Facebook iFrame应用程序,这段代码是否正确?
[英]Facebook iFrame app, is this code correct?
问题描述
I've just thrown together a quick Facebook iFrame "fangate" app, where you must "like" to reveal a page. 
我刚刚把一个快速的Facebook iFrame“fangate”应用程序拼凑在一起,你必须“喜欢”显示一个页面。
I've seen a number of ways of doing things online so I just wanted to check that my method was safe to use before I publish the app. 我已经看到了许多在线做事方式,所以我只是想在发布应用程序之前检查我的方法是否安全。
..and the code..: ..和代码..:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => "__CODE_HERE__",
'secret' => "__CODE_HERE__",
'cookie' => true
));
$signed_request = $facebook->getSignedRequest();
if($signed_request != false){
if($signed_request["page"]["liked"]) {
echo "you LIKE this page now!!";
} else {
// User likes the fan page.. display restricted data.
include 'index.php';
}
}
else
{
header('LOCATION: http://www.facebook.com/');
}
?>
What do you guys think? 你们有什么感想? This seems pretty secure and the is the most common method i've come across. 这看起来非常安全,这是我遇到过的最常见的方法。 Would you include anything else? 你还包括其他什么吗?
All feedback welcome.. :) 所有反馈欢迎.. :)
--Conor --Conor
2 个解决方案
解决方案1
1 2011-03-14 17:20:58
I can't see any problem with this. 我看不出有任何问题。 I have seen similar solutions working like this. 我见过类似的解决方案。
解决方案2
1 已采纳 2011-03-14 19:34:35
I won't load the whole PHP-SDK only for this, instead I use the approach from the documentation: 我不会仅为此加载整个PHP-SDK,而是使用文档中的方法:
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {
echo "You are not a fan!";
} else {
echo "Welcome back fan!";
}
I've written a tutorial about this and provided a real world examples of the importance of this. 我已经写了一篇关于这个的教程 ,并提供了一个真实世界的例子,说明了这一点的重要性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.