本文介绍了无缝的方式来检查用户是否喜欢页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

所以,我在我的标签上使用了iFrame,我正在做一些像路障,用户需要喜欢的页面才能查看秘密内容。有没有更好,更无缝的方式做这个,然后不得不要求许可?

So, I am using an iFrame on my tab and I am doing one of those "like roadblocks" where the user needs to like the page in order to view the secret content. Is there a better and more seamless way of doing this then having to ask for permission?

我知道使用FBML构建的标签,他们不要求许可,但我猜这是因为它不是一个iframe。

I know for tabs built with FBML, they dont ask for permission, but I am guessing that is because it is NOT an iframe.

谢谢!

推荐答案

当然可以!如所述,Facebook将向您发送一些额外的细节, signed_request

Of course you can! As mentioned in the documentation, Facebook will send you some extra details in the signed_request:

从我的应该是这样的:

<?php
if(empty($_REQUEST["signed_request"])) {
    // no signed request where found which means
    // 1- this page was not accessed through a Facebook page tab
    // 2- a redirection was made, so the request is lost
    echo "signed_request was not found!";
} else {
    $app_secret = "APP_SECRET";
    $data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
    if (empty($data["page"]["liked"])) {
        echo "You are not a fan!";
    } else {
        echo "Welcome back fan!";
    }
}

function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }

    return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}
?>

更新的代码:以前的代码可以工作。我没有检查请求的有效性。这意味着有人可以篡改请求并向您发送虚假信息(如将 admin 设置为 true !的)。代码已经更新,遵循方法。

UPDATED CODE: While the previous code would work. I wasn't checking the validity of the request. This means someone could tamper the request and send you false information (like setting the admin to true!). Code has been updated, following the signed_request documentation approach.

这篇关于无缝的方式来检查用户是否喜欢页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 21:13
查看更多