I have a little Facebook app, which has a "like gate" at the beginning. The user have to like the page to use the app. The app itself has some subpages, so I have to store the signed request into $_SESSION variable if I want the subpages to work. My problem is that the signed request is only sent on app load and at this time the user hasn't liked the page yet. So if this time the signed request is saved, the $signed_request["page"]["liked"] will alway return FALSE... How can I reload the signed request?
FQL and $like_data = $facebook->api('/me/likes/PAGE-ID/'); isn't good, because I want the permission dialog AFTER the page like.
This is the code right now:
$page_id = $signed_request["page"]["id"];
$like_status = $signed_request["page"]["liked"];
if(!$like_status){
header("Location: notfan.php");
exit;
}else{
if (!isset($_SESSION["SR"]))
{
$_SESSION["SR"] = $_REQUEST["signed_request"];
}else{
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_SESSION["SR"], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = $data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
$signed_request = objectToArray($signed_request);
}
}
Thank you very much!
just save the signed request every time you encounter it in the request: When the user likes the page, Facebook will do a page reload and resends the signed request
edit:
You're setting $like_status and checking it before you even know if you have a signed request and before you set the value of $like_status.
I would check the request parameter first, the session second, then fill the $like_status variable, then check the $like_status.
Something like this:
if( isset($_POST['signed_request']) )
{
$_SESSION["SR"] = $_REQUEST["signed_request"];
}
if (!isset($_SESSION["SR"]))
{
//shouldn't even happen now when page is opened through facebook,
//so you might want some error handling here
}
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_SESSION["SR"], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = $data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
$signed_request = objectToArray($signed_request);
$page_id = $signed_request["page"]["id"];
$like_status = $signed_request["page"]["liked"];
if(!$like_status){
header("Location: notfan.php");
exit;
}
Related
so basically im trying to get a like gate working but the $like_status variable never changes so my condition to change to the liked content will never work. Does anyone know why this never changes? Have added my app to a page tab on facebook and it gets all the other variables $page_id, $page_admin, $country and $locale but not $like_status.
Thanks Charlie
See Code Below
<?php
enter code here
require_once('AppInfo.php');
// Enforce https on production
if (substr(AppInfo::getUrl(), 0, 8) != 'https://' && $_SERVER['REMOTE_ADDR'] != '127.0.0.1') {
header('Location: https://'. $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit();
}
// This provides access to helper functions defined in 'utils.php'
require_once('utils.php');
require 'includes/facebook.php';
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => AppInfo::appID(),
'secret' => AppInfo::appSecret(),
'cookie' => true
));
$signed_request = $facebook->getSignedRequest();
$page_id = $signed_request["page"]["id"];
$page_admin = $signed_request["page"]["admin"];
$like_status = $signed_request["page"]["liked"];
$country = $signed_request["user"]["country"];
$locale = $signed_request["user"]["locale"];
echo "<br>page id = $page_id";
echo "<br>page admin = $page_admin";
echo "<br>like status = $like_status";
echo "<br>country = $country";
echo "<br>locale = $locale";
function grokSignedRequest()
{
if (isset($_REQUEST['signed_request']))
{
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
return $data;
}
return false;
}
// call the function to parse the signed request
$sr_data = grokSignedRequest();
// check like status
if ($sr_data->page->liked==1)
{
include ('includes/index2.php');
}
else
{
include ('includes/index1.php');
}
?>
If you are running your PHP code on a tab page, like_status is probably actually present, but set to a value of 0 (zero). Thus, the echo statement seems to be outputting nothing for $like_status, but in reality, it has a value of zero. To prove this try code like this:
if ($like_status == 0)
echo "it's zero";
else
echo "it's not zero";
Edit: Sorry, I didnĀ“t see that #robbie solved this in the comments of the question
The user must arrive to the App from the page tab, and:
As with a Canvas Page, you will not receive all the user information accessible to your app in the signed_request until the user authorizes your app.
https://developers.facebook.com/docs/appsonfacebook/pagetabs/#integrating
How can i get the user details from the iframe application ?
the problem is when i try to authenticate the user it authenticating and redirecting to the SITE not to facebook .
actually i am using signed_request to check user liked or not ,if liked i need to get the user details using the graph api [any other ways /javascript ?] so that i can save that on to database.
This is my current code
if (isset($_REQUEST['signed_request']))
{
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
if($data->page->liked)
{
//liked
$questions = $this->functions->get_questions();
if($questions["status"] ==TRUE)
{
$questions["data"] = $questions["data"]->result_array();
$this->load->view("public/contest",$questions);
}
else
{
echo "FALSE";
}
}
else {
//not liked
$this->load->view("public/continue");
}
}
Thank you.
I would suggest using Facebook SDK. It allows you to get user id, and then query Graph API for some basic information. You can get more information about SDK and how to work with it here
I am creating a Facebook Tab Application. People create their profile and each profile has a like button. The person who gets the most likes wins.
The problem we are facing now is how to give the URL to a user, so that the user can share the url (so that they can get more likes). Suppose I give the url fb.com/appname/id=12? Should I be able to get the details of user with id 12 in my Facebook Tab Application?
with the graph API?
As a solution for this you can use app_data parameter. You can pass additional parameters to a FB tab using app_data parameter in your url like this
https://www.facebook.com/pages/FB-App-Test13191195702111?sk=app_234567890&app_data=MY_CUSTOM_DATA
<?php
$data = array();
$signed_request = '';
$app_data = '';
if(isset($_REQUEST['signed_request'])) {
$signed_request = $_REQUEST['signed_request'];
$secret = YOUR_APP_SECRET
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if(isset($data['app_data'])) {
$app_data = $data['app_data'];
}
}
Use above php code to read your custom data in url to $app_data
$app_data will be equals to "MY_CUSTOM_DATA".
How can a database-less application be aware of whether the current user of application has already given permission to this application, or whether they are a first time user?
I simply redirect to a Facebook URL, and then if they are a new user Facebook shows the permission dialog box to the user, and if not then Facebook simply redirects to my URL.
You must check a signed_request in php:
$signed_request = $_REQUEST["signed_request"];
if ( empty($signed_request) ) {
$perms = true;
} else {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if ( empty($data["user_id"]) ) {
$perms = false;
} else {
$perms = true;
}
}
I have problems with authorizing of the user in a facebook page tab. I have tried a lot of different methods in both PHP and Javascript without any luck at all basically.
If someone could explain this for me and show some code it would be great! I was thinking on to do the authorizing in PHP and then continue to grab some user-data width Javascript.
I also need to be able to let the user agree on the persmissions. so a popup for authorizing and permissions is what i need help with.
What do you think? Is there a better way?
Help with some code for this would as i said be great!
In order to know whether user already authenticated your app or not, decode signed_request and check if oauth_token is passed:
<?php
$secret='APP_SECRET';
$signed_request=($_REQUEST['signed_request']);
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;}
// check signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$information=parse_signed_request($signed_request, $secret);
$oauth_token=$information["oauth_token"];
?>
Then, use this script to get user authenticated if $oauth_token is empty:
<?php
$app_id = "APP_ID";
$canvas_page = "YOUR_TAB_URL";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=ENTER WANTED PERMISSIONS HERE";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($oauth_token)) {echo("<script> top.location.href='" . $auth_url . "'</script>");}
?>
Fill in APP_SECRET, APP_ID, YOUR_TAB_URL and WANTED PERMISSIONS in these scripts, cheers.