pages permission to a particular facebook page?

2018-06-22 12:44:30

how i can set a manage_pages permission of my application to a particular page only. Now my application get permission to manage all pages of fb user.. How i can restrict this and get permission to access a specific page only ?

I am using one simple authentication method.

$app_id     = 'xxxxxxxxxxxxx';
$app_secret = 'xxxxxxxxxxxxxxxx';
$my_url     = 'http://xxxxxxxxxxx.com/xxxx/facebook?client=params';

$code        = $_REQUEST["code"];

//auth user
if(empty($code)) {
$dialog_url = 'https://www.facebook.com/dialog/oauth?client_id=' 
                . $app_id . '&redirect_uri=' . urlencode($my_url).'&scope=offline_access,read_stream,publish_stream,manage_pages';
                echo("<script>top.location.href='" . $dialog_url . "'</script>");
            }

//get user access_token
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id='
            . $app_id . '&redirect_uri=' . urlencode($my_url) 
            . '&client_secret=' . $app_secret 
            . '&code=' . $code;
$access_token = file_get_contents($token_url);


am using the above code for authentication. when i try to print the $_REQUEST params, i couldnt find any variable names 'signed_request'.  is any other method can we use with the above code..??

Unfortunately that's not possible. Very annoying but well.. it's facebook so there's nothing else to expect.

You should do this from your side. Facebook will send you the page id in the signed_request so you can verify the page and show/disable content:

<?php
if(!empty($_REQUEST["signed_request"])) {
    $app_secret = "APP_SECRET";
    $data = parse_signed_request($_REQUEST["signed_request"], $app_secret);

    if (isset($data["page"])) {
        echo $data["page"]["id"];
    } else {
        echo "Not in a page";
    }
}

function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }

    return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}

This code is taken from this answer. Just check the $data["page"]["id"] against the one you want.

链接地址: http://www.djcxy.com/p/63222.html

上一篇: 这些会过期吗？

下一篇: 对特定Facebook页面的页面权限？