检查用户是否喜欢页面的无缝方式 [英] Seamless way to check if user likes page

问题描述

因此，我在我的选项卡上使用 iFrame，并且我正在执行其中一种类似障碍"，用户需要喜欢该页面才能查看秘密内容.有没有更好，更无缝的方式来做到这一点，然后必须征得许可?

So, I am using an iFrame on my tab and I am doing one of those "like roadblocks" where the user needs to like the page in order to view the secret content. Is there a better and more seamless way of doing this then having to ask for permission?

我知道使用 FBML 构建的标签页不需要许可，但我猜这是因为它不是 iframe.

I know for tabs built with FBML, they dont ask for permission, but I am guessing that is because it is NOT an iframe.

谢谢！

推荐答案

当然可以！正如文档中所述，Facebook 会在 中向您发送一些额外的详细信息签名请求:

Of course you can! As mentioned in the documentation, Facebook will send you some extra details in the signed_request:

当用户导航到 Facebook 时页面，他们会看到你的页面标签添加在下一个可用选项卡中位置.从广义上讲，页面选项卡是以完全相同的方式加载画布页面.当用户选择您的页面选项卡，您将收到带一个signed_request参数附加参数，页面.这个参数包含一个 JSON 对象一个 id(当前的页面 id页面)、管理员(如果用户是管理员)页面)，并喜欢(如果用户已喜欢该页面).和画布一样页面，您将不会收到所有您可以访问的用户信息应用程序在signed_request 中，直到用户授权您的应用程序.

When a user navigates to the Facebook Page, they will see your Page Tab added in the next available tab position. Broadly, a Page Tab is loaded in exactly the same way as a Canvas Page. When a user selects your Page Tab, you will received the signed_request parameter with one additional parameter, page. This parameter contains a JSON object with an id (the page id of the current page), admin (if the user is a admin of the page), and liked (if the user has liked the page). As with a Canvas Page, you will not receive all the user information accessible to your app in the signed_request until the user authorizes your app.

代码取自我的 教程 应该是这样的:

The code taken from my tutorial should be something like:

<?php
if(empty($_REQUEST["signed_request"])) {
    // no signed request where found which means
    // 1- this page was not accessed through a Facebook page tab
    // 2- a redirection was made, so the request is lost
    echo "signed_request was not found!";
} else {
    $app_secret = "APP_SECRET";
    $data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
    if (empty($data["page"]["liked"])) {
        echo "You are not a fan!";
    } else {
        echo "Welcome back fan!";
    }
}

function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }

    return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}
?>

更新代码:虽然以前的代码可以工作.我没有检查请求的有效性.这意味着有人可能会篡改请求并向您发送虚假信息(例如将 admin 设置为 true！).代码已更新，遵循 signed_request 文档 方法.

UPDATED CODE: While the previous code would work. I wasn't checking the validity of the request. This means someone could tamper the request and send you false information (like setting the admin to true!). Code has been updated, following the signed_request documentation approach.

这篇关于检查用户是否喜欢页面的无缝方式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！