0

我在追查这个错误的原因时碰了壁。

我的应用程序功能齐全,即使我在错误日志中看到此错误:“CSRF 状态令牌与提供的令牌不匹配”

我搜索了这个站点并看到了与使用 get loginUrl 和 .htaccess 相关的帖子。

我在使用 loginURL 或我的 .htaccess 的代码中看不到问题。我会在这里发布。

我看到的行为是用户来到我的页面(未登录),我显示登录 URL,用户通过 facebook 登录,当他们返回状态字符串时,我的错误日志中有 4 个条目出现此错误。

options -multiviews
<IfModule mod_rewrite.c>
RewriteEngine On 
RewriteBase /


RewriteRule ^my$ my.php [L,QSA]
RewriteRule ^site-admin$ site-admin.php [L,QSA]
RewriteRule ^admin$ site-admin.php [L,QSA]
RewriteRule ^banned$ banned.php [L,QSA]
RewriteRule ^userlist$ userlist.php [L,QSA]
RewriteRule ^uploadfeatured$ uploadfeatured.php [L,QSA]
RewriteRule ^viewlatest$ viewlatest.php [L,QSA]
RewriteRule ^featured$ featured.php [L,QSA]
RewriteRule ^get$ get.php [L,QSA]

</IfModule>
<IfModule mod_security.c> 
   # Turn off mod_security filtering. 
   SecFilterEngine Off 

   # The below probably isn't needed, 
   # but better safe than sorry. 
   SecFilterScanPOST Off 
</IfModule>





    function getLoginURL()
{
    $facebook = new Facebook(array(
        'appId'  => APP_ID,
        'secret' => SECRET,
        'fileUpload' => true
    ));
    $user = $facebook->getUser();
    if($user && userHasPermissions())
    {
        //user has permissions and is logged in

        $me= $facebook->api('/me'); 
        $con = getConn();   
        $query="select * from users where fb_id='".$user."';";
      $result=mysql_query($query);   
        $result=mysql_query($query);     
      while ($row = mysql_fetch_assoc($result)) 
      {
      $userid =  $row['id'];
        }                                       

      if (mysql_num_rows($result) == 0)
        {
            // Got a newbie, now we need to add him into our db                 
            $query2= "INSERT INTO users (fb_id ,name ,email) VALUES ('".$user."','". $me['name']."','". $me['email']."')";
            $result2=mysql_query($query2);                          
            $facebook->api("/me/feed", "post", array(
            message => "Welcome to XXX - XXX!",
            picture => "http://XXX.us/static/img/XX.png",
            link => "http://XXX.us",
            name => "XXX ",
            caption => "XXX welcomes you!"
            ));
            echo "<script language='javascript'> window.location='http://XXX.us';</script>" ;
        }
        else
        {                           
            $query3 = "UPDATE  users SET  email='". $me['email']. "',access_token='". $facebook->getAccessToken() ."',name='". $me['name'] ."' WHERE  id=". $userid .".;";                                                              
            $result3=mysql_query($query3);                                                                                                  

        }

      return null;
    } 
    else 
    {
        $loginUrl = $facebook->getLoginUrl(
        array('scope' => 'publish_stream,user_photos,offline_access,email'));   

    }
    if($user)
    {
        $access_token = $facebook->getAccessToken();
        $query3 = "UPDATE  users SET  email='". $me['email']. "',access_token='". $facebook->getAccessToken() ."',name='". $me['name'] ."' WHERE  id=". $userid .";";                                                               
        $result3=mysql_query($query3);  
    }
    else
    {

    }
    return $loginUrl;
}
4

0 回答 0