I am currently making a facebook app and am having some problems with permissions. I need permission from each user to use there location and there friends locations. The code I have has worked in the past but recently seems to have stopped working. Assume my app_id and app_namespace are declared. All that happens is I am redirected to the dialog_url in the if(empty($code)) block, but to my knowledge $code should not be empty. Any help would be greatly appreciated. Thanks.
require_once('sdk/src/facebook.php');
require_once('AppInfo.php');
require_once('utils.php');
require_once('connection.php');
$facebook = new Facebook(array(
'appId' => AppInfo::appID(),
'secret' => AppInfo::appSecret(),
));
$user_id = $facebook->getUser();
if(user has ran the app before)
{
mysql_close($connection);
session_start();
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id"
. $app_id . "&redirect_uri=" . urlencode($my_url2) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
else
{
mysql_close($connection);
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id"
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&scope= user_location, friends_location, offline_access" . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = #file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token"
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else
{
echo("The state does not match. You may be a victim of CSRF.");
}
}
Seems too simple, but you have spaces in your oauth url that you've assigned to $dialog_url?
Related
I am trying to end up with some descent facebook login on my website, but I came up with a little problem. When i try to login, facebook doesn't even ask for an email permission, only for my location. Here's the main part of my code:
$app_id = "XXXXXX";
$app_secret = "XXXXX";
$my_url = "XXXXXX";
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state']."&scope=publish_stream,user_location,email";
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if (!$_POST) {
if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$_SESSION['access_token'] = $params['access_token'];
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
} else {
echo("The state does not match. You may be a victim of CSRF.");
}
}
Where's the problem?
I'm trying to find a solution for hours - without success. So I hope that maybe one of you can help me with this:
It seems like this script allways starts a new session - and I don't know why.
<?php
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE));
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state']. "&scope=publish_actions,publish_stream";
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$_SESSION['access_token'] = $params['access_token'];
}
else {
echo("Sessionstate: ".$_SESSION['state']."<br>");
echo("REQUEST_state: ".$_REQUEST['state']."<br>");
echo("Sessionstatus stimmt nicht mit dem REQUEST_State überein.");
var_dump ($_REQUEST);
exit;
}
?>
The session starts in an included file before this script is included with a regular:
session_start();
I tried to pass the "state" with
<form action="<?=$_SERVER['PHP_SELF'];?>?what=save&state=<?=$_SESSION['state'];?>" method="post" enctype="multipart/form-data">
from my index.php file.
Thanks for reading and for helping me.
Regards Christian.
Edit: Here's the link to the developer-blog: https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
You should only start a session when there is no session. Do you save the session?
<?php
if (!isset ($_COOKIE[ini_get('session.name')])) {
session_start();
}
?>
I am trying to get Facebook profile picture . I am using the following with my value in place of ######### . After running the PHP i get a message "Hello".
I want that i get my name also with it like "Hellow Aditya" along with my profile picture. what should i edit to get that ? Also would it be possible to save the profile picture on the sever itself?
<?php
$app_id = ###############;
$app_secret = "#################";
$my_url = "###################";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
You can get it this way:
http://graph.facebook.com/[USER ID]/picture
I want that users can authenticate through their fb account, and i tried their demo script:
$app_id = "*****";
$app_secret = "*****";
$my_url = "http://localhost/fb/fb.php";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = #file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
echo "$user->name";
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
The problem is that after a successful login only the "Hello" string is displayed, but my $user->name is not showed.
Even though this is official FB code (I didn't realize that at the start, sorry), I recommend you debug it to see what goes wrong.
Activate error reporting
Remove the # in front of all calls - it suppresses the output of errors
Look what address $graph_url contains and whether you can access it in your browser
See whether the call to $graph_url works out (output the result)
See whether the json_decode() works out (output the result)
if this is a global or Facebook issue, you may need to talk to Facebook about what is wrong with their demo code.
im trying to import "log in with facebook" opportunity to my website, im using http://developers.facebook.com/docs/authentication, but still can not make it work.
I register my website and have app id and app secret.
I have the following code in my login form:
<img src="images/fb-login-button.png" />
facebook.php file:
<?php
$app_id = 1000000000000;
$app_secret = "asdasdasdasd";
$my_url = "http://xxxx.xx/";
$code = $_REQUEST["code"];
if(empty($code)) {
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url);
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
$token_url = "https://graph.facebook.com/oauth/access_token?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret="
. $app_secret . "&code=" . $code;
$access_token = file_get_contents($token_url);
$graph_url = "https://graph.facebook.com/me?" . $access_token;
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
?>
It returns message "undefined index code" and I have no idea where and what to change.
Please, help!
The error you're getting is telling you that the "code" parameter you're looking for in the request:
$code = $_REQUEST["code"];
is not being submitted.. E.g. you either need to post "code" to the page or pass it via GET using facebook.php?code=something
To avoid running into errors when the parameter "code" is not sent, your code could look like:
if(!isset( $_REQUEST["code"] ) ) {
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url);
echo("<script> top.location.href='" . $dialog_url . "'</script>");
} else {
$code = $_REQUEST["code"];
}
Hope that helps..