Facebook Connect:间歇性:签名 JSON 签名错误
我正在使用 Facebook 连接。超过 50% 的注册获得“错误签名的 JSON 签名”。错误。是什么原因导致此问题以及如何解决?
这是代码:
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
header('location: /volunteerregistration?error=Facebook has failed to connect. Unknown algorithm. Expected HMAC-SHA256 Please register with Omprakash below. ');
exit;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
header('location: /volunteerregistration?error=Facebook has failed to connect. Bad Signed JSON signature. Please register with Omprakash below.');
exit;
}
return $data;
}
谢谢!
I'm using Facebook connect. Over 50% of registrations are getting a "Bad Signed JSON signature." error. What causes this problem and how is it fixed?
Here is the code:
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
header('location: /volunteerregistration?error=Facebook has failed to connect. Unknown algorithm. Expected HMAC-SHA256 Please register with Omprakash below. ');
exit;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
header('location: /volunteerregistration?error=Facebook has failed to connect. Bad Signed JSON signature. Please register with Omprakash below.');
exit;
}
return $data;
}
Thank you!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
通过检查给定的 api 的 app_secret 解决了同样的问题。我复制了一个看不见的符号/字符
had same problem solved by checking given app_secret to api. I copied an invisible sign/character
50% 的注册是通过已知良好的帐户进行的……还是 50% 的注册是在野外网站上进行的?如果它是在野外,我会认为它是失败的黑客尝试...试图找到没有额外
$sig !== $expected_sig检查的网站,就像您的安全网站一样。 :)50% of registrations that you're doing with known good accounts....or 50% of registration on web site in the wild? If it's in the wild, I would assume it's failed hacking attempts...trying to find sites that don't have the extra
$sig !== $expected_sigcheck as your secure site does. :)我认为这可能会发生,因为您的 apache 服务器不支持 CURL 库。
打开 php.ini,找到“;extension=php_curl.dll”,然后删除“;”这意味着您的 php CURL 未注释。
I think this is could happened because your apache server doesn't support for CURL library.
Open your php.ini, find ";extension=php_curl.dll" and then remove ";" it means that your php CURL uncommented.