-flow 确保您已经解决了此处描述的所有方案: https : //developers.facebook.com/docs/facebook-login/testing-your-login-flow
Regarding the cookies thing: You should use PHP sessions . 关于cookie的事情:您应该使用PHP会话 。 Storing login-related data in a cookie is a bad idea as users can change values stored there. 在Cookie中存储与登录相关的数据不是一个好主意,因为用户可以更改存储在其中的值。
If you decide to use sessions, be aware of all security guidelines and best practices . 如果您决定使用会话,请注意所有安全准则和最佳实践 。 You can start here: https://stackoverflow.com/a/15596064/6817376 您可以从这里开始: https : //stackoverflow.com/a/15596064/6817376
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.