具有嵌入式表单处理的单页Facebook应用-签名请求问题

Question

我正在使用同一个页面上的注册表处理我的第一个Facebook Fanpage应用程序。

该应用程序的工作方式如下：

1. 检查Facebook用户是否已登录->否，要求登录，如果是，则将基本用户数据记录到我的数据库table1（mysql）中，
2. 检查用户是否喜欢我的Facebook页面->否，要求单击“赞”按钮，如果是，请继续下一步，
3. 检查用户数据是否已经存在于我的数据库表中2->否，打印出注册表格并将其发送到同一页面以在mysql中处理
4. 用户注册后，实际的专有内容应显示给用户。

我的问题是，在发送注册表后，用户返回到“非粉丝”区域（尽管他已经很喜欢该页面，因此应该看到仅粉丝内容），并且单词“ ERROR”被打印在页面的顶部。这一页。 ->这意味着在页面的开始处“ isset（$ _ REQUEST ['signed_request']）”将返回false。

这是我的代码：

<?php
require '../facebook-php-sdk/src/facebook.php';
$facebook = new Facebook(array(
'appId'  => 'fb-app-id',
'secret' => 'fb-app-secret',
'cookie' => true,
));
$user = $facebook->getUser();

function saveuser(&$id, &$name, &$email, &$ip, $hostname, $browser, &$like) {
mysql_connect('host', 'user', 'password');mysql_set_charset('utf8');mysql_select_db('mydatabase');
mysql_query("INSERT INTO mytable1 (id,name,email,ip,hostname,browser,fblike) VALUES ($id, '$name', '$email', '$ip', '$hostname', '$browser', $like)");
mysql_close();
}

function checkuser(&$id) {
mysql_connect('host', 'user', 'password');mysql_set_charset('utf8');mysql_select_db('mydatabase');
$query="SELECT phone, round, points FROM mytable2 WHERE fbuserid = " .$id. " ORDER BY timecreated DESC LIMIT 1";
$result=mysql_query($query);
mysql_close();
return $result;
}
?>
<html><head><title>page title</title></head>
<body>
<?php
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/'), true),true);
} else { echo "ERROR"; }
if ($signed_request['page']['liked']) { $like = 1; } else { $like = 0; }
if ($user) { try {
$user_profile = $facebook->api('/me','GET');
$name = $user_profile['name'];
$email = $user_profile['email'];
$id = $user_profile['id'];
$ip = $_SERVER['REMOTE_ADDR'];
$hostname = gethostbyaddr($ip);
$browser = $_SERVER['HTTP_USER_AGENT'];
saveuser($id, $name, $email, $ip, $hostname, $browser, $like);
} catch(FacebookApiException $e) {
?>
<script type="text/javascript">
//<![CDATA[
var oauth_url = 'https://www.facebook.com/dialog/oauth/';
oauth_url += '?client_id=fb-app-id';
oauth_url += '&redirect_uri=' + encodeURIComponent('https://www.facebook.com/fb-page-name?sk=app_fb-app-id');
oauth_url += '&scope=email'
window.top.location = oauth_url;
//]]>
</script>
<?php } } else { // User not logged in or we need user permission ?>
<script type="text/javascript">
//<![CDATA[
var oauth_url = 'https://www.facebook.com/dialog/oauth/';
oauth_url += '?client_id=fb-app-id';
oauth_url += '&redirect_uri=' + encodeURIComponent('https://www.facebook.com/fb-page-name?sk=app_fb-app-id');
oauth_url += '&scope=email'
window.top.location = oauth_url;
//]]>
</script>
<?php } 
if ($like == 1) { // user is fan of my facebook page
$userdata = checkuser($id);
if (mysql_num_rows($userdata) > 0) { // user is registered
$userphone=mysql_result($userdata,0,telefon);
$roundscompleted=mysql_result($userdata,0,round);
$currentpoints=mysql_result($userdata,0,points);
?>

Here comes extended html content visible only for users who have liked my page and completed the registration form.

<?php } else { // user is not registered
if ($_POST['emailaddress'] != "") { // process user registration
mysql_connect('host', 'user', 'password');mysql_set_charset('utf8');mysql_select_db('mydatabase');
$id = $_POST['fbuserid'];
$name = mysql_real_escape_string($_POST['fullname']);
$email = mysql_real_escape_string($_POST['emailaddress']);
$mobile = mysql_real_escape_string($_POST['phonenumber']);
mysql_query("INSERT INTO mytable2 (fbuserid,regname,regemail,telefon) VALUES ('$id', '$name', '$email', '$mobile')");
mysql_close();

/*
On this point, the page should be reloaded and checkuser() function should return user data.
What happens is "ERROR" gets printed on top of page and user gets back to the "non-fan area".
*/

} else { // user not registered - print registration form ?>
<form id="regisztracio" name="regisztracio" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset><legend>Registration form</legend>
<label>Your name</label>
<input type="text" name="fullname" id="fullname" value="<?php echo $name; ?>" />
<br style="clear:both;" />
<label>Your e-mail</label>
<input type="text" name="emailaddress" id="emailaddress" value="<?php echo $email; ?>" />
<br style="clear:both;" />
<label>Your phone number</label>
<input type="text" name="phonenumber" id="phonenumber" />
<br style="clear:both;" />
<input name="fbuserid" type="hidden" value="<?php echo $id; ?>" />
<input name="submitreg" type="submit" class="submit" value="Register" />
</fieldset></form>
<?php } } } else { // non-fan area ?>

Here comes basic html content asking the user to click on the like button and become a fan of my facebook page.

<?php } ?>
</body>
</html>

非常感谢您的帮助！

Answer 1

这意味着页面的开始处的“ isset（$ _ REQUEST ['signed_request']））”返回false。

当然可以-因为signed_request参数仅在初始页面加载时才发布到您的页面。 在用户开始在iframe中的应用内导航之后，它不再存在。

因此，在每个请求上，检查是否有一个 signed_request参数-如果是，请将其（最好是解码版本）保存到会话中。

每当需要查找值时，都可以在会话中查找它。