This question already has answers here:
How to check if a user likes my Facebook Page or URL using Facebook's API
(5 answers)
Closed 9 years ago.
How do I check if a user who is logged in to my website via the facebook php sdk has liked my page so that I can show him some secret content...
If you have the appropriate permissions you can access the Likes property of the user: you can then check the returned list to see if your URL is in the list. You can use something like this:
$likes = Facebook::api('/me/likes','GET');
Here is another approach using check if $signed_request->page->liked:
function parsePageSignedRequest() {
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
return $data;
}
return false;
}
if($signed_request = parsePageSignedRequest()) {
if($signed_request->page->liked) {
echo "This content is for Fans only!";
} else {
echo "Please click on the Like button to view this tab!";
}
}
Detail Here>>
Related
I have a little Facebook app, which has a "like gate" at the beginning. The user have to like the page to use the app. The app itself has some subpages, so I have to store the signed request into $_SESSION variable if I want the subpages to work. My problem is that the signed request is only sent on app load and at this time the user hasn't liked the page yet. So if this time the signed request is saved, the $signed_request["page"]["liked"] will alway return FALSE... How can I reload the signed request?
FQL and $like_data = $facebook->api('/me/likes/PAGE-ID/'); isn't good, because I want the permission dialog AFTER the page like.
This is the code right now:
$page_id = $signed_request["page"]["id"];
$like_status = $signed_request["page"]["liked"];
if(!$like_status){
header("Location: notfan.php");
exit;
}else{
if (!isset($_SESSION["SR"]))
{
$_SESSION["SR"] = $_REQUEST["signed_request"];
}else{
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_SESSION["SR"], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = $data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
$signed_request = objectToArray($signed_request);
}
}
Thank you very much!
just save the signed request every time you encounter it in the request: When the user likes the page, Facebook will do a page reload and resends the signed request
edit:
You're setting $like_status and checking it before you even know if you have a signed request and before you set the value of $like_status.
I would check the request parameter first, the session second, then fill the $like_status variable, then check the $like_status.
Something like this:
if( isset($_POST['signed_request']) )
{
$_SESSION["SR"] = $_REQUEST["signed_request"];
}
if (!isset($_SESSION["SR"]))
{
//shouldn't even happen now when page is opened through facebook,
//so you might want some error handling here
}
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_SESSION["SR"], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = $data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
$signed_request = objectToArray($signed_request);
$page_id = $signed_request["page"]["id"];
$like_status = $signed_request["page"]["liked"];
if(!$like_status){
header("Location: notfan.php");
exit;
}
I'm currently on working on creating an app that added to facebook page's tab. The documentation is here:
http://developers.facebook.com/docs/appsonfacebook/pagetabs/
But the documentation mentions nothing about a callback for the application is removed. Is there a such callback that will alert me when my application is removed a tab that I can use to update my records?
If it matters, I'm currently using PHP.
Go to your app: Admin page -> Edit settings -> advanced then Deauthorize Callback URL
Here is a php example on how I deauthorize a user in my code:
require_once(dirname(dirname(dirname(__FILE__))).'/autoload.php');
App::init();
DBConn::init();
error_log("request");
$app_secret = 'yoursecretkey';
$request = parse_signed_request($_POST['signed_request'], $app_secret);
$fbid=$request["user_id"];
error_log($fbid);
if ($fbid) {
$rec = new ADOdb_Active_Record( "users" );
$found=$rec->load("id=?",array($fbid));
if ($found){
$rec->deauth= 1;
$rec->save();
}
}
echo "ok";
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
I don't believe there is such a callback only one for if the user cancels giving your app the privileges first time around.
When you try to auth the user next time on your site and the auth does not succeed then you know they have either:
Deauthed your app
Or the fb token has not been used for 60 days
As such the users should reauth your app.
Edit: By site I do mean app. English Fail.
How can i get the user details from the iframe application ?
the problem is when i try to authenticate the user it authenticating and redirecting to the SITE not to facebook .
actually i am using signed_request to check user liked or not ,if liked i need to get the user details using the graph api [any other ways /javascript ?] so that i can save that on to database.
This is my current code
if (isset($_REQUEST['signed_request']))
{
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
if($data->page->liked)
{
//liked
$questions = $this->functions->get_questions();
if($questions["status"] ==TRUE)
{
$questions["data"] = $questions["data"]->result_array();
$this->load->view("public/contest",$questions);
}
else
{
echo "FALSE";
}
}
else {
//not liked
$this->load->view("public/continue");
}
}
Thank you.
I would suggest using Facebook SDK. It allows you to get user id, and then query Graph API for some basic information. You can get more information about SDK and how to work with it here
How can a database-less application be aware of whether the current user of application has already given permission to this application, or whether they are a first time user?
I simply redirect to a Facebook URL, and then if they are a new user Facebook shows the permission dialog box to the user, and if not then Facebook simply redirects to my URL.
You must check a signed_request in php:
$signed_request = $_REQUEST["signed_request"];
if ( empty($signed_request) ) {
$perms = true;
} else {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if ( empty($data["user_id"]) ) {
$perms = false;
} else {
$perms = true;
}
}
In an iframe .php app, how to detect itself is in a Page mode or in the Canvas mode? Thanks!
Reading the documentation:
Facebook will always send a signed_request (for canvas and page urls)
If it's a page, Facebook will add an extra parameter called page
so based on this, you could do something like:
<?php
if( isset($_REQUEST['signed_request']) ) {
// We are in Canvas or Page now
// Let's extract the data from the signed_request
// to check if we are inside a Facebook Page
$app_secret = "APP_SECRET";
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if( isset($data["page"]) ) {
echo "Page";
} else {
echo "Canvas";
}
} else {
echo "None, or something went wrong!";
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
I also had to add website in the criteria. This is my Yii code
if(empty($_POST['signed_request']) === false)
$signedRequest = Yii::app()->fb->getSignedRequest();
if(isset($signedRequest['page']))
$this->layout = 'tab';
else if(isset($signedRequest['user']) && ! isset($signedRequest['page']))
$this->layout = 'canvas';
else
$this->layout = 'website';
Thanks to #ifaour solution;
I had to modify it to get it work;
This what worked for me;
I noticed that signed request is only sent when site is loaded under canvas; but when direct access then no signed request is sent.
So I ended using this code:
if( !isset($_SESSION['signed_request']) && empty($_SESSION['signed_request']) ) {
exit("direct access not allowed.");
}
else
{
// echo 'Canvas';
// continue script
}