How to make only https facebook app?
Couse this code:
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if(empty($data["page"]["liked"]))
work in only https.
Thanks for answer.
Only put a HTTPS/secure url in the Application (Canvas or App) Settings.
Leave the Canvas URL blank. And the Secure Canvas URL Populated.
In addition you can configure your server to Redirect Non HTTP Requests to HTTPS so your Application only servers over HTTPS.
-- Additional
Given your code only works over HTTPS it seems requests to HTTP are being redirected to HTTPS which in my experience tends to drop $_POST'ed data during the redirect as is the case when Facebook loads your App.
Which is why your code trips up because the $_REQUEST is blank/signed_request is missing.
Related
I have a problem..
I try wrote program like as facebook page tab app.
I must use session for remember signed_request.
But issue is that Safari do not remember session.
Program is:
$facebook = new Facebook($config);
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/'), true),true);
$op=True;
}else {
$op=False;
}
if($op)
{
$_SESSION['liked']=$signed_request['page']['liked'];
$_SESSION['admin']=$signed_request['page']['admin'];
}else{
$url="PAGEAPP URL";
echo("<script> top.location.href='" . $url . "'</script>");
exit();
}
Safari does not allow cross domain cookies.
As the main page is of the domain Facebook.com and your iframe domain differs, Safari will not process cookies inside the iFrame.
Although there are workarounds for other browsers, and at one point there was a workaround for Safari, it seems Apple closed this loophole.
http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/
Setting cross-domain cookies in Safari
Although I can't see your full code & scenario, I would suggest you avoid using sessions, and always query the Facebook API to check for the 'liked' & 'admin' flags.
If a user's admin privileges were revoked, or a user disliked the page, then your SESSION variables would become out of sync (unless you are constantly updating your SESSION variables).
Check if a user liked the page:
How to check if current facebook user like a page using PHP SDK?
Check if a user is an admin:
How to get if a user is admin of a page (isAdmin) using the Facebook Graph API?
I have configured a URL for the deauthorize callback but I don't know what do you have to place inside that file and it's not being called.
How do you handle this?
How do you handle and the user acceses for the first time the app and clicks cancel, and how do you handle the removal of the app once the user has "accepted" it on its profile.
Thanks.
I know its an old question, but i had the same issue as you, and found it rather hard to solve, so here is one possible solution for others with the same problem:
Put the code below in your deauth file (it is very simple and should be adjusted, but does the job)
$signed_request = $_REQUEST['signed_request'];
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig); // Use this to make sure the signature is correct
$data = json_decode(base64_url_decode($payload), true);
$user_id = $data['user_id'];
Now you have the userid, and can do whatever you want with it.
Hope this will help :)
I have an application on facebook that has worked for a month, but now I get the page in the application blank to enter it.
The application using the debugger get the error 803:
"Error":
"Message": "(# 803) Some of the aliases you do not exist Requested: bloggsamigos"
"Type": "OAuthException"
"Code": 803
If acceds directly see the message "the application is blocked because of problems with an external programmer."
What confuses me is that it has worked perfectly and I have not touched anything.
The application shows some pictures coming out of a query to a database hosted on the same domain. It's a blog of images. I have an administrator outside of facebook online application and show these images run from the administrator.
in index.php page, I control the user has the "like" activated to display a page or other. my code is this:
require 'src/facebook.php';
$config = array();
$config['appId'] ="xxxxxxxxxxxxxxx";
$config['secret'] = "xxxxxxxxxxxxxxxxxxxxxxxxxxx";
$facebook = new Facebook($config);
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/'), true),true);
} else { echo "ERROR"; }
$lied = $signed_request['page']['liked'];
if ($signed_request['page']['liked']) {
include("fan.php");
}
else {
include("nofan.php");
}
configuration data are:
Namespace App --> bloggsamigos
Site URL --> with (http://www) mahesoblogsamigos.com/
Site Domain --> with (http://www) mahesoblogsamigos.com
Work Page --> with (http://) apps.facebook.com/bloggsamigos/
URL of the canvas --> with (https://) ssl15.ovh.net/~mahesobl/
Secure URL Canvas --> with (https://) ssl15.ovh.net/~mahesobl/
Canvas FBML / iframe --> iframe
I'm desperate, I tried many things, I wanted information, I sent emails to facebook, but I can not help. You can help me, please! I'll be very grateful.
Try changing the namespace to something else...
http://graph.facebook.com/bloggsamigos shows: "(#803) Some of the aliases you requested do not exist: bloggsamigos" meaning that facebook is not able to figure out what application that namespace matches with. Chances are something got messed up on Facebook's side.
If you really want that namespace, you may be able to change it to something else and then change it back to that to hopefully get it to record the information correctly.
You can also try filing a bug at http://developers.facebook.com/bugs but don't be surprised if you have to wait for weeks or months for a response.
Going to http://apps.facebook.com/bloggsamigos/ also shows a message saying "The app "Bloggs Amigos" is temporarily unavailable due to an issue with its third-party developer. We are investigating the situation and apologize for any inconvenience." However, that could mean almost anything.
Seems like Facebook changed a lot of things recently. I would like to know how to show a custom page if the user has not liked the Fan page. If the user likes the page I will show them the Fan page wall. How to do this? I searched around but seems like Facebook reinvented itself.
Thanks.
You should be able to change what a visitor sees in your page settings...
manage permissions
- default landing tab ( pick your page here )
also -
I created this php script that shows like and non-like content to users.
Tutorial / Example
http://www.drewdahlman.com/meusLabs/?p=100
GIT Project
https://github.com/DrewDahlman/FBVersion
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {
//User is not a fan
}
Source: Determine If The User Likes (Fan Of) Your Facebook Page When Landing On Your Page Tab
I am writing an application in Facebook that is meant to be shown through a page tab on my own business page. I need to interact with the viewing user, thus I require extended rights.
I've followed the suggested procedure but have now hit a wall. My application sits in an iFrame and the request for extended rights uses redirection. I can get the page where you need to confirm authorization but when you click allow, Facebook redirects to the page where my application is hosted instead of back to my Facebook page tab. Once the proper rights have been authorized, the rest of the application works fine so I know it's just a problem with redirection but I feel like I've tried everything and not a lot of people seem to have had the same problem. I would love if anyone could point me in the right direction.
Thank you!
Here's my code:
$app_id = "myappid";
$canvas_page = "http://wheremyappishosted/";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$user_id = $data["user_id"];
$access_token = $data['oauth_token'];
if (empty($data["user_id"])) {
$auth_url = "https://graph.facebook.com/oauth/authorize?client_id=".$app_id."&redirect_uri=".urlencode($canvas_page)."&scope=user_photos,friends_photos,publish_stream,user_likes";
die("<script> top.location.href='" . $auth_url . "'</script>");
}
$f = json_decode(file_get_contents("https://graph.facebook.com/".$user_id."?access_token=".$access_token."&fields=name,albums,likes"), true);
For those interested, I believe I have found a way to circumvent this. Instead of redirecting the user back to the application, I redirect them to a small script which then redirects back to the page tab. Since the app has already been authorized, everything works and the signed_request gets passed along with the user infos. I don't know if it's really the legit way to go but it works.
Please set redirect variable to your the targeted page :
$redirect = "http://foo.com";
Set redirect_uri to "http[s]://apps.facebook.com/YOUR_APP/" instead of "http[s]://apps.facebook.com/YOUR_APP". Note the trailing slash!
I have figured out that using javascript sdk is much better choice when unsolved redirect issues arise using server scripts, implement this small test and you will figure out that most things happen using lightbox i.e. above your app. which keeps the app page intact.
https://developers.facebook.com/docs/facebook-login/getting-started-web/