[英]Vulnerable Facebook SDK Login
我最近在我的網站上添加了Facebook登錄功能,但是我感到我錯過了一些關鍵原因,因為這不安全,而且很容易偽造登錄名。
只要我知道用戶的facebook-id,我就可以將其作為post變量直接發送到php文件,然后使用$_SESSION['userid']
登錄。
是否有任何唯一的令牌或Facebook返回的東西,我可以在下面的Ajax查詢中傳遞然后在php中與Facebook比較?
<a href='javascript:;' onclick='javascript:FBLogin();'>Login using facebook</a>
$(document).ready(function() {
$.ajaxSetup({ cache: true });
$.getScript('//connect.facebook.net/en_US/sdk.js', function(){
FB.init({
appId: '0123456789',
version: 'v2.7' // or v2.1, v2.2, v2.3, ...
});
});
});
function FBLogin()
{
FB.login(function(response) {
if (response.authResponse) {
getUserInfo(); //Get User Information.
} else {
alert('Authorization failed.');
}
},{scope: 'public_profile,email,user_location'});
}
function getUserInfo() {
FB.api('/me?fields=id,first_name,last_name,email,gender,location{location{country}},picture', function(response) {
$.ajax({
type: "POST",
dataType: 'json',
data: response,
url: 'jquery/php-login_facebook.php',
success: function(msg) {
if(msg.error == 1) {
alert('Something went wrong');
} else {
alert('Success');
}
}
});
});
}
<?php
ob_start();
session_start();
if(isset($_POST['id']))
{
require_once '../includes/db.php';
extract($_POST); // extract post variables
//check if facebook ID already exits
$sql = DBi::$db->query(sprintf("SELECT * FROM users WHERE facebook_id = %u LIMIT 1", quote_smart($id)));
// Sign in user if facebook_id in tabl
if (mysqli_num_rows($sql) > 0){
$row = mysqli_fetch_object($check_user);
$_SESSION['userid'] = $row->userid;
}
// More stuff after successful signin
}
?>
通過結合javascript和php sdk找到了一個解決方案,這似乎也是“推薦”的方法。
下面粘貼代碼
login.php(html)
<a href='javascript:;' onclick='javascript:FBLogin();'>Login using facebook</a>
login.php(js)
// Load the SDK asynchronously
(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/sdk.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
window.fbAsyncInit = function() {
console.log('init');
FB.init({
appId : '0123456789',
cookie : true, // enable cookies to allow the server to access
// the session
xfbml : true, // parse social plugins on this page
version : 'v2.5' // use any version
});
};
function login_to_facebook() {
FB.login(function(response) {
if (response.authResponse) {
console.log('You are logged in & cookie sets!');
statusChangeCallback(response);
} else {
console.log('User cancelled login or did not fully authorize.');
}
}, {scope: 'public_profile,email'});
return false;
};
function statusChangeCallback(response) {
Response.accessToken);
if (response.status === 'connected') {
// Logged into your app and Facebook.
$.ajax({
type: "POST",
data: response,
url: '/callback/php-false-login_facebook.php',
success: function(msg) {
console.log('ajax success');
if(msg.error == 1) {
alert('Something Went Wrong!');
} else {
console.log(msg);
// success
}
}
});
} else if (response.status === 'not_authorized') {
console.log('not authorized');
} else {
console.log('not logged in to facebook');
}
}
PHP-login_facebook.php
<?php
ob_start();
session_start();
if(isset($_POST['authResponse']['accessToken']) && isset($_POST['authResponse']['signedRequest']))
{
require_once '../libs/Facebook/autoload.php';
require_once '../includes/db.php';
$fb = new Facebook\Facebook([
'app_id' => '0123456789',
'app_secret' => 'APP_SECRET_HERE',
'default_graph_version' => 'v2.5'
]);
$helper = $fb->getJavaScriptHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage(); die;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage(); die;
}
if (isset($accessToken)) {
$fb->setDefaultAccessToken($accessToken);
try {
$requestProfile = $fb->get("/me?fields=id,first_name,last_name,email,gender,picture,locale");
$profile = $requestProfile->getGraphNode()->asArray();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage(); die;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage(); die;
}
} else {
echo "Unauthorized access!"; die;
}
$facebook_id = int_safe($profile['id']);
//check if facebook ID already exits
$sql = DBi::$db->query(sprintf("SELECT * FROM users WHERE facebook_id = %u LIMIT 1", quote_smart($facebook_id)));
// Sign in user if facebook_id in tabl
if (mysqli_num_rows($sql) > 0){
$row = mysqli_fetch_object($check_user);
$_SESSION['userid'] = $row->userid;
// More stuff after successful signin
}
參考: https : //developers.facebook.com/docs/php/howto/example_access_token_from_javascript
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.