PHP-SDK Facebook身份验证不断重定向

Question

I am trying to integrate Facebook into a web app that I am working on. I got an api key and secret key from Facebook, and have set the Site Url to http://www.mysite.com/something/app/

The following code is used from http://www.mysite.com/something/app/signup/xxxx/ to detect whether the user is connected or not:

        $facebook = new Facebook(array(
          'appId'  => FB_APIKEY,
          'secret' => FB_SECRETKEY,
          'cookie' => true  
        ));

        $session = $facebook->getUser();

        if($session) {
            # Active session, let's try getting the user id (getUser()) and user info (api->('/me'))
            try{
                $uid = $facebook->getUser();
                $user = $facebook->api('/me');
            } catch (Exception $e){}

            if(!empty($user)){
                # User info ok? Let's print it (Here we will be adding the login and registering routines)
                echo $user;
            } else {
                # For testing purposes, if there was an error, let's kill the script
                die("There was an error.");
            }
        } else {
            # There's no active session, let's generate one
            $login_url = $facebook->getLoginUrl();
            header("Location: ".$login_url);
        }

But the problem is, when the user is redirected to $login_url, it keeps redirecting back, creating an infinite loop.

The redirect url is: https://www.facebook.com/connect/uiserver.php?app_id=xxxxxxxxxxx&method=permissions.request&display=page&next=http%3A%2F%2Fwww.something.com%2Fsomething%2Fapp%2Fsignup%2Fxxxxx%2F&response_type=code&state=6f51768c22974a16b5dcf4d8dc7f46df&fbconnect=1

I have looked at other similar issues on SO, and also on Google and have tried their solutions but it just didn't help me out.

[UPDATE]

Ok I think I am onto something. If I log in as a different Facebook user, I am not being redirected in a loop. It seems to happen only when I use my own Facebook account, which is the admin of the app. But after the redirect it should return getUser() right.. but it doesn't for some reason.

Any ideas? Thanks.

Answer 1

I started from scratch on a new .php file from the root of my server. There everything was working alright, so I found out that my own code was causing the webpage to redirect.

In fact, it was the mod_rewrite in my .htaccess file that as messing things up. Somehow it is not picking up the GET variables set by FB. So I need to figure out something for it. But at least I now know what caused the problem. Case closed!

Answer 2

I have just had the same problem. When I tried to use the same code (the latest FB SDK) that is working on another server in the current server, the infinite redirection loop occurred.

When I started debugging it, I found out that the reason was because that the current server $_REQUEST does not seem to process the value in $_GET . Thus, both the $_GET['state'] and $_GET['code'] do not get read in the $_REQUEST . In base_facebook.php , it seems that they are using $_REQUEST instead of $_GET to get the code and state value.

Thus, the easy fix for this is to include the following code:

$_REQUEST['state'] = $_GET['state'];
$_REQUEST['code'] = $_GET['code'];

Before the require_once of facebook SDK file.

Hope this will help some people out there!

Answer 3

I'm having the same issue here. Here is a simple code, it runs on a single site and is as simple as it can be:

@ini_set('log_errors','On'); // enable or disable php error logging (use 'On' or 'Off')
@ini_set('display_errors','On'); // enable or disable public display of errors (use 'On' or 'Off')
include_once('lib/facebook.php');

// Create our application instance
$config = array(
  'appId' => 'xx',
  'secret' => 'yyy'
);
$link = 'http://someurl.com';
$facebook = new Facebook($config);

// Get User ID
$user = $facebook->getUser();

if($user){ ?>
    <p>logged in</p>
<?php } else {
    $loginUrl = $facebook->getLoginUrl(array(
    'scope'         => 'manage_pages,email',
    'redirect_uri'  => $link,
    ));
    echo '<a href="'.$loginUrl.'">Login with FB</a>'; 
}

So what id does, it showes link to login when user is not logged in (or to be specific - if getUser() doesnt recive anything), and paragraph with text if getUser gives what it should give.

Simple test will show a problem. Accessing it by site url, even when user permission is given, shows login url instead of paragraph.

Where is the problem? While trying to figure it out, I have added site's url as "App on Facebook", so it can be accessed from inside of facebook. And eureka, if it is accessed this way (by Canvas Page url), getUser() works correctly. Whats even more, when once You have visited through Canvas Page url link, then when visiting site directly - getUser() also works correctly.

So where is the catch? Trying with browser's incognito function i have figured otu, that there is something stored on user browser. Visiting site directly from a browser, where user already have been on Canvas Page url shows correct responce, while when on a browser where user havent visited Canvas Page url, shows login url.

So it seams, that the problem is somehow connected with browser cache, and facebook doesnt set it correct way when visiting throught page instead of Canvas Page itself.

Anybody have an idea how to correct this issue working only with php sdk?

Edit Also, when acces to app is given, when user clicks on login link, redirect gets back to oryginal page with state and code as _GET parameters.

Answer 4

It looks like you are using an old version of the PHP SDK with code that is meant to work with the latest version. Upgrade the PHP SDK to the newest version - v3.1.1

https://github.com/facebook/php-sdk

Then that code should work.

---

Have you tried specifying a redirect uri:

<?php
    $loginUrl = $facebook->getLoginUrl(
        array( 'redirect_uri' => 'http://www.mysite.com/something/app/' )
    );
?>

The script behind the target url would need to create a facebook object instance for the users session to persist.

Answer 5

I've had this issue on certain browsers, and ended up being the browsers fault by blocking the cookie set by the site, and therefore the session.

Try adding this to your page:

header('P3P: CP="CAO PSA OUR"');

(Its PHP, you can also do it on a meta tag via HTML)