I have made a facebook application
I have uploaded all my code on my server, so facebook can retrieve it from there.
All my code is in HTML, php and javascript.
When the user visits www.mywebsite.com/facebook/app they will go to my index.php file.
But if the user types in www.mywebsite.com/facebook/app/pictures/picture.jpg he will see the picture.
Now I want to make sure, this content only can be access through facebook.
So I want to redirect everybody who tries to enter www.mywebsite.com/facebook/app/..../ to my facebook application www.facebook.com/myapp
Is there any way to do this?
Thank you
While it is very unreliable you could use the $_SERVER['HTTP_REFERER'] variable in php to see if the user typed in the url directly in their browser. It will be empty if the user has typed in the url directly, but i believe it should be set if your page is embedded through facebook.
see http://www.electrictoolbox.com/php-http-referer-variable/ for more info
How I fixed it
// Saves the original URL
$Origin_URL = $_SERVER['HTTP_REFERER'];
// The original URL must also contain the word facebook
$face = "facebook";
// Checks if the URL contains 'facebook'
$contains = strpos($Origin_URL,$face);
// If the original url is empty or doesn't contain facebook
// the user will be redirected to the facebook site
if(Origin_URL == "" || $contains === false)
header("Location: www.facebook.com/website");
This is not bulletproof, so try toy with it a little :)
Related
I need to link to a specific page in my Facebook app. The app is not in a page tab, and cannot be in one due to the project constrictions.
This is the url format:
https://apps.facebook.com/myappname
I would need to pass a parameter at the end (like /next.html or ?page=next) so that I can link to the specific page directly from outside the app (from an email).
How would I set this up? My project uses PHP and jQuery. I would love to be able to do this strictly in Javascript if possible.
I have found tons of info on how to deep link a page tab or a mobile app, but not to a regular application. I have found messages stating it's possible, but nothing about how to actually do it anywhere online or on Facebook.
Thanks for your help.
EDIT:
Okay, I got it working in PHP. For anyone else with this issue, this is what I did.
Add a "?" at the very end of the 'Site URL' in your FB app, then create a redirect file similar to this as your app landing page (just use absolute paths instead of relative ones like I did below):
<?php
$query = $_SERVER['QUERY_STRING'];
$params = explode("/", $query);
if (in_array("gallery", $params)) {
header("Location: /gallery.html");
exit;
}
else {
header("Location: /index.html");
exit;
}
?>
This answer is what helped me figure this out:
$_GET on facebook iframe app
I may be missing something here, but why don't you just link to http://apps.facebook.com/yourapp/something.php - this should automatically load your canvas URL, with something.php appended to the path
Obviously this won't work if your canvas URL points to a specific file and not a directory, but plenty of apps do this with success
When you are using the ? all you are doing is issuing a $_GET request, so all of the info you require will exist in the $_GET array.
Rather than query the $_SERVER array, query the $_GET array.
So if you had:
http://myurl.com?info=foobar
You can simply access that info using:
$info = $_GET['info'];
It is good practice to check for the existence first though:
if (isset($_GET['info']))
{
$info =$_GET['info'];
}
else
{
$info="default";
}
Incidently if you use the & character you can have multiple parameters:
http://myurl.com?info=foo&moreinfo=bar
You get a special parameter called app_data that you can use however you want. I've used it in the past to encode a full querystring of my internal app. for example, &app_data=My/Custom/Page
More found in this SO question: Retrieve Parameter From Page Tab URL
Im new to this and im trying to rewrite URL so that utm_expid is hidden so if my url is:
http://www.myweb.com/?utm_expid=67183125-2
how would i make it so when user visits
myweb.com
it does not show utm_expid in url
Is this possible using PHP/JS?
NOTE: i cant use RUBY or any other languages except PHP/JS/HTML
There is a way. Just redirect the page to base url once the utm_expid=67183125-2 is got. ie,
if($_GET['utm_expid']) { //header to redirect to myweb.com }
Its a tricky way. Hope you are permitted to use it.
Just start a session and store value in session variable. you can regain it even page is re directed.
ie
<?php
session_start();
if($_GET['utm_expid']) {
$_SESSION['variable_name']=$_GET['utm_expid']
//header to redirect to myweb.com
}
?>
Let me add this Javascript trick that is server agnostic.
if (location.search.indexOf('utm_expid') > -1) {
history.replaceState('page', 'Title', '/')
}
I recommend you to place it at the end of the body.
If you wanted a clean URL (as you do for branding and manual sharing purposes), I'd script it so that you load a full page iFrame which loads the gA test queried URL. That way the user see s the clean URL in the address bar and still see the experiment.
You could use PHP to set up your index page (or any server side, or even client side script).
I am building a website that uses the php facebook libraries. At the beginning of every page I am checking to see if the user is logged into facebook or not (or trying to) with the $facebook->getLoginStatusUrl($params) function. The issue I have is that the only real way to check with that function is to have the user redirected to a page based on their statues (by directing them to the url given back by that function). I cant use file_get_contents or cURL because the URL returned by that function uses https. Is their anyway I can get the contents of that URL with a server-side method? Or is the absolute only way to do this with a redirect? I would much prefer not to make this a client side action (via Javascript). Any ideas?
You can use the facebook getUser() function to check if the user is logged and has given permisssions to your web. After that you can use getLoginUrl() or getLogoutUrl() to show the user the right button:
$user = $facebook->getUser();
if (!$user)
{
$loginUrl = $facebook->getLoginUrl(array(
'redirect_uri' => REDIRECT_URL,
'scope' => APP_PERMS,
'display' => 'page'
));
//do something with $loginUrl, for example:
echo 'Login with facebook';
}
else
{
//check that this user is still valid
$realUser = $facebook->api('me');
...
You can learn more about this functions in facebook docs:
https://developers.facebook.com/docs/reference/php/
Is their anyway I can get the contents of that URL with a server-side method?
That won’t help you, because it’s not your server that the client uses to log in to Facebook, but his browser.
And therefor the check if the user is logged in must happen in their browser – that’s why the browser gets redirected to Facebook, because this is the only way to read the cookies that are set under Facebook’s domain.
I would much prefer not to make this a client side action (via Javascript).
It already is kind of a client-side action, because of the redirect.
There is absolutely no way to have your server alone figure out if the user is logged in to Facebook in their browser.
I have made an app as a Page Tab. I need to redirect to the facebook-app if someone opens the website url directly. For that, I need to check the content of the address bar and if it doesn't contain www.facebook.com inside it, I will redirect to the facebook-app url. But, the problem is that inside the facebook iframe I am unable to get the content of the address bar.
Can you please tell me a good way to enable redirect to the fb-app in case someone accesses my website url directly?
Probably the easiest way to achieve this, is to do next check in JavaScript:
if (window.top !== window){
window.location = 'http://facebook.com/YOUR_PAGE?sk=v_YOUR_APP_ID'
}
If you are wanting to redirect to a tab, a more complete way of doing this is checking for the 'page' parameter that is only sent through in the signed request for a page tab.
The reason being that only checking for the signed request will allow users to access your 520px tab app in a Facebook canvas (i.e. https://apps.facebook.com/yourapp which may not be what you want.
So for example
$fb = new Facebook( array(
'appId' => <your_app_id>,
'secret' => <your_app_secret>);
$sr = $fb -> getSignedRequest();
And then redirect the user as they hit the page
if (!($sr['page'])) {
die('<script>window.top.location = "<your_tab_url>"</script>');
};
Facebook posts a signed request parameter when you open an app in fanpage.
You can check if that parameter is null or not.
In php,
if(isset($_REQUEST["signed_request"]){
// Opened in facebook
}else{
//opened outside facebook.
}
In asp.net
if(Request.Form["signed_request"] !=null)
{
// Opened in facebook
}
else
{
// opened outside facebook.
}
In CakePHP when you try to access a protect action you are automatically taken to the login form within your app. However the HTTP_REFERER is empty????
$referer = env('HTTP_REFERER');
echo $referer;
So normally when I visit the login page I will see the previous page URL with this code displayed, but if I visit the login page after being taken there by the Auth Component then it will be empty...
why is it empty? as I was just referred???
and how do I get it to acknowledge the redirect as a referal? NOTE: Using the Auth.Redirect session value is not an option in this case because it will stay around after the person has left the site, so for example if they return to the login page it will show the ORIGINAL requested action and NOT the referred page! So it will act as a referral even when its not because it's using the existing session
EDIT:
As an alternate example:
if(isset($_SERVER['HTTP_REFERER'])) {
echo $_SERVER['HTTP_REFERER'];
}
else
{
echo 'their was no referer';
}
When the user is taken to the login form it will say their was no referer but that's obviously not TRUE! ????
HTTP_REFERER is a way of the browser to tell the server what page the user was visiting before. It does not signal what page the user has just been redirected from.
Take for example the Ads on Stackoverflow here. Clicking on one of them will take you to some long URL at adzerk.net, which records your click and then redirects you to the target URL. The intermediate Adzerk page is not an interesting page in itself and the user is never actually seeing it, unless he's paying close attention to the address bar. In fact there isn't even a "page" there. So it doesn't count as a "page visit". The next page will receive stackoverflow.com as the referer, the intermediate redirect page is irrelevant.
Stackoverflow -> Adzerk redirect -> Some advertiser
HTTP_REFERER: stackoverflow.com
There's also no referer at all if you type an address into the address bar. If you're on Stackoverflow and type yahoo.com into the address bar, Yahoo will not see any referer from you. If you click on a link that takes you from Stackoverflow to Yahoo, the browser does send a referer.
In your case, if you directly access a protected action by typing it in the address bar and get redirected, there simply is no previous page you came from.
As per the comments, here how to inject data into the URL while redirecting:
AppController extends Controller {
function redirect($url, $status = null, $exit = true) {
if (is_array($url)) {
$url['?'] = 'redirect=true';
} else {
$url.= '?redirect=true';
}
return parent::redirect($url, $status, $exit);
}
}
Is $_SERVER['HTTP_REFERER'] also empty?
If it is empty it is not set by the server, this means normally there was no referer, you did a simple refresh or called this page via bookmark. See some use cases for referer here: http://www.electrictoolbox.com/php-http-referer-variable/
Have you tried the refer controller?
$refer =
Controller::referer(); // referral url