Facebook“赞"按钮回调帮助 [英] Facebook "Like" button callback help

问题描述

我正在将此代码用于Facebook，例如回调:

I am using this code for facebook like callback:

           <script type="text/javascript">
                FB.Event.subscribe('edge.create', function(response) {
                  // php script to call via ajax
                });
           </script>

问题是，如果我调用php脚本(例如 http://www.test.com/addfacebook?id=xx&user=xxx&code=xxxx )，某人可以看到我的JavaScript并运行此页面，甚至对其进行垃圾邮件处理，也可以在没有先喜欢的情况下使用它.

The problem is that if i call a php script (for example http://www.test.com/addfacebook?id=xx&user=xxx&code=xxxx) someone can see my javascript and run this page and even spam it or use it without have liked first.

这个概念是我想给喜欢该页面的每个用户一个独特的特殊折扣代码.因此，在回调中，我想存储在数据库和ID，Facebook用户的真实姓名以及为他创建的折扣代码中.

The concept is that i want to give a unique special discount code to every user likes the page. So on callback I want to store in database and id, the user real name from facebook and the discount code I created for him.

如何做到这一点，以使某人无法覆盖它(因为它是javascript)?

How to do it so someone can't override it (as it is javascript)?

非常感谢！

推荐答案

最简单的方法就是验证用户是否合法.我希望您的ajax操作具有包含FacebookID和access_token的参数.这样可以防止任何人玩您的系统.

The easiest way to get at what you are doing is to verify the user is legitimate. I would have your ajax action have parameters that include the FacebookID and the access_token. This will prevent anyone from gaming your system.

由于您使用的是FB JS SDK-只需像这样调用API:

Since you are using the FB JS SDK - just make a call to the API like so:

FB.getLoginStatus(function (loginResponse) {
            FB.api('/me', function (graph) {
                var token = loginResponse.session.access_token;
                var fbid = loginResponse.session.uid;
        } else {
            // no user session available, someone you dont know
        }
    });

我将其放入您的FB.Event.subscribe中，并相应地使用令牌和fbid vars.

I'd put this in your FB.Event.subscribe and use the token and fbid vars accordingly.

希望这会有所帮助！

这篇关于Facebook“赞"按钮回调帮助的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！