comment garder l'application fb dans un onglet de la page alors que l'authentification (OAuth 2)?

Question

Petit problème ici Je veux faire une petite application fb qui montrent des vues différentes pour la page admin et les utilisateurs, la page admin peut ajouter html à l'application et inclure l'application dans leur page (un peu comme l'ancienne application FBML).

mais le problème est quand je suis authentification de l'application, il saute d'onglet de la page à sa page de l'application.

je dois accès les choses suivantes

[page] => stdClass Object 
(
    [id] => FAN_PAGE_ID
    [liked] => 1
    [admin] =>
)

pour ce besoin i d'être dans l'onglet fb page lors de l'authentification. Comment ? : (

Je suis poster mon code actuel ici.

S'il vous plaît aidez-moi.

ob_start();
$app_id = "----------";
$app_secret = "-----------------";

include_once 'src/facebook.php';

$my_url = "http://apps.facebook.com/-----beta/index.php";

$facebook = new Facebook(array(
    'appId'  => $app_id,
    'secret' => $app_secret,
));

session_start();
$code = $_REQUEST["code"];
//echo $code . "</br>";

if(empty($code)) {
    $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
    $dialog_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&display=popup&scope=manage_pages,email&redirect_uri=" . urlencode($my_url) . "&state=" . $_SESSION['state'];
    echo("<script> top.location.href='" . $dialog_url . "'</script>");
}

if($_REQUEST['state'] == $_SESSION['state']) {
    $token_url = "https://graph.facebook.com/oauth/access_token?" . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code;
    $response = file_get_contents($token_url);
    $params = null;
    parse_str($response, $params);
    $graph_url = "https://graph.facebook.com/me?access_token=" . $params['access_token'];
    $user = json_decode(file_get_contents($graph_url));
    //echo $_REQUEST['signed_request'];echo "<hr>";
    //var_dump($user);

    $signedRequest = $facebook->getSignedRequest();
    $appData = array();
    if (!empty($signedRequest) && !empty($signedRequest['page'])) {
        $appData = json_decode($signedRequest['page'], true);
    }
    var_dump($appData); echo "<hr>";

    var_dump(parse_signed_request($_REQUEST['signed_request'] , $app_secret));

    echo("<hr>Hello " . $user->name);

}    
else {
    echo("The state does not match. You may be a victim of CSRF.");
}

function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
    error_log('Unknown algorithm. Expected HMAC-SHA256');
    return null;
}

// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
}

return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}

Answer 1

J'utilise ce script dans l'onglet:

    function parse_signed_request($signed_request, $secret) {
      list($encoded_sig, $payload) = explode('.', $signed_request, 2); 
      $sig = base64_url_decode($encoded_sig);
      $data = json_decode(base64_url_decode($payload), true);

      if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        return null;
      }
      $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
      if ($sig !== $expected_sig) {
        return null;
      }

      return $data;
    }

    function base64_url_decode($input) {
      return base64_decode(strtr($input, '-_', '+/'));
    }
    $signed_request = $_REQUEST['signed_request'];
    $secret = $app_secret;
    $getdata = parse_signed_request($signed_request, $secret);
    $fanpage = $getdata['page'];
    $page_id = $fanpage['id']; // GET THE PAGE ID
    $is_fan = $fanpage['liked']; // 0 if its not fan, 1 if its fan
    $is_admin = $fanpage['admin']; //1 if user is admin of page. 0 if not
    if($page_id){
     //if app is tab
     if($is_admin){
      //if user is admin
     }
     if($is_fan){
      //I am fan
     }else{
      // I am not a fan
     }
    }