I am trying to login into Facebook via cURL in PHP. At this moment, I want to get my cookies from the browser and use them as a cookie file in cURL.
Is this even possible?
As soon as FB is registering what you're doing, your account gets locked. There are several API frameworks out there to access FB and there's almost nothing left what can only be done by scraping there content.
Yes you can do it this way, but it's not the recommended way.
Related
I'm trying to implement login and registration on a page using the Facebook API for both JS and PHP SDK 4.0. The 4.0 SDK seems relatively new and have changed a lot in recent time. There aren't a lot of answers out there. The documentation also seems pretty poor.
I already have a page with standard login using php/mysql. This will just be another option of login/registration for users.
After a couple of years just reading on Stackoverflow, this is my first post. Sorry in advance if it's in some way inadequate.
This is how I figure I would like to set this up:
A Facebook-button next to the login with a JS Facebook-login dialog connected to it.
If the user authorizes: send the result with an ajax-request to a php-page
Use FacebookJavaScriptLoginHelper to set up a session.
Get a long life access-token with getLongLivedSession.
Make a request for /me. Check if the email for this account is already a user on my site.
If not already a user: Ask for a username, register the user with info from Facebook.
Connect the account by saving the internal userid and the access-token in my database
Questions so far:
Am I supposed to send the token with my AJAX-call from the client, or would this be a security risk? I could just fetch the token with the PHP SDK instead.
Should i store the token with $_SESSION? Should I even store this manually myself? If so, is there built in functionality for this in the PHP SDK? Couldn't find any.
When a user has gone through this process I want to be able to check server side directly on page load if the user has authorized my app (and is logged in on FB).
Am I supposed to acquire the access-token using $_SESSION, or is there functionality for this? Isn't there any built in functionality to do a standard check if the user is authorized already?
When doing this in PHP, should I use the FacebookRedirectLoginHelper? Seems a bit odd since I'd never want to redirect with PHP, when my login dialogs will be with JS.
Maybe I've gotten the gist of this all wrong. My main concern is if I really would have to be storing the token with $_SESSION. I've seen a lot of people doing it in tutorials, but found nothing about it in Facebooks docs.
Thank you for your detailed post. Not a lot of people put so much effort in their first post ;)
The token you refer to is automatically stored in the cookie by the JS SDK. You can instantiate a session on the PHP side in the following way:
$js_helper = new FacebookJavaScriptLoginHelper($app_id);
$session = $js_helper->getSession();
Or: https://developers.facebook.com/docs/php/FacebookJavaScriptLoginHelper/4.0.0
You don't have to store the token by yourself, since it's already stored in the cookie.
Does this make the situation more clear?
I have been trying to get facebook page's contents using PHP Curl. But even if i am logged into facebook from my browser , the page which the CUR session returns requests for login id an password . I think its some issue of ccokies which I dont know. Please help how to send the cookies stored in my browser in the CURL request.
As with most websites Facebook uses cookie based sessions to keep you authenticated.
You'll need to get your CURL script to authenticate to Facebook and then scrape the data that you're after. When you do this you'll need to make sure that the cookies are stored across the different (auth and then following requests) by using a "cookie jar". If you look in the PHP CURL documentation they explain how to use a cookie jar and persist cookies across multiple requests.
I'm not sure what data you're trying to fetch but I think you're likely to do better using Facebook's API to fetch the data. APIs are designed for machines/processes to fetch data, whereas the website is there for people to view. If you use the API you won't have to scrap the data out from within the page/display.
We have a Flash site that integrates heavily with Facebook. When users sign up we get them to allow a Facebook app that ties into the site. This is done through the AS3 Facebook API library from Adobe.
When users have done this, they should then be able to sign up, submitting some personal details and so on. The Flash sends this request to our PHP which then checks to see if the user is actually logged into Facebook, and has allowed our app.
The problem we're having is that when a user goes to do this, the PHP facebook library says that the user is not logged in. If we then refresh the page and try signing up again, everything works fine.
I'd imagine it's a cookie thing, but we're really banging our head against a wall here and can't figure out why it's not working.
Cheers,
Mark.
Are you using OAuth (good example here by chirs coenraets)
Regardless, you may need to use a flash php/js proxy (php i presume since thats what your using) to deal with any crossdomain policy issues.
I am working to post some content to user's wall from my website.
I created an application on facebook.
Should I manually create a dialog box redirecting user to something like that?
http://www.facebook.com/dialog/oauth/?
scope=email,user_birthday&
client_id=123050457758183&
redirect_uri=http://www.example.com/response&
response_type=token
How can I check if user already connected application on my website?
Should I store any of the user's facebook data when he allows my application to remember if already connected?
Data comes like that as told in http://developers.facebook.com/docs/reference/dialogs/oauth/
http://www.example.com/response#
access_token=...&
expires_in=3600
Then how can I post some contect with PHP?
I read something here but cant understand actually...
http://developers.facebook.com/docs/reference/api/post/
Any help appreciated
Thanks
Did you check out the PHP SDK? There's an example showing how to authenticate a user in there and to post to the wall, check out the "graph()" (which you cannot call directly, you can call "post" directly on the facebook class if I recall, see the "_call()" method) method and check out the documentation again.
Let me know if that helps otherwise we'll take it from there.
Facebook session parameters will help you to found out whether user in connected to your app or not.
e.g. if you are using php-sdk
$session = $facebook->getSession();
if($session)
//do something
else
//do something
I find the PHP SDK for "viral" channel convoluted and a poor user experience. Checking if the user has "auhtorized" your app is easy, as was pointed out already. But if the user hasn't, then requesting authorization is a lot of back and forth communication (http://developers.facebook.com/docs/authentication/). That's before you can post to their wall. Which still requires redirects if done from the server (http://developers.facebook.com/docs/reference/dialogs/).
I find it a lot easier to use the javascript SDK. Check if they have authorized your app (FB.getLoginStatus), if not then ask for authorization (FB.login), then use FB.ui to post to their own wall or a friend's wall. It's all done client side, no calls back to the server necessary, no page reloads or redirects.
Hello I am looking to build a basic API and application/apps system on my social network something like Facebook or other sites have, my site is in php/mysql. Here are some questions.
1)
Basically what I want to do is give a user a API key and secret. After I have these how can I use them in my php app to authenticate a user request which would come from there server?
2)
I can basically build an API to send a request to my server with CURL and get the result back to the page in XML or JSON or whatever, the problem is when sending the request the user would have to know the user ID they want to send to lookup data against, this is fine for an API but I am wanting to have an Apps section where the user's app site would be using the API and would be loaded into my site in the app section with an iframe, the problem is, I need to find a good way to make it where a logged in user on my site can go to the app section and go to an app and there username should be available to that page loaded in the iframe. Facebook and myspace do this somehow and many other sites; I am lost how to get around this hurdle.
Any help on any of this is really appreciated, thank you
Update:
I just had an idea, if I require a cookie to be set when a user visit's my site, then they would have a cookie and it could hold there User ID, then my API script could look for that cookie to exist and grab it's value?
If you plane on using an IFRAME, then no, your API hosted on a separate website (the website inside the IFRAME) would not be able to grab the cookie. The cookie is only visible on the website that it was set for.
I have only used Facebook API with the FBML (not the IFRAME,) but all they do their is basically replace what's in the page with the info that the "tag" is calling. I'm not sure if there is a better way, but you could possibly call a page on the app's server (say the app is hosted at http://example.com/app/, and you called http://example.com/app/?id=28318&name=John%20Maguire,) and have your API code handle it and turn it into a variable?
Maybe you should look into the source code of the Facebook API client.