我正在尝试使用 facebook 登录并回显用户的 /me/ 图形详细信息。我根据 facebook 的开发人员页面编写了以下代码,但出现了问题,页面https://qonnect.co/fbcon.php无法加载!
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Qonnect | Your online ID on the web</title>
<meta content="online identity, social network, contact details, share, personal profile">
<?php require_once("facebook.php"); ?>
</head>
<body>
<p>chekc access token at bottom</p>
<?php
$app_id = "353349231445***";
$app_secret = "1299cd46fd******";
$my_url = "https://www.qonnect.co";
session_start();
$code = $_REQUEST["code"];
if(empty(code))
{
$_SESSION['state']= md5(uniqid(rand(), TRUE));
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'] . "&scope=user_birthday,read_stream";
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
//rechecking of sessions state variable for CSRF attack !
if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
$token_url = "https://graph.facebook.com/oauth/access_token?"."client_id=".$app_id.
"&redirect_uri=".urlencode($my_url)."&client_secret=".$app_secret."&code=".$code; //code exchanged for access token.
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=". $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello", $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
</body>
</html>