I'm trying to allow users to register on my web application via Facebook. As part of my normal registration users must supply their email address, and I need to include this as part of the Facebook registration.
I am using the code below, which works correctly, except it doesnt return the user email address as part of Facebook's response. I am aware I need to specifically "ask" for the email, but I'm confused where/how I do this in my code below?
I am also aware a user may choose to not supply their email address as part of the process, but I'm able to handle that.
// Grab our facebook details
$app_id = $this->config->item('fb_app_id');
$app_secret = $this->config->item('fb_secret_key');
$my_url = $this->config->item('fb_url');
session_start();
if(isset($_REQUEST["code"]))
{
$code = $_REQUEST["code"];
}
else
{
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if ((isset($_REQUEST['state'])) && (($_REQUEST['state'] == $_SESSION['state'])))
{
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=". $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
if ( ! empty($user))
{
// NO EMAIL HERE?!
$email = strtolower($user->email);
}
}
Looks like this has been asked before. The answer can be found here:
Facebook Graph API, how to get users email?
This code works for me...Hopefully it will work well for you also
define('FACEBOOK_APP_ID', 'YOUR_APP_ID_HERE');
define('FACEBOOK_SECRET', 'YOUR_APP_SECRET_HERE');
// No need to change function body
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
/*
echo "<pre>";
print_r($response);
echo "</pre>"; // Uncomment this for printing the response Array
*/
$email = $response["registration"]["email"];
Related
I’ve just created a Facebook app, this is my first attempt and I followed Facebook developer’s documentation totally, while completing everything as stated I am stucked at this error while authorizing app:
An error occurred. Please try again later.
<?php
$app_id = '1603369454518730';
$app_secret = '511b194f6sdgg6eca7cc748d7be6d82d';
//$canvas_page = "http://apps.facebook.com/myapp";
$canvas_page = "http://myappweb.com/app/landhere.php";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri= " . urlencode($canvas_page);
//Requesting Signed Parameter:
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
//User Info. Variables:
try {
$userId = $data["user_id"];
} catch(Exception $e) {
echo $e -> getMessage();
echo "<br>";
}
if (!empty($data["user_id"])) {
if ($data['page']['liked']) {
echo "hello";
} else {
echo "like page";
}
} else {
echo("<script> top.location.href='" . $auth_url . "'</script>");
}
?>
Ive tried suggestion that I found in other threads such as checking app id and app secret, disabling sandbox. But none of this has worked yet for me. Kindly help me with this.
Thank you.
I'm not into coding too much, but kinda sorted it out.
Your canvas page should be the url of the page not your app url.
Also I tried using the following code and it works.
<?php
$app_id = "APP_ID";
$canvas_page = "CANVAS_PAGE";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page);
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo ("Welcome User: " . $data["user_id"]);
}
?>
If I'm not mistaken, (My interaction with the PHP SDK is minimal), you need to add a redirection url to which FB will return when authentication is complete, to acomplish that you will have to do two steps:
1) $auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page);
2) In you'r applications' page: https://developers.facebook.com/apps/app_id
press Edit and in "Select how your app integrates with Facebook"
select Website.
put in the URL the you'r http://apps.facebook.com/myapp.
good luck
I'm trying to make it so my facebook app is available in English and Japanese.
I tried using tags but could not get them to work:
http://developers.facebook.com/docs/internationalization/
I then thought I'd just make two versions of the app, one in English, the other in Japanese. When I open my app, the oauth permission dialog is shown. I approve the app and then it takes me to a page which keeps looping, producing a new $_GET['code'] each time. I then click on "facebook" at the top left hand corner of the screen. I then click on my app again and this time I can access it ok in English or Japanese. How can I stop the app looping the first time around? How can I go directly to the version of the app based on the users locale? Thanks
<?php
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$result = parse_signed_request($_REQUEST['signed_request'],"app_secret");
$locale = $result['user']['locale'];
$token = $result['oauth_token'];
if ($token != ""){
if ($locale == "ja_JP"){
if ($_SERVER['HTTPS']){
header("Location: https://secure.example.com/facebook/ja/index.php");
exit;
}
else {
header("Location: http://example.com/facebook/ja/index.php");
exit;
}
}
else{
if ($_SERVER['HTTPS']){
header("Location: https://secure.example.com/facebook/en/index.php");
exit;
}
else {
header("Location: http://example.com/facebook/en/index.php");
exit;
}
}
}
else {
if($_SERVER['HTTPS']){
$canvas_page = "https://secure.example.com/facebook/";
}
else {
$canvas_page = "http://example.com/facebook/";
}
$app_id = "my_app_id";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
echo("<script> top.location.href='" . $auth_url . "'</script>");
exit;
}
?>
You could put all your texts in a simple locale-based array. You first need to get the user's locale, then use it as a key
$loc["ja_JP"]["MyText"] = "My JP text";
$loc["en_US"]["MyText"] = "My US text";
$result = parse_signed_request($_REQUEST['signed_request'],"app_secret");
$locale = $result['user']['locale'];
echo $loc[$locale]["MyText"];
For resources (specific localized pictures for example), you could get the files in a locale-based directory.
how i can set a manage_pages permission of my application to a particular page only. Now my application get permission to manage all pages of fb user.. How i can restrict this and get permission to access a specific page only ?
I am using one simple authentication method.
$app_id = 'xxxxxxxxxxxxx';
$app_secret = 'xxxxxxxxxxxxxxxx';
$my_url = 'http://xxxxxxxxxxx.com/xxxx/facebook?client=params';
$code = $_REQUEST["code"];
//auth user
if(empty($code)) {
$dialog_url = 'https://www.facebook.com/dialog/oauth?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url).'&scope=offline_access,read_stream,publish_stream,manage_pages';
echo("<script>top.location.href='" . $dialog_url . "'</script>");
}
//get user access_token
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url)
. '&client_secret=' . $app_secret
. '&code=' . $code;
$access_token = file_get_contents($token_url);
am using the above code for authentication. when i try to print the $_REQUEST params, i couldnt find any variable names 'signed_request'. is any other method can we use with the above code..??
Unfortunately that's not possible. Very annoying but well.. it's facebook so there's nothing else to expect.
You should do this from your side. Facebook will send you the page id in the signed_request so you can verify the page and show/disable content:
<?php
if(!empty($_REQUEST["signed_request"])) {
$app_secret = "APP_SECRET";
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if (isset($data["page"])) {
echo $data["page"]["id"];
} else {
echo "Not in a page";
}
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
This code is taken from this answer. Just check the $data["page"]["id"] against the one you want.
I have been trying to solve this problem for three days now, it's really simple for those who know the open graph api well. I'm new to Facebook integration but have some PHP experience.
Basically all I'm trying to do is retrieve the following information from users and store it in a database.
Facebook User ID:
Name
Gender
Email
I have done the user ID, name and gender by using:
$contents = file_get_contents ('https://graph.facebook.com/'.$user);
$json=json_decode($contents,true);
$userid = $json['id'];
$username = $json['name'];
$usergender = $json['gender'];
$useremail = $json['email'];
This works and I understand I need to ask for permissions to access the email which I have done using this code:
$app_id = "211665122244023";
$canvas_page = "http://apps.facebook.com/midcitymafia/";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email,publish_actions";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
But how do I get the access token and then use it to retrieve email from graph?
##UPDATE, THIS IS MY CURRENT CODE, STILL CAN'T SEEM TO GET IT TO WORK...
require 'src/facebook.php';
$app_id = "211665122244023";
$canvas_page = "http://apps.facebook.com/midcitymafia/";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email,publish_actions";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
$graph = json_decode(file_get_contents("https://graph.facebook.com/".$user_id . "/?accesstoken=" .$data['access_token']));
}
$userid = $graph->id;
$username = $graph->name;
$usergender = $graph->gender;
$useremail = $graph->email;
?>
<br>
<?php echo 'ID: ' . $userid; ?>
<br>
<?php echo 'Name: ' . $username; ?>
<br>
<?php echo 'Gender: ' . $usergender; ?>
<br>
<?php echo 'Email: ' . $useremail; ?>
signed_request contains user access_token within itself.
In your case access_token is in $data['access_token']
Storing user access_token isn't a best idea since they provided for a short period of time and expired later. To get permanent access_token you need to request offline_access permission from user (I personally wouldn't recommend it since you may achieve most things without requiring offline_access, in many cases Application access_token may fit your needs).
Im trying to use this code to start building a simple facebook app but I cant seem to get to grips with the access token part so i can get the users birthday etc.
Can someone please take a look and let me know what im doing wrong :
<?php
$app_id = "*********";
$canvas_page = "https://apps.facebook.com/hotness-battle/";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . '&scope=email,user_birthday';
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id=200482573356726&redirect_uri=http://www.impact25.com/hotness-battle/&client_secret=*******&code='.$data['oauth_token'].'';
echo("<script> top.location.href='" . $token_url . "'</script>");
$uid = $data["user_id"];
$token = $data['oauth_token'];
$full_name = json_decode(file_get_contents('http://graph.facebook.com/'.$uid))->name;
$gender = json_decode(file_get_contents('http://graph.facebook.com/'.$uid))->gender;
$birthday = json_decode(file_get_contents('http://graph.facebook.com/'.$uid.'?access_token='.$token))->birthday;
echo $full_name;
echo '<br><br>';
echo $gender;
echo '<br><br>';
echo $token;
echo '<br><br>';
echo $cookie['access_token'];
}
Okay, obviously you just copied the above code from somewhere...here are a couple of tips:
Read the Canvas Tutorial
The second OAuth request is not needed ($token_url) since if the user authorized your app you'll have the access_token in the signed_request
Don't do multiple graph calls, one call will retrieve everything you need
Don't print the access_token to the user
Make secure calls to the graph ( https )
Here is a working code to get you started:
<?php
$app_id = "APP_ID";
$canvas_page = "https://apps.facebook.com/appnamespace";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . '&scope=email,user_birthday';
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
$uid = $data["user_id"];
$token = $data['oauth_token'];
$graph_url = 'https://graph.facebook.com/' . $uid . '?access_token=' . $token;
$user_info = json_decode(file_get_contents($graph_url));
$full_name = $user_info->name;
$gender = $user_info->gender;
$birthday = $user_info->birthday;
echo $full_name;
echo '<br><br>';
echo $gender;
echo '<br><br>';
echo $birthday;
echo '<br><br>';
}