2

我正在尝试通过 facebook 进行服务器端授权。有了这个,我希望授权发生在弹出窗口(window.open)中。当一个窗口打开时触发条件if (empty ($ code)) {..........}.在这个条件里面形成 URL 地址并重定向到这个地址。除 Opera (v. 12.01) 之外的所有浏览器中一切正常。Opera 不会重定向。它发生在这里:

header("HTTP/1.1 301 Moved Permanently"); 
header("Location: ".$dialog_url."");
exit();

同时Opera中的url地址显示但不执行。请帮助解决 Opera 中的重定向问题。
所有源代码如下所示。

索引.php

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script type="text/javascript" src="jquery-1.8.3.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
    $('#login_facebook').live('click',function(){
        path='facebook.php';
        window.open (path,'login','width=800,height=400,resizable=yes,scrollbars=no,toolbar=no,menubar=no,location=no,directories=no,status=yes');
        return false;
    });
});
</script>
</head>

<body>
<table>
    <tr><td><a id="login_facebook" href="#">Facebook login</a></td></tr>
</table>
</body>
</html>

脸书.php

<?php
session_start();
$app_id = "14619918......";
$app_secret = "171a7caaffeeab.....";
$my_url = "...........facebook.php";
$code = $_GET["code"];
if(empty($code)) {
    $_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
    $dialog_url = "https://www.facebook.com/dialog/oauth?client_id=". $app_id . "&redirect_uri=" . urlencode($my_url) . "&state=". $_SESSION['state'] . "&scope=user_birthday,read_stream&display=popup";
    header("HTTP/1.1 301 Moved Permanently"); 
    header("Location: ".$dialog_url."");
    exit();
}
if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
     $token_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url). "&client_secret=" . $app_secret . "&code=" . $code;
     $response = file_get_contents($token_url);
     $params = null;
     parse_str($response, $params);
     $_SESSION['access_token'] = $params['access_token'];
     $graph_url = "https://graph.facebook.com/me?access_token=". $params['access_token'];
     $user = json_decode(file_get_contents($graph_url));
     echo("Hello " . $user->name);
   }
   else {echo("The state does not match. You may be a victim of CSRF.");}
?>
4

0 回答 0