I have a problem..
I try wrote program like as facebook page tab app.
I must use session for remember signed_request.
But issue is that Safari do not remember session.
Program is:
$facebook = new Facebook($config);
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/'), true),true);
$op=True;
}else {
$op=False;
}
if($op)
{
$_SESSION['liked']=$signed_request['page']['liked'];
$_SESSION['admin']=$signed_request['page']['admin'];
}else{
$url="PAGEAPP URL";
echo("<script> top.location.href='" . $url . "'</script>");
exit();
}
Safari does not allow cross domain cookies.
As the main page is of the domain Facebook.com and your iframe domain differs, Safari will not process cookies inside the iFrame.
Although there are workarounds for other browsers, and at one point there was a workaround for Safari, it seems Apple closed this loophole.
http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/
Setting cross-domain cookies in Safari
Although I can't see your full code & scenario, I would suggest you avoid using sessions, and always query the Facebook API to check for the 'liked' & 'admin' flags.
If a user's admin privileges were revoked, or a user disliked the page, then your SESSION variables would become out of sync (unless you are constantly updating your SESSION variables).
Check if a user liked the page:
How to check if current facebook user like a page using PHP SDK?
Check if a user is an admin:
How to get if a user is admin of a page (isAdmin) using the Facebook Graph API?
Related
I've made a Facebook app which works perfectly, so now I'm trying to setup a mobile app. I use this code with is described in the docs to check if the user is logged in or not, and if the user is logged in pass the information forward.
Here is the code I'm using:
<?php
session_start();
// Include facebook PHP SDK
require_once("lib/facebook.php");
// Configure the facebook object
$config = array();
$config['appId'] = 'APP_ID';
$config['secret'] = 'APP_SECRET';
$config['cookie'] = true;
$config['fileUpload'] = true;
$app_id = 'APP_ID';
$canvas_page = "https://hadadmin.yourwebhosting.com/mixit/mobile/";
$location = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=publish_stream,email,create_event,rsvp_event,user_events,friends_events";
// initialize the facebook oject
$facebook = new Facebook($config);
// Get Facebook User
$fbID = $facebook->getUser();
// Get the current access token
$access_token = $facebook->getAccessToken();
// check if we have valid user
if ($fbID) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$fb_user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
$fbID = NULL;
// seems we don't have enough permissions
// we use javascript to redirect user instead of header() due to Facebook bug
print '<script language="javascript" type="text/javascript"> top.location.href="'. $location .'"; </script>';
// kill the code so nothing else will happen before user gives us permissions
die();
}
} else {
// seems our user hasn't logged in, redirect him to a FB login page
print '<script language="javascript" type="text/javascript"> top.location.href="'. $location .'"; </script>';
// kill the code so nothing else will happen before user gives us permissions
die();
}
I've searched all over but none of the solutions to similar problems are working (i.e. getUser returns 0) getUser is returning 0 like in the other posts, but like I said it works fine when I don't use the mobile site, apps.facebook.com/MYAPP and https://hadadmin.yourwebhosting.com/mixit/ is also working.
getUser use cookie setup by the javascript SDK or via the signed_request (for canvas and page tab).
As you're on a mobile site and if it's the first user connection, you'll have no cookie, and obvisously no signed_request. So you need to setup the Facebook connection using the javascript SDK by settings status to true in the init method, or by calling getLoginStatus. Then, you can request your server (the cookie will be send with any ajax request on the same domain).
after edit:
From what I see, you have trouble with cross-domain communication here. Be sure to setup facebook correctly with a valid channel file. For IE, setup P3P headers, that will help a lot. For Safari, that's a hell of a job, but google "cross-domain communication" and you'll find a lot of solutions. But these shouldn't be necessary if Facebook SDKs are setup correctly.
Hope this help!
How to make only https facebook app?
Couse this code:
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if(empty($data["page"]["liked"]))
work in only https.
Thanks for answer.
Only put a HTTPS/secure url in the Application (Canvas or App) Settings.
Leave the Canvas URL blank. And the Secure Canvas URL Populated.
In addition you can configure your server to Redirect Non HTTP Requests to HTTPS so your Application only servers over HTTPS.
-- Additional
Given your code only works over HTTPS it seems requests to HTTP are being redirected to HTTPS which in my experience tends to drop $_POST'ed data during the redirect as is the case when Facebook loads your App.
Which is why your code trips up because the $_REQUEST is blank/signed_request is missing.
Seems like Facebook changed a lot of things recently. I would like to know how to show a custom page if the user has not liked the Fan page. If the user likes the page I will show them the Fan page wall. How to do this? I searched around but seems like Facebook reinvented itself.
Thanks.
You should be able to change what a visitor sees in your page settings...
manage permissions
- default landing tab ( pick your page here )
also -
I created this php script that shows like and non-like content to users.
Tutorial / Example
http://www.drewdahlman.com/meusLabs/?p=100
GIT Project
https://github.com/DrewDahlman/FBVersion
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {
//User is not a fan
}
Source: Determine If The User Likes (Fan Of) Your Facebook Page When Landing On Your Page Tab
I'm upgrading my existing FB apps, and going absolutely bonkers trying to get a simple PHP iframe canvas app to authorize and authenticate (as well as use SSL). Never looked through so many examples...
Here's where I'm stuck: After the user authorizes the app, and the app authenticates the user (I am able to make a graph request with the token OK), the redirect_uri happens, and the whole page refreshes, leaving Facebook and thenjust shows me the contents of my "Canvas URL" page (with my server's domain), rather than iframed on Facebook.
I currently have this as a crude two step process...
Here's what my code looks like on the first page (index.php):
<?php
require('src/facebook.php');
$app_id = '123456789';
$app_secret = '1234secrets1234';
$canvas_page = "https://apps.facebook.com/123456789/";
$canvas_url = "https://myserver.com/apptest/";
$code = $_REQUEST['code'];
if(!$code){
$display= 'page';
$scope= 'manage_pages, offline_access, read_insights, publish_stream, user_about_me, user_likes, email';
$redirect_url = 'https://myserver.com/apptest/step2.php';
$oauth_url = 'https://www.facebook.com/dialog/oauth?canvas=1&client_id='.$app_id.'&display='.$display.'&redirect_uri='.urlencode($redirect_url).'&scope='.$scope;
$config = array('appId' => $app_id,'secret' => $app_secret,'cookie' => true,'domain' => true);
$facebook_client = new Facebook($config);
echo "<script type=\"text/javascript\">top.location.href = \"".$oauth_url."\";</script>";
}
?>
and the second page (step2.php):
<?php
require('src/facebook.php');
$app_id = '123456789';
$app_secret = '1234secrets1234';
$canvas_page = "https://apps.facebook.com/123456789/";
$canvas_url = "https://myserver.com/apptest/";
if($_REQUEST['code']){
$code=$_REQUEST['code'];
$redirect_url = 'https://myserver.com/apptest/step2.php';
$link="https://graph.facebook.com/oauth/access_token?canvas=1&client_id=".$app_id."&redirect_uri=".urlencode($redirect_url)."&client_secret=".$app_secret."&code=".$code;
$string = file_get_contents($link);
$auth_token=substr($string, 13, 150);
$graph_url = "https://graph.facebook.com/me?access_token=".$auth_token;
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
Again, once the user has authorized the app, and the app has authenticated the user, the graph call works.
Any ideas?
When navigating to the OAuth dialog the web page (not the frame your app is in) is navigated to the OAuth URL. To get back into the Facebook iframe after authentication you need to set the OAuth redirect URL to the canvas_page URL. The code shown above is navigating to the URL of myserver when redirected so your app takes up the entire page (because you left the Facebook iframe when navigating to the OAuth dialog). Your code at canvas_url needs to determine if it is being entered from authorization (success or failure) or if it is being entered with a valid access token after authentication.
Also your canvas_page URL appears to be comprised of the facebook apps host and your application ID. It should be the facebook apps host and your application name (the redirect URL should be the same as the "Canvas Page" URL on your app's developer page).
Well I did get this working. On the app > settings > basic I hadn't set a namespace, so the URL it gave me for the app on facebook was like this: https://apps.facebook.com/123456789/ and now with the namespace they changed it to: https://apps.facebook.com/myappname. So that may have been it. I tried to carefully follow the simple PHP autorization demo on this page: https://developers.facebook.com/docs/appsonfacebook/tutorial/ and it seems to work ok now.
Thanks for the help!
I am writing an application in Facebook that is meant to be shown through a page tab on my own business page. I need to interact with the viewing user, thus I require extended rights.
I've followed the suggested procedure but have now hit a wall. My application sits in an iFrame and the request for extended rights uses redirection. I can get the page where you need to confirm authorization but when you click allow, Facebook redirects to the page where my application is hosted instead of back to my Facebook page tab. Once the proper rights have been authorized, the rest of the application works fine so I know it's just a problem with redirection but I feel like I've tried everything and not a lot of people seem to have had the same problem. I would love if anyone could point me in the right direction.
Thank you!
Here's my code:
$app_id = "myappid";
$canvas_page = "http://wheremyappishosted/";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$user_id = $data["user_id"];
$access_token = $data['oauth_token'];
if (empty($data["user_id"])) {
$auth_url = "https://graph.facebook.com/oauth/authorize?client_id=".$app_id."&redirect_uri=".urlencode($canvas_page)."&scope=user_photos,friends_photos,publish_stream,user_likes";
die("<script> top.location.href='" . $auth_url . "'</script>");
}
$f = json_decode(file_get_contents("https://graph.facebook.com/".$user_id."?access_token=".$access_token."&fields=name,albums,likes"), true);
For those interested, I believe I have found a way to circumvent this. Instead of redirecting the user back to the application, I redirect them to a small script which then redirects back to the page tab. Since the app has already been authorized, everything works and the signed_request gets passed along with the user infos. I don't know if it's really the legit way to go but it works.
Please set redirect variable to your the targeted page :
$redirect = "http://foo.com";
Set redirect_uri to "http[s]://apps.facebook.com/YOUR_APP/" instead of "http[s]://apps.facebook.com/YOUR_APP". Note the trailing slash!
I have figured out that using javascript sdk is much better choice when unsolved redirect issues arise using server scripts, implement this small test and you will figure out that most things happen using lightbox i.e. above your app. which keeps the app page intact.
https://developers.facebook.com/docs/facebook-login/getting-started-web/