I'm trying to make it so my facebook app is available in English and Japanese.
I tried using tags but could not get them to work:
http://developers.facebook.com/docs/internationalization/
I then thought I'd just make two versions of the app, one in English, the other in Japanese. When I open my app, the oauth permission dialog is shown. I approve the app and then it takes me to a page which keeps looping, producing a new $_GET['code'] each time. I then click on "facebook" at the top left hand corner of the screen. I then click on my app again and this time I can access it ok in English or Japanese. How can I stop the app looping the first time around? How can I go directly to the version of the app based on the users locale? Thanks
<?php
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$result = parse_signed_request($_REQUEST['signed_request'],"app_secret");
$locale = $result['user']['locale'];
$token = $result['oauth_token'];
if ($token != ""){
if ($locale == "ja_JP"){
if ($_SERVER['HTTPS']){
header("Location: https://secure.example.com/facebook/ja/index.php");
exit;
}
else {
header("Location: http://example.com/facebook/ja/index.php");
exit;
}
}
else{
if ($_SERVER['HTTPS']){
header("Location: https://secure.example.com/facebook/en/index.php");
exit;
}
else {
header("Location: http://example.com/facebook/en/index.php");
exit;
}
}
}
else {
if($_SERVER['HTTPS']){
$canvas_page = "https://secure.example.com/facebook/";
}
else {
$canvas_page = "http://example.com/facebook/";
}
$app_id = "my_app_id";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
echo("<script> top.location.href='" . $auth_url . "'</script>");
exit;
}
?>
You could put all your texts in a simple locale-based array. You first need to get the user's locale, then use it as a key
$loc["ja_JP"]["MyText"] = "My JP text";
$loc["en_US"]["MyText"] = "My US text";
$result = parse_signed_request($_REQUEST['signed_request'],"app_secret");
$locale = $result['user']['locale'];
echo $loc[$locale]["MyText"];
For resources (specific localized pictures for example), you could get the files in a locale-based directory.
Related
I'm trying to allow users to register on my web application via Facebook. As part of my normal registration users must supply their email address, and I need to include this as part of the Facebook registration.
I am using the code below, which works correctly, except it doesnt return the user email address as part of Facebook's response. I am aware I need to specifically "ask" for the email, but I'm confused where/how I do this in my code below?
I am also aware a user may choose to not supply their email address as part of the process, but I'm able to handle that.
// Grab our facebook details
$app_id = $this->config->item('fb_app_id');
$app_secret = $this->config->item('fb_secret_key');
$my_url = $this->config->item('fb_url');
session_start();
if(isset($_REQUEST["code"]))
{
$code = $_REQUEST["code"];
}
else
{
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if ((isset($_REQUEST['state'])) && (($_REQUEST['state'] == $_SESSION['state'])))
{
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=". $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
if ( ! empty($user))
{
// NO EMAIL HERE?!
$email = strtolower($user->email);
}
}
Looks like this has been asked before. The answer can be found here:
Facebook Graph API, how to get users email?
This code works for me...Hopefully it will work well for you also
define('FACEBOOK_APP_ID', 'YOUR_APP_ID_HERE');
define('FACEBOOK_SECRET', 'YOUR_APP_SECRET_HERE');
// No need to change function body
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
/*
echo "<pre>";
print_r($response);
echo "</pre>"; // Uncomment this for printing the response Array
*/
$email = $response["registration"]["email"];
how i can set a manage_pages permission of my application to a particular page only. Now my application get permission to manage all pages of fb user.. How i can restrict this and get permission to access a specific page only ?
I am using one simple authentication method.
$app_id = 'xxxxxxxxxxxxx';
$app_secret = 'xxxxxxxxxxxxxxxx';
$my_url = 'http://xxxxxxxxxxx.com/xxxx/facebook?client=params';
$code = $_REQUEST["code"];
//auth user
if(empty($code)) {
$dialog_url = 'https://www.facebook.com/dialog/oauth?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url).'&scope=offline_access,read_stream,publish_stream,manage_pages';
echo("<script>top.location.href='" . $dialog_url . "'</script>");
}
//get user access_token
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url)
. '&client_secret=' . $app_secret
. '&code=' . $code;
$access_token = file_get_contents($token_url);
am using the above code for authentication. when i try to print the $_REQUEST params, i couldnt find any variable names 'signed_request'. is any other method can we use with the above code..??
Unfortunately that's not possible. Very annoying but well.. it's facebook so there's nothing else to expect.
You should do this from your side. Facebook will send you the page id in the signed_request so you can verify the page and show/disable content:
<?php
if(!empty($_REQUEST["signed_request"])) {
$app_secret = "APP_SECRET";
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if (isset($data["page"])) {
echo $data["page"]["id"];
} else {
echo "Not in a page";
}
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
This code is taken from this answer. Just check the $data["page"]["id"] against the one you want.
I have problems with authorizing of the user in a facebook page tab. I have tried a lot of different methods in both PHP and Javascript without any luck at all basically.
If someone could explain this for me and show some code it would be great! I was thinking on to do the authorizing in PHP and then continue to grab some user-data width Javascript.
I also need to be able to let the user agree on the persmissions. so a popup for authorizing and permissions is what i need help with.
What do you think? Is there a better way?
Help with some code for this would as i said be great!
In order to know whether user already authenticated your app or not, decode signed_request and check if oauth_token is passed:
<?php
$secret='APP_SECRET';
$signed_request=($_REQUEST['signed_request']);
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;}
// check signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$information=parse_signed_request($signed_request, $secret);
$oauth_token=$information["oauth_token"];
?>
Then, use this script to get user authenticated if $oauth_token is empty:
<?php
$app_id = "APP_ID";
$canvas_page = "YOUR_TAB_URL";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=ENTER WANTED PERMISSIONS HERE";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($oauth_token)) {echo("<script> top.location.href='" . $auth_url . "'</script>");}
?>
Fill in APP_SECRET, APP_ID, YOUR_TAB_URL and WANTED PERMISSIONS in these scripts, cheers.
In an iframe .php app, how to detect itself is in a Page mode or in the Canvas mode? Thanks!
Reading the documentation:
Facebook will always send a signed_request (for canvas and page urls)
If it's a page, Facebook will add an extra parameter called page
so based on this, you could do something like:
<?php
if( isset($_REQUEST['signed_request']) ) {
// We are in Canvas or Page now
// Let's extract the data from the signed_request
// to check if we are inside a Facebook Page
$app_secret = "APP_SECRET";
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if( isset($data["page"]) ) {
echo "Page";
} else {
echo "Canvas";
}
} else {
echo "None, or something went wrong!";
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
I also had to add website in the criteria. This is my Yii code
if(empty($_POST['signed_request']) === false)
$signedRequest = Yii::app()->fb->getSignedRequest();
if(isset($signedRequest['page']))
$this->layout = 'tab';
else if(isset($signedRequest['user']) && ! isset($signedRequest['page']))
$this->layout = 'canvas';
else
$this->layout = 'website';
Thanks to #ifaour solution;
I had to modify it to get it work;
This what worked for me;
I noticed that signed request is only sent when site is loaded under canvas; but when direct access then no signed request is sent.
So I ended using this code:
if( !isset($_SESSION['signed_request']) && empty($_SESSION['signed_request']) ) {
exit("direct access not allowed.");
}
else
{
// echo 'Canvas';
// continue script
}
How would I take the results of the Facebook Registration Plugin and email it to myself?
Well, you should post what you have got so far..anyway, as described in the documentation:
The data is passed to your application
as a signed request. The
signed_request parameter is a simple
way to make sure that the data you're
receiving is the actual data sent by
Facebook.
So you need to specify the redirect_uri and then process/extract the data you want from the signed_request and email it with the method you are using. How to process the data is described in the bottom of the document I linked above:
<?php
define('FACEBOOK_APP_ID', 'your_app_id');
define('FACEBOOK_SECRET', 'your_app_secret');
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
echo '<p>signed_request contents:</p>';
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
echo '<pre>';
print_r($response);
echo '</pre>';
} else {
echo '$_REQUEST is empty';
}
?>
So instead of the print_r and echo functions, send the fields you want!