Facebook“赞"按钮回调帮助 [英] Facebook "Like" button callback help
问题描述
我正在将此代码用于Facebook,例如回调:
I am using this code for facebook like callback:
<script type="text/javascript">
FB.Event.subscribe('edge.create', function(response) {
// php script to call via ajax
});
</script>
问题是,如果我调用php脚本(例如 http://www.test.com/addfacebook?id=xx&user=xxx&code=xxxx ),某人可以看到我的JavaScript并运行此页面,甚至对其进行垃圾邮件处理,也可以在没有先喜欢的情况下使用它.
The problem is that if i call a php script (for example http://www.test.com/addfacebook?id=xx&user=xxx&code=xxxx) someone can see my javascript and run this page and even spam it or use it without have liked first.
这个概念是我想给喜欢该页面的每个用户一个独特的特殊折扣代码.因此,在回调中,我想存储在数据库和ID,Facebook用户的真实姓名以及为他创建的折扣代码中.
The concept is that i want to give a unique special discount code to every user likes the page. So on callback I want to store in database and id, the user real name from facebook and the discount code I created for him.
如何做到这一点,以使某人无法覆盖它(因为它是javascript)?
How to do it so someone can't override it (as it is javascript)?
非常感谢!
推荐答案
最简单的方法就是验证用户是否合法.我希望您的ajax操作具有包含FacebookID和access_token的参数.这样可以防止任何人玩您的系统.
The easiest way to get at what you are doing is to verify the user is legitimate. I would have your ajax action have parameters that include the FacebookID and the access_token. This will prevent anyone from gaming your system.
由于您使用的是FB JS SDK-只需像这样调用API:
Since you are using the FB JS SDK - just make a call to the API like so:
FB.getLoginStatus(function (loginResponse) {
FB.api('/me', function (graph) {
var token = loginResponse.session.access_token;
var fbid = loginResponse.session.uid;
} else {
// no user session available, someone you dont know
}
});
我将其放入您的FB.Event.subscribe中,并相应地使用令牌和fbid vars.
I'd put this in your FB.Event.subscribe and use the token and fbid vars accordingly.
希望这会有所帮助!
这篇关于Facebook“赞"按钮回调帮助的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!