I have configured a URL for the deauthorize callback but I don't know what do you have to place inside that file and it's not being called.
How do you handle this?
How do you handle and the user acceses for the first time the app and clicks cancel, and how do you handle the removal of the app once the user has "accepted" it on its profile.
Thanks.
I know its an old question, but i had the same issue as you, and found it rather hard to solve, so here is one possible solution for others with the same problem:
Put the code below in your deauth file (it is very simple and should be adjusted, but does the job)
$signed_request = $_REQUEST['signed_request'];
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig); // Use this to make sure the signature is correct
$data = json_decode(base64_url_decode($payload), true);
$user_id = $data['user_id'];
Now you have the userid, and can do whatever you want with it.
Hope this will help :)
Related
I have a problem..
I try wrote program like as facebook page tab app.
I must use session for remember signed_request.
But issue is that Safari do not remember session.
Program is:
$facebook = new Facebook($config);
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/'), true),true);
$op=True;
}else {
$op=False;
}
if($op)
{
$_SESSION['liked']=$signed_request['page']['liked'];
$_SESSION['admin']=$signed_request['page']['admin'];
}else{
$url="PAGEAPP URL";
echo("<script> top.location.href='" . $url . "'</script>");
exit();
}
Safari does not allow cross domain cookies.
As the main page is of the domain Facebook.com and your iframe domain differs, Safari will not process cookies inside the iFrame.
Although there are workarounds for other browsers, and at one point there was a workaround for Safari, it seems Apple closed this loophole.
http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/
Setting cross-domain cookies in Safari
Although I can't see your full code & scenario, I would suggest you avoid using sessions, and always query the Facebook API to check for the 'liked' & 'admin' flags.
If a user's admin privileges were revoked, or a user disliked the page, then your SESSION variables would become out of sync (unless you are constantly updating your SESSION variables).
Check if a user liked the page:
How to check if current facebook user like a page using PHP SDK?
Check if a user is an admin:
How to get if a user is admin of a page (isAdmin) using the Facebook Graph API?
How to make only https facebook app?
Couse this code:
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if(empty($data["page"]["liked"]))
work in only https.
Thanks for answer.
Only put a HTTPS/secure url in the Application (Canvas or App) Settings.
Leave the Canvas URL blank. And the Secure Canvas URL Populated.
In addition you can configure your server to Redirect Non HTTP Requests to HTTPS so your Application only servers over HTTPS.
-- Additional
Given your code only works over HTTPS it seems requests to HTTP are being redirected to HTTPS which in my experience tends to drop $_POST'ed data during the redirect as is the case when Facebook loads your App.
Which is why your code trips up because the $_REQUEST is blank/signed_request is missing.
Seems like Facebook changed a lot of things recently. I would like to know how to show a custom page if the user has not liked the Fan page. If the user likes the page I will show them the Fan page wall. How to do this? I searched around but seems like Facebook reinvented itself.
Thanks.
You should be able to change what a visitor sees in your page settings...
manage permissions
- default landing tab ( pick your page here )
also -
I created this php script that shows like and non-like content to users.
Tutorial / Example
http://www.drewdahlman.com/meusLabs/?p=100
GIT Project
https://github.com/DrewDahlman/FBVersion
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {
//User is not a fan
}
Source: Determine If The User Likes (Fan Of) Your Facebook Page When Landing On Your Page Tab
I am writing an application in Facebook that is meant to be shown through a page tab on my own business page. I need to interact with the viewing user, thus I require extended rights.
I've followed the suggested procedure but have now hit a wall. My application sits in an iFrame and the request for extended rights uses redirection. I can get the page where you need to confirm authorization but when you click allow, Facebook redirects to the page where my application is hosted instead of back to my Facebook page tab. Once the proper rights have been authorized, the rest of the application works fine so I know it's just a problem with redirection but I feel like I've tried everything and not a lot of people seem to have had the same problem. I would love if anyone could point me in the right direction.
Thank you!
Here's my code:
$app_id = "myappid";
$canvas_page = "http://wheremyappishosted/";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$user_id = $data["user_id"];
$access_token = $data['oauth_token'];
if (empty($data["user_id"])) {
$auth_url = "https://graph.facebook.com/oauth/authorize?client_id=".$app_id."&redirect_uri=".urlencode($canvas_page)."&scope=user_photos,friends_photos,publish_stream,user_likes";
die("<script> top.location.href='" . $auth_url . "'</script>");
}
$f = json_decode(file_get_contents("https://graph.facebook.com/".$user_id."?access_token=".$access_token."&fields=name,albums,likes"), true);
For those interested, I believe I have found a way to circumvent this. Instead of redirecting the user back to the application, I redirect them to a small script which then redirects back to the page tab. Since the app has already been authorized, everything works and the signed_request gets passed along with the user infos. I don't know if it's really the legit way to go but it works.
Please set redirect variable to your the targeted page :
$redirect = "http://foo.com";
Set redirect_uri to "http[s]://apps.facebook.com/YOUR_APP/" instead of "http[s]://apps.facebook.com/YOUR_APP". Note the trailing slash!
I have figured out that using javascript sdk is much better choice when unsolved redirect issues arise using server scripts, implement this small test and you will figure out that most things happen using lightbox i.e. above your app. which keeps the app page intact.
https://developers.facebook.com/docs/facebook-login/getting-started-web/
Let's say I have a website called (example.com) which will have a php file (example.com/call.php).
call.php will have a post method that will post to the website exampleOne.com/login.php with the right parameters. exampleOne.com will return a header with a cookie that will confirm the authentication of the user, how do I obtain the cookie or at least check if the header includes Set-Cookie in order to be informed that the user is authenticated?
If this is not clear enough please let me know in the comments and I will try my best to clear everything up.
(UPDATE 1: so the idea is that, how do I know that the other domain I am posting to has set up the cookie because the fact that the cookie has been set up (Set-cookie != null or "") means that the username and password are in fact correct)
(Update 2 so my issue is that I want to make sure that user is a member of some forum which does not have an API and I cannot authenticate to that forum because i don't have access to their records, however, that forum authenticate the user and sets a cookie if the information is right and I want to be able to see that cookie to make sure I understand that the user is authenticated - hope this helps)
You can use this code to do what you want. Pretty much you're just simulating a client when you do this by writing a HTTP request to a page and then processing the response headers that it sends back. This is also how you would build a proxy server, but that is sort of what you're doing.
Let me know if you need any help.
//
// OPEN SOCKET TO SERVER
//
$_socket = #fsockopen($host, $port, $err_no, $err_str, 30);
//
// SET REQUEST HEADERS
//
$_request_headers = '... CONSTRUCT FULL HEADERS HERE ...';
fwrite($_socket, $_request_headers);
//
// PROCESS RESPONSE HEADERS
//
$_response_headers = $_response_keys = array();
$line = fgets($_socket, 8192);
while (strspn($line, "\r\n") !== strlen($line))
{
#list($name, $value) = explode(':', $line, 2);
$name = trim($name);
$_response_headers[strtolower($name)][] = trim($value);
$_response_keys[strtolower($name)] = $name;
$line = fgets($_socket, 8192);
}
sscanf(current($_response_keys), '%s %s', $_http_version, $_response_code);
if (isset($_response_headers['set-cookie']))
{
// DO WHAT YOU WANT HERE
}
For reference, you can find similar code in PHProxy that goes into much more detail. It will create headers for you, process response headers, and more. If you find that this example doesn't do everything you need, you should reference that software.