I've recently migrated our site to Amazon EC2 from another host. On the old server, our Facebook login worked fine, but it's failing on EC2. I've done some digging, and it looks like it's failing because no value is being passed back from Facebook for the signed_request variable. I've done print_r($_REQUEST) on my return page, and the only things Facebook is passing back is code and state, in the URL itself. Nothing in POST.
I did notice that the site URL defined in my app didn't have a slash at the end, which seems to be problematic based on some comments in this forum, but that didn't help. Other answers were from a couple of years ago, and seemed to be obsolete since I couldn't find what they were referring to.
I also tried adding my EC2 IP to my app's whitelist, and that didn't help either.
Here's my current code:
if(!session_start())session_start();
require_once("facebook.php");
require_once("config.php");
$facebook = new Facebook(array(
'appId' => constant("FB_CONSUMER_KEY"),
'secret' => constant("FB_CONSUMER_SECRET"),
'cookie' => false
));
$FbId = intval($facebook->getUser());
if($FbId != 0) {
...
} else {
// log in to FB
$login_url = $facebook->getLoginUrl(array(
'scope' => 'email,user_likes,publish_stream',
'next' => '<return_page>',
'cancel_url' => '<cancel_page>'
));
exit;
}
$FbId keeps coming back with a 0 value, even after logging into Facebook. Some digging showed that this is because the user is never being set in the getUserFromAvailableData function because $_REQUEST['signed_request'] doesn't have a value.
I've tried this both already logged into Facebook and not logged in, but $_REQUEST['signed_request'] isn't returned in either case.
I've seen some posts on here that indicate that old Facebook apps seem to have some kind of grandfathering where they continue to work until they get migrated, or another new app just like it gets created. Could that be the case here?
Any help would be appreciated.
Thanks,
Related
We're building a web app in PHP. We've set up SSL certificate and right after that the FB login stopped working. When the script tries to get user ID, exception is thrown
An active access token must be used to query information about the current user.
I'm 100% positive the SSL is the problem because it works fine on my localhost and it also worked on the production before setting up the SSL.
We're using Facebook PHP SDK. Here is the first part (getting login url)
$facebook = new Facebook([
"appId" => "APP_ID",
"secret" => "SECRET"
]);
$permissions = ["email", "user_birthday", "publish_stream", "offline_access"];
$loginURL = $facebook->getLoginUrl([
"scope" => join(",", $permissions),
"redirect_uri" => "REDIRECT_URI"
]);
// redirect to $loginURL
And here's the callback
$facebook = new Facebook([
"appId" => "APP_ID",
"secret" => "SECRET"
]);
$userID = $facebook->getUser();
$token = $_GET['code'];
if(isset($userID) && isset($token)) {
// ... some cool stuff
} else {
// error, something happened
}
Thanx for help
EDIT: I was getting the error because I was trying to get details about user by the $userID. Problem was, the $userID is always 0 so no wonder I got error. Somehow I can't get user's ID on the website with SSL...
OK in the end I found the cause of my problems and it was realy stupid (like almost always, right?). When I was building the callback URL that is sent as an argument to the FB login page, I was getting the base url with a method from the framework I use. For some reason it gave me domain.com:443/ instead of domain.com/. After I fixed it, it suddenly works.
In mu case it was the WWW that was missing from the redirect URL. SSL cert was working only with it
first facebook asks me to click okay to authorize the app then chrome gives me this error. and the I have this endless redirect problem. I have read many cases about this but none clear and simple enough to get me over this obstacle.
The webpage at __________&redirect_uri=http%3A%2F%2Fmizu.net46.net%2Ffacebookpost6.php&state=_________________&sdk=php-sdk-3.2.3&req_perms=user_status%2Cpublish_stream%2Cuser_photos%2Coffline_access%2Cmanage_pages#=">https://www.facebook.com/dialog/oauth?client_id=__________&redirect_uri=http%3A%2F%2Fmizu.net46.net%2Ffacebookpost6.php&state=_________________&sdk=php-sdk-3.2.3&req_perms=user_status%2Cpublish_stream%2Cuser_photos%2Coffline_access%2Cmanage_pages#= has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
what I know.
facebook.php is working
the secret and appid are being passed correctly by the script.
I must have configured my app settings on the facebook development site almost correctly
how do I know this?
because when I change those variables in my script or adjust the settings
on facebook development server, I dont even get this far, I dont get asked to click ok or see my facebook profile in chrome.
what I dont know.
How to fix this redirect problem. or complete the authentication process. echo $user always returns 0.
my code looks like this:
require 'src/facebook.php';
$app_id = "xxxxxxxxxxxxxxxxxx";
$app_secret = "xxxxxxxxxxx";
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
'cookie' => true
));
$user = $facebook->getUser();
echo $user;
if(($facebook->getUser())==0)
{
header("Location:{$facebook->getLoginUrl(array('req_perms' =>
'user_status,publish_stream,user_photos,offline_access,manage_pages'))}");
exit;
}
thanks for any help
changing the setting to no when asked" is this a desktop app? " in the advanced section of app configuration on developers.facebook.com seem to resolve this issue.
I'm posting here due to a problem with php and the sdk of facebook.
For a reason I don't really know, when I try to get the userID of the logged account, continuously I received the same value, 0, even if i'm logged.
I've been trying to debug some variables, $facebook, checking sessions, etc. but with unsuccessfully results, then i'm gonna step by detailing all what i'm doing and the debug log i'm doing:
I'm using hostinger servers, that hosts my website. Due to i've found many problems, i've created a test webpage in which i have 5 files:
index.php
callback.php
facebook.php (comes from facebook)
base_facebook.php
certificate
The code i have on index.php is what i've pasted here: [index.php]: http://pastebin.com/Mfdkxz8H This is only the first part of the code which tries to get the autentification.
The code i have on callback.php is what i've pasted here: [callback.php]: http://pastebin.com/Uw0A3NM8. There i try to get the userID.
I've read some post and for some reasons there were so many cases in which the token
wasn't received in the second file/call.
I don't really know what the problem is and would be happy to find a solution.
P.D It doesn't matter the appId and secret because facebook and webpage were created for a test.
Hard to tell what is going up from your code example (By the way, you should NEVER post your appId and secret in public like that otherwise someone will be able to compromise your application). A gave your code a quick glance and it "looks" fine but here are a couple of pointers:
But here are a couple of pointers.
1) Make sure you have the latest version of the Facebook SDK (assuming you do)
2) For SANITY sake, i would keep your Facebook API files in its their folder ('sdk')
3) DOUBLE CHECK your app settings to make sure the appID and secret are correct (I have made this mistake many times), also make sure that your at is NOT in sandbox mode
4) Then try something like this
include_once("sdk/facebook.php");
//Call Facebook API
$facebook = new Facebook(array(
'appId' => XXXXXXXXXXXXXXXX,
'secret' => XXXXXXXXXXXXXXXX,
'cookie' => true, // enable optional cookie support
));
$params = array(
'scope' => 'email',
'redirect_uri' => 'http://devstarlight.esy.es/facebook/callback.php'
);
$login_url = $facebook->getLoginUrl($params);
I created a PHP script a year ago, that requests the events from a Facebook page, and it still works fine- except for one page and only since recently.
$config = array();
$config[ 'appId' ] = '468554113184955';
$config[ 'secret' ] = 'APP_SECRET';
$config[ 'fileUpload' ] = false; // optional
$facebook = new Facebook( $config );
$res = $facebook->api( '/Stadtpalais/events?fields=id,name,start_time,description,updated_time,picture.type(large)', 'GET' );
I also tried the request with another app ending with the same result, so I think retrieving a new app secret wouldn't help.
The script is just working with appId and secret, but without any user login. Try the Graph explorer with any app access token like '468554113184955|APP_SECRET' (use your own ID and secret) to reproduce the error. Change the page to any other page and it will work.
Can page admins prevent these public requests through settings? (I haven't found one yet.)
Could an event title or description or whatever trigger an error so that Facebook sends an empty array?
Some time ago I read that Facebook might force a user login to request the events, but since it's working fine with other pages, I'd think that hasn't happened yet?
Thanks in advance!
I can now answer my own question: It's due to the page setting
Age Restrictions = Alcohol-related
I'm using the PHP-SDK for Facebook and got the example to work on my localhost. However, when building a script on a server the script stays quite busy with redirecting from my script to facebook and back. (Error: Fout 310 (net::ERR_TOO_MANY_REDIRECTS):)
It seems that many more people have got this issue (here, here, here, here). Though, I can't find a clear answer what goes wrong.
Redirect to facebook (response 302):
https://www.facebook.com/dialog/oauth?client_id=166958180001271&redirect_uri=http%3A%2F%2Fdomain.com%2Fscripts%2FGateway.php%3Faction%3DAllowFacebookAccessAction%26app%3D14&state=0dbc178a375595da4751265a7147c01e#_=_
Redirect to mydomain (response 302):
http://domain.com/scripts/Gateway.php?action=AllowFacebookAccessAction&app=14&state=0dbc178a375595da4751265a7147c01e&code=AQD-dTeyns0OWpGb_PzfHxUy2iRmpc1XgP6Q24DDRX8MiRTE10lV-b-aSNIlOLVHk576vRs3H8Pf9n0kGwU827MrkzUCUoQGFGEQBkkOJnCy9zb6hZs7TVBsKL2iSuZIhDjLsCOPeKy3zfb37Q6LGhtMICCdB_IQAvU0uRvAkSAX8tdVJ65PEv8imx-2yvLaMoGJleZwKogh7m03vlhV8hJk#_=_
Part of the code that creates this issue
...
$facebook = new FacebookApi(array(
'appId' => $app->getProperty('apiKey'),
'secret' => $app->getProperty('secretKey'),
));
$user = $facebook->getUser();
if (!$user) {
header('location: ' . $facebook->getLoginUrl());
exit;
}
...
UPDATE:
I ruled out that its a server setting. I was able to run the original example script on that server.
Recheck your app secret in your app settings https://developers.facebook.com/apps otherwise dump the session
<?php print_r($_SESSION); ?>
And lint the token returned https://developers.facebook.com/tools/debug
Pretty sure either the token is mangled or the secret.
If not, it's in code you haven't shown.