我正在尝试通过 facebook 进行服务器端授权。有了这个,我希望授权发生在弹出窗口(window.open)中。当一个窗口打开时触发条件if (empty ($ code)) {..........}.
在这个条件里面形成 URL 地址并重定向到这个地址。除 Opera (v. 12.01) 之外的所有浏览器中一切正常。Opera 不会重定向。它发生在这里:
header("HTTP/1.1 301 Moved Permanently");
header("Location: ".$dialog_url."");
exit();
同时Opera中的url地址显示但不执行。请帮助解决 Opera 中的重定向问题。
所有源代码如下所示。
索引.php
<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script type="text/javascript" src="jquery-1.8.3.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('#login_facebook').live('click',function(){
path='facebook.php';
window.open (path,'login','width=800,height=400,resizable=yes,scrollbars=no,toolbar=no,menubar=no,location=no,directories=no,status=yes');
return false;
});
});
</script>
</head>
<body>
<table>
<tr><td><a id="login_facebook" href="#">Facebook login</a></td></tr>
</table>
</body>
</html>
脸书.php
<?php
session_start();
$app_id = "14619918......";
$app_secret = "171a7caaffeeab.....";
$my_url = "...........facebook.php";
$code = $_GET["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id=". $app_id . "&redirect_uri=" . urlencode($my_url) . "&state=". $_SESSION['state'] . "&scope=user_birthday,read_stream&display=popup";
header("HTTP/1.1 301 Moved Permanently");
header("Location: ".$dialog_url."");
exit();
}
if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
$token_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url). "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$_SESSION['access_token'] = $params['access_token'];
$graph_url = "https://graph.facebook.com/me?access_token=". $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else {echo("The state does not match. You may be a victim of CSRF.");}
?>