可以找出用户是否通过 javascript API 登录到 facebook?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5233560/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Possible to find out whether a user is logged into facebook over javascript API?
提问by The Surrican
This question is not a duplicate of this one.
这个问题不是一个重复的这一个。
I don't want to know whether the user has authorized my application, but if the user is logged into facebook (completely independed from my application).
我不想知道用户是否已授权我的应用程序,但用户是否已登录 facebook(完全独立于我的应用程序)。
The reason is that I want to pring user comments in my html code so that search engines can index them.
原因是我想在我的 html 代码中打印用户评论,以便搜索引擎可以索引它们。
When a user is logged into facebook I want to replace the html code with the facebook comments snippet.
当用户登录 facebook 时,我想用 facebook 评论片段替换 html 代码。
If not an alternative old school comment form should be displayed.
如果不是,则应显示替代的旧学校评论表。
I would pull the comments regularely from the graph api to have them in my database and comments that are done using the classic form should be posted over the api (not necessarily as the user, could be an admin account...) to have all the data synchronized.
我会定期从图形 api 中提取评论以将它们放入我的数据库中,并且使用经典表单完成的评论应该发布在 api 上(不一定是用户,可以是管理员帐户......)以拥有所有数据同步。
I looked at the Javascript SDK Docs, also found the function getloginstatusbut the documentations are bad and not conclusive. I know that there are also often features available at facebook codes that are not documented or implemented in higher level apis.
我查看了 Javascript SDK 文档,也发现了getloginstatus函数,但文档很糟糕而且没有定论。我知道 Facebook 代码中通常也有一些功能没有在更高级别的 api 中记录或实现。
My questions are:
我的问题是:
Can I somehow find out if a user is logged into facebook?
Can I somehow have a callback or notification of posted comments, so I can trigger synchronization to my database or do I have to "crawl" the graph api on a regular basis?
我能以某种方式找出用户是否登录到 Facebook 吗?
我能否以某种方式获得已发布评论的回调或通知,以便我可以触发与我的数据库的同步,或者我是否必须定期“抓取”图形 API?
采纳答案by mrwooster
This article
本文
https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information
https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information
identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.
识别 Google 和 Facebook 中的安全风险,让您可以确定用户是否已登录。虽然没有官方 API 来检查用户是否在没有该用户明确允许您访问此信息的情况下登录,但上述文章展示了如何您可以“猜测”用户是否登录。
Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.
注意:本文指出了“黑客行为”,因此如果 Google 和 Facebook 识别出这些安全风险或当 Google 和 Facebook 识别出这些安全风险时,不保证将来会有效。
回答by Ben Regenspan
There is a non-hack, officially-supported way of doing this for Facebook (I think the last version of the docs was clearer on this point). Using the Javascript SDK, you can do:
有一种非黑客的、官方支持的方式为 Facebook 执行此操作(我认为文档的最后一个版本在这一点上更清楚)。使用Javascript SDK,您可以执行以下操作:
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({appId: 'YOUR APP ID', status: true, cookie: true,
xfbml: true});
FB.getLoginStatus(function(o) {
if (!o && o.status) return;
if (o.status == 'connected') {
// USER IS LOGGED IN AND HAS AUTHORIZED APP
} else if (o.status == 'not_authorized') {
// USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
} else {
// USER NOT CURRENTLY LOGGED IN TO FACEBOOK
}
});
};
(function() {
var e = document.createElement('script'); e.async = true;
e.src = document.location.protocol +
'//connect.facebook.net/en_US/all.js';
document.getElementById('fb-root').appendChild(e);
}());
</script>
An aside: if XAuthhad caught on, it would be possible to do this in a more universal and supported way for any site supporting that standard.
旁白:如果XAuth流行起来,那么对于支持该标准的任何站点,都可以以更通用和受支持的方式执行此操作。
回答by Sunil
I also ran into similar requirements and solved my problem with following code; Using the Javascript SDK, I used FB object. FB is a facebook object, it has property called _userStatus, this can be used like following.
我也遇到了类似的要求,并用以下代码解决了我的问题;使用 Javascript SDK,我使用了 FB 对象。FB 是一个 facebook 对象,它有一个名为 _userStatus 的属性,可以像下面这样使用。
if(FB._userStatus == "connected")
{
// USER IS LOGGED IN AND HAS AUTHORIZED APP
}
else if(FB._userStatus == "notConnected"){
// USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
}
else if(FB._userStatus == "unknown")
{
// USER NOT CURRENTLY LOGGED IN TO FACEBOOK
}
The above code is very useful. It can be used in any part of the page as long FB object is not null.
上面的代码非常有用。只要 FB 对象不为空,它就可以在页面的任何部分使用。
