f_config.php
<?php
include_once("f_src/facebook.php"); //include facebook SDK
######### Facebook API Configuration ##########
$appId = '<appid>'; //Facebook App ID
$appSecret = '<appsecret>'; // Facebook App Secret
$homeurl = 'http://example.com/login_beta.php'; //return to home
$fbPermissions = 'email'; //Required facebook permissions
//Call Facebook API
$facebook = new Facebook(array(
'appId' => $appId,
'secret' => $appSecret
));
$fbuser = $facebook->getUser();
?>
login.php
include_once("f_config.php");
if(!$fbuser){
$fbuser = null;
$loginUrl = $facebook->getLoginUrl(array('redirect_uri'=>$homeurl,'scope'=>$fbPermissions));
}else{
$user_profile = $facebook->api('/me?fields=id,first_name,last_name,email,gender,locale,picture');
$_SESSION['facebook_data'] = $user_profile; // Storing Facebook User Data in Session
//var_dump("Asd");
header("location: index.php");
}
//..
//..
<?php
if(!$fbuser){
$fbuser = null;
$loginUrl = $facebook->getLoginUrl(array('redirect_uri'=>$homeurl,'scope'=>$fbPermissions));
echo '<a class="btn btn-sm btn-info" href="'.$loginUrl.'"><i class="icon icon-facebook icon-2x"> </i><span style="font-size: 16px; padding: 0 16px;">Continue With Facebook</span></a>';
}
?>
当我尝试使用开发者帐户登录facebook时,它会完美地授权该应用程序并登录到index.php然而,当我尝试使用其他facebook帐户登录时,它会对应用程序进行恶意授权,然后重定向回login.php,代码为<somerandomvalue>,然后再次需要单击facebook登录按钮重定向到index.php。
我以这个例子为例:http://www.codexworld.com/login-with-facebook-using-php/
我试着调试,似乎是域名(包括www。这是典型的在有和没有www.的url之间重定向,并导致会话不再匹配域名的变化。
解决方案:在会话开始之前,我包括了以下行
ini_set('session.cookie_domain', '.example.com');
session_set_cookie_params(0, '/', '.example.com');
以及在.htaccess文件中添加的删除www表单url的行。
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com$ [NC]
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]