I'm currently on working on creating an app that added to facebook page's tab. The documentation is here:
http://developers.facebook.com/docs/appsonfacebook/pagetabs/
But the documentation mentions nothing about a callback for the application is removed. Is there a such callback that will alert me when my application is removed a tab that I can use to update my records?
If it matters, I'm currently using PHP.
Go to your app: Admin page -> Edit settings -> advanced then Deauthorize Callback URL
Here is a php example on how I deauthorize a user in my code:
require_once(dirname(dirname(dirname(__FILE__))).'/autoload.php');
App::init();
DBConn::init();
error_log("request");
$app_secret = 'yoursecretkey';
$request = parse_signed_request($_POST['signed_request'], $app_secret);
$fbid=$request["user_id"];
error_log($fbid);
if ($fbid) {
$rec = new ADOdb_Active_Record( "users" );
$found=$rec->load("id=?",array($fbid));
if ($found){
$rec->deauth= 1;
$rec->save();
}
}
echo "ok";
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
I don't believe there is such a callback only one for if the user cancels giving your app the privileges first time around.
When you try to auth the user next time on your site and the auth does not succeed then you know they have either:
Deauthed your app
Or the fb token has not been used for 60 days
As such the users should reauth your app.
Edit: By site I do mean app. English Fail.
Related
How can i get the user details from the iframe application ?
the problem is when i try to authenticate the user it authenticating and redirecting to the SITE not to facebook .
actually i am using signed_request to check user liked or not ,if liked i need to get the user details using the graph api [any other ways /javascript ?] so that i can save that on to database.
This is my current code
if (isset($_REQUEST['signed_request']))
{
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
if($data->page->liked)
{
//liked
$questions = $this->functions->get_questions();
if($questions["status"] ==TRUE)
{
$questions["data"] = $questions["data"]->result_array();
$this->load->view("public/contest",$questions);
}
else
{
echo "FALSE";
}
}
else {
//not liked
$this->load->view("public/continue");
}
}
Thank you.
I would suggest using Facebook SDK. It allows you to get user id, and then query Graph API for some basic information. You can get more information about SDK and how to work with it here
I have problems with authorizing of the user in a facebook page tab. I have tried a lot of different methods in both PHP and Javascript without any luck at all basically.
If someone could explain this for me and show some code it would be great! I was thinking on to do the authorizing in PHP and then continue to grab some user-data width Javascript.
I also need to be able to let the user agree on the persmissions. so a popup for authorizing and permissions is what i need help with.
What do you think? Is there a better way?
Help with some code for this would as i said be great!
In order to know whether user already authenticated your app or not, decode signed_request and check if oauth_token is passed:
<?php
$secret='APP_SECRET';
$signed_request=($_REQUEST['signed_request']);
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;}
// check signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$information=parse_signed_request($signed_request, $secret);
$oauth_token=$information["oauth_token"];
?>
Then, use this script to get user authenticated if $oauth_token is empty:
<?php
$app_id = "APP_ID";
$canvas_page = "YOUR_TAB_URL";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=ENTER WANTED PERMISSIONS HERE";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($oauth_token)) {echo("<script> top.location.href='" . $auth_url . "'</script>");}
?>
Fill in APP_SECRET, APP_ID, YOUR_TAB_URL and WANTED PERMISSIONS in these scripts, cheers.
In an iframe .php app, how to detect itself is in a Page mode or in the Canvas mode? Thanks!
Reading the documentation:
Facebook will always send a signed_request (for canvas and page urls)
If it's a page, Facebook will add an extra parameter called page
so based on this, you could do something like:
<?php
if( isset($_REQUEST['signed_request']) ) {
// We are in Canvas or Page now
// Let's extract the data from the signed_request
// to check if we are inside a Facebook Page
$app_secret = "APP_SECRET";
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if( isset($data["page"]) ) {
echo "Page";
} else {
echo "Canvas";
}
} else {
echo "None, or something went wrong!";
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
I also had to add website in the criteria. This is my Yii code
if(empty($_POST['signed_request']) === false)
$signedRequest = Yii::app()->fb->getSignedRequest();
if(isset($signedRequest['page']))
$this->layout = 'tab';
else if(isset($signedRequest['user']) && ! isset($signedRequest['page']))
$this->layout = 'canvas';
else
$this->layout = 'website';
Thanks to #ifaour solution;
I had to modify it to get it work;
This what worked for me;
I noticed that signed request is only sent when site is loaded under canvas; but when direct access then no signed request is sent.
So I ended using this code:
if( !isset($_SESSION['signed_request']) && empty($_SESSION['signed_request']) ) {
exit("direct access not allowed.");
}
else
{
// echo 'Canvas';
// continue script
}
I wanted to know , will this tag of Static FBML would work in IFrame anyway :-
fb : userlink uid="loggedinuser"
And my Second question is , Can We get User ID Through Cokkies stored rather using FBML as on iframe facebook wont allow us to access Users DATA.
So Using Firebug I found we Get the Users Id. and is stored in cookie.
I want the user to be Restricted for More than one time Access to my Iframe . So by getting The User ID
I would like to check , whether the user had registered or not. and if he had Registered. He cant Register Twice .
I am trying it by Using Cokkies , But due to Lack of knowledge about JAVASCRIPT , I am not getting How to execute it.
Put the following code in your iframe and you will get the logged in user id then check constraint on it .
<?php
function parse_signed_request($signed_request , $secret ) {
$signed_request = $signed_request ? $signed_request : $_REQUEST['signed_request'];
$secret = $secret ? $secret : your_app_secret;
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$request=$_REQUEST['signed_request'];
$appsecret = 'your_app_secret_key';
$new = parse_signed_request($request , $appsecret );
echo $new['user_id'];
How would I take the results of the Facebook Registration Plugin and email it to myself?
Well, you should post what you have got so far..anyway, as described in the documentation:
The data is passed to your application
as a signed request. The
signed_request parameter is a simple
way to make sure that the data you're
receiving is the actual data sent by
Facebook.
So you need to specify the redirect_uri and then process/extract the data you want from the signed_request and email it with the method you are using. How to process the data is described in the bottom of the document I linked above:
<?php
define('FACEBOOK_APP_ID', 'your_app_id');
define('FACEBOOK_SECRET', 'your_app_secret');
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
echo '<p>signed_request contents:</p>';
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
echo '<pre>';
print_r($response);
echo '</pre>';
} else {
echo '$_REQUEST is empty';
}
?>
So instead of the print_r and echo functions, send the fields you want!