我正在尝试使用Facebook的OAuth令牌为我的网站编写自定义授权/取消授权脚本。我可以将令牌发布到我的数据库,但是当我删除令牌并刷新页面时,即使我没有单击授权链接,它也只是再次发布令牌。
我的授权.php:
<div class="authorize_btn" style="float:right; margin-top:-35px; padding-right:10px">
<?php
$db_conx = mysqli_connect("localhost","root","","test");
if (mysqli_connect_errno())
{
echo mysqli_connect_error();
exit();
}
$sql = "SELECT fb_token FROM users";
$user = $_SESSION['username'];
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_array($query);
$login = $facebook->getLoginUrl();
$access_token = $facebook->getAccessToken();
$fb_token = $row[0];
if (empty($fb_token))
{
$add_user = "<a href='$login'>Add User</a>";
echo $add_user;
if ($add_user)
{
$sql = mysqli_query($db_conx, "UPDATE users SET fb_token='$access_token' where username='$user'");
}
}
else
{
echo "<form id='deauth' action='deauth_fb.php' method='post'>";
echo "<a href='#' onclick='document.forms[0].submit();'>Deauthorize User</a>";
echo "</form>";
}
?>
</div>
我deauth_fb.php:
<?php
session_start();
include ('inc/facebook.php');
include ('fbconfig.php');
$db_conx = mysqli_connect("localhost","root","","test");
if (mysqli_connect_errno())
{
echo mysqli_connect_errno();
exit();
}
$facebook = new Facebook(array(
'appId' => APP_ID,
'appSecret' => APP_SECRET,
));
$user_session = $_SESSION['username'];
$delete_sql = mysqli_query($db_conx, "UPDATE users SET fb_token='' where username='$user_session'");
header('location:home.php');
?>
仍然有效,Facebook会刷新令牌,你应该使用官方的方式:
https://developers.facebook.com/docs/reference/php/facebook-getLogoutUrl/
这是因为您只是将fb_token
更新为blank
而不注销用户。
要获取注销 URL,请执行以下操作:
$params = array( 'next' => 'http://after_logout.lnk' );
$logout = $facebook->getLogoutUrl($params);
getLogoutURL()
采用包含键值对的可选$params
数组:
next
→(可选)注销后要将用户重定向到的下一个 URL(应该是绝对 URL)。
参考