我正在尝试使用Facebook的OAuth令牌为我的网站编写自定义授权/取消授权脚本。我可以将令牌发布到我的数据库,但是当我删除令牌并刷新页面时,即使我没有点击授权链接,它也会再次发布令牌。
我的authorize.php:
<div class="authorize_btn" style="float:right; margin-top:-35px; padding-right:10px">
<?php
$db_conx = mysqli_connect("localhost","root","","test");
if (mysqli_connect_errno())
{
echo mysqli_connect_error();
exit();
}
$sql = "SELECT fb_token FROM users";
$user = $_SESSION['username'];
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_array($query);
$login = $facebook->getLoginUrl();
$access_token = $facebook->getAccessToken();
$fb_token = $row[0];
if (empty($fb_token))
{
$add_user = "<a href='$login'>Add User</a>";
echo $add_user;
if ($add_user)
{
$sql = mysqli_query($db_conx, "UPDATE users SET fb_token='$access_token' where username='$user'");
}
}
else
{
echo "<form id='deauth' action='deauth_fb.php' method='post'>";
echo "<a href='#' onclick='document.forms[0].submit();'>Deauthorize User</a>";
echo "</form>";
}
?>
</div>
我的deauth_fb.php:
<?php
session_start();
include ('inc/facebook.php');
include ('fbconfig.php');
$db_conx = mysqli_connect("localhost","root","","test");
if (mysqli_connect_errno())
{
echo mysqli_connect_errno();
exit();
}
$facebook = new Facebook(array(
'appId' => APP_ID,
'appSecret' => APP_SECRET,
));
$user_session = $_SESSION['username'];
$delete_sql = mysqli_query($db_conx, "UPDATE users SET fb_token='' where username='$user_session'");
header('location:home.php');
?>
答案 0 :(得分:0)
Facebook会刷新令牌,如果它仍然有效,你应该使用官方方式:
https://developers.facebook.com/docs/reference/php/facebook-getLogoutUrl/
答案 1 :(得分:0)
这是因为您只是在不注销用户的情况下将fb_token
更新为blank
。
要获取退出网址:
$params = array( 'next' => 'http://after_logout.lnk' );
$logout = $facebook->getLogoutUrl($params);
getLogoutURL()
采用包含键和值对的可选$params
数组:
next
→(可选)注销后重定向用户的下一个URL(应该是绝对URL)。