Background:
I'm an employee of a public figure who is constantly getting facebook scam impersonations. I'm going to automate the process of checking facebook for new scams by having a script search facebook each day and report any new users and pages for his name. I'm modifying an old FB app that I created years ago to run the process.
Problem:
I noticed that I can search for "page" on facebook's graph api with my app, but "user" comes back with: "Fatal error: Uncaught OAuthException: A user access token is required to request this resource." I assume this is a permissions error so I try to add an &Access_Token= with all permissions from (https://developers.facebook.com/tools/explorer) to the URL with no luck.
Here's my PHP script:
require '../src/facebook.php';<BR>
$facebook = new Facebook(array(
'appId' => '**I_removed_this_code**',
'secret' => '**I_removed_this_code**'));
$access_token = $facebook->getAccessToken();
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');<BR>
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
$fb_response = $facebook->api('/search?q=**Public_Figure_Name**&type=page'); //<--change this to user and it doesnt work
print_r(array_values($fb_response));
The basic issue is that only users an app has access to are either users of the app or (given proper friend permissions) friends of users of the app.
However, if you were to act as you, using an SSO token, 'you' would have a user token and can do graph searches.
PS. I would have added this as a comment but my rep's not high enough.
If I try the following in the Graph Explorer, it works without problem:
/search?q=Tom%20Cruise&type=user
https://developers.facebook.com/tools/explorer?method=GET&path=search%3Fq%3DTom%2520Cruise%26type%3Duser&version=v2.2
The Search API is documented at https://developers.facebook.com/docs/graph-api/using-graph-api/v2.2#search which describes exactly your behaviour (distinction between page and user search).
Related
I have some Facebook user in my database with their facebook id which is I have got after they login via my facebook app. Now I want to post their wall after a certain period using php.
I have got their user id using below code-
include_once "facebook.php";
$facebook = new Facebook(array(
'appId' => xxxxxxxxxxxxxxx,
'secret' => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,
'cookie' => true,
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
print_r($e);
$user = null;
}
}
I have got their id from $user_profile variable.
I am using this scope to login "email,publish_actions"
Please give me some sample code if possible, I'm too much worry about this :(
Sorry for my poor English
As of 2nd October 2013 you can no longer post to another user's wall using the API:
Removing the ability to post to friends' timelines via API
We have found that posting content via API (stream.publish) on a
friend's wall lead to a high incidence of user dissatisfaction (hiding
content, blocking the app). After the migration period, posting
content to friends' timelines via stream.publish will no longer be
allowed. Please use the Feed Dialog for posting.
Source: https://developers.facebook.com/docs/apps/migrations/completed-changes
Hi I have a problem with the Facebook API although I am asking for the permission to get the email I can't get the mail value, what do I do wrong? Here my code:
$facebook = new Facebook(array(
'appId' => 'xxxxxxxx',
'secret' => 'xxxxxxxxxx',
'cookie' => false
));
// See if there is a user from a cookie
$fbuser = $facebook->getUser();
if ($fbuser) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$FBUSER = $facebook->api('/me');
$FBUSER1 = $facebook->api('/me');
print_r($FBUSER1);
} catch (FacebookApiException $e) {
print_r($e);
$USER=false;
}
}
$loginUrl = $facebook->getLoginUrl(array("scope"=>"email, publish_actions"));
A few days ago I was coding a similar login/authorization bit of my app and I had similar results until I properly ordered the flow steps.
From your snippet it looks like you print the $fbuser array before the user actually grants the extended permissions to your app. Let's imagine you were doing some tests with your own account being logged in to facebook: you might have authorized the app once with the basic permission and now it returns these basic data from your account (with no "email" as it belongs to the extended perms).
More code could help to better understand but I would still double check that:
1. the page/popup coming from the FB getLoginURL() method is shown and the user accepts both to login (if not) and to authorize the extended permissions if needed.
2. the return_uri code on your website is ready to catch any data coming from the previous step (eg. print the user details).
Watchout as I see from your code that the return_uri is not defined.
If you send request without access_token, you will get short field set without email and some different fields.
I have a Facebook app that I want to use to post on my customer's Facebook Page Walls on their behalf. I have it setup now so that when they authenticate my app I get the Access token, but when I go to post to the wall I am getting the following error: "OAuthException: Error validating access token: The session is invalid because the user logged out."
How can I post from my script without being logged in?
Here is my code:
include_once('fb-php-sdk/src/facebook.php');
$facebook = new Facebook(array(
'appId' => 'XXX',
'secret' => 'XXX',
));
try {
$page_id = '215133535279290'; //page id of the customer's facebook page
$args = array(
'access_token' => 'XXX', //access token received when user authenticated app
'message' => 'A test message'
);
$post_id = $facebook->api("/$page_id/feed","post",$args);
} catch (FacebookApiException $e) {
echo "Error:" . $e;
}
The new facebook API has what is called an extended access token (it replaces offline access: https://developers.facebook.com/roadmap/offline-access-removal/ I think) which I believe lasts upto 60 days (or something like that). To use it simply get the access token when the logs in through your website:
$token = $facebook->getAccessToken();
Save it to Db and use this token later:
$facebook = new Facebook();
$facebook->setAccessToken($accessTokenFromDB);
Then you should be able to continue as though the user is logged in.
As for the user being logged out part, make sure you are using the latest version of the API and not an old version and also make sure the stuff under the "Scenario 2: If you have been previously requesting offline_access - updated 4/30/2012" heading of the page I linked.
You could carry on using offline_access until 3rd of October, but then why if it's being turned off for real in 2 months time and would have to rewrite your code.
Get the publish_stream extended permission. Once you have this permission you can post feed stories using your app access token while the user is offline. There is no need for offline_access permissions or saving and using a user access token in this scenario.
I am doing a Canvas app inside the facebook page.
My very simple question is this: With the newest facebook SDK (just downloaded today), if a user has not yet granted access permission to your app, will the facebook class within the SDK automatically determine that and attempt to get authorization?
I can manually get auth for my app by going here:
https://graph.facebook.com/oauth/authorize?client_id=<myClientID>&redirect_uri=<myRedirectURL>&type=user_agent&display=page&scope=publish_stream,%20user_about_me,%20user_likes,%20email
That all works just fine... but when I attempt to do what the example.php does in the SDK, it returns an error:
Fatal error: Uncaught OAuthException: Invalid OAuth access token signature. thrown in /public_html/bridge/base_facebook.php on line 1107
Thus my question is: Am I supposed to be getting a valid OAuth access token, or am I setting up the facebook PHP SDK wrong?
Here is my complete PHP code that generates the error:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'app_id' => '<my app id>',
'app_secret' => '<my app secret>',
));
$user = $facebook->getUser();
$jared = $facebook->api('/jaredmark');
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
This code is essentially a direct copy/paste from the example, with a few minor edits.
It doesn't seem to be the case that the PHP SDK will display an authentication pop up without you manually causing it to do so by redirecting to that specific page. sigh
I'm trying to use the Graph API and the PHP SDK for Facebook to try and return the current users name, but I'm only having luck with it displaying my name. This is pretty straight forward and someone that knows the Graph API shouldn't have any problem helping me out just by looking at the code I'm using.
require 'facebook.php';
$appid=get_post_meta($thisID,'_EFBPDAppID',true);
$appsec=get_post_meta($thisID,'_EFBPDAppSec',true);
$facebook = new Facebook(array(
'appId' => $appid,
'secret' => $appsec,
'cookie' => true
));
$user = $facebook->getUser();
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
And then I use this: echo $user_profile['name']; to display the users name, but it is only displaying my name. On any other profile it just shows where that variable is as blank. On my profile, it shows my name. I also used print_r($user); and it is displaying my ID, but for any other profile it displays 0.
Do users need to authenticate themselves or should there already be a session with this info? How do I get that session info if there is one?
Anyone who can help out I would be very grateful. Thanks.
For security and privacy as well, Facebook users must login and allow the current application to have access to their account information. You can accomplish this using different SDK. Most people use Javascript but I persoally prefer PHP. As simple implementation in HTML is shown below:
Login to Facebook
It will generate something like:
Login to Facebook
you should be able to access the user's information after that process using Graph API.
$fbuser = $facebook->api('/me');
echo "Hello ".$fbuser['name'];
Let me know if works for you.
http://www.9lessons.info/2011/02/login-with-facebook-and-twitter.html
Your user must authenticate the application that your going to create.
After that facebook will redirect with the access_token (and the process is called as callback.)
Save the access_token and user id so that you can access data or Post message automatically without login into the facebook.
I've got the rectification for your problem. I use a simple Facebook application. It works but under development.
You must authorize the user first and get his user ID. After that just replace the "me" by user_id, and you are done.
<?php
require_once 'facebook-php-sdk/src/facebook.php';
$facebook = new Facebook(array(
'appId' => '[your app id]',
'secret' => '[your app secreat]',
'cookie' => true,
));
// Then authorize the current user in the way you desire
// get his user_id
$user_profile = $facebook->api('/[the user's user id]');
echo $user_profile['name'];
?>