how i can set a manage_pages permission of my application to a particular page only. Now my application get permission to manage all pages of fb user.. How i can restrict this and get permission to access a specific page only ?
I am using one simple authentication method.
$app_id = 'xxxxxxxxxxxxx';
$app_secret = 'xxxxxxxxxxxxxxxx';
$my_url = 'http://xxxxxxxxxxx.com/xxxx/facebook?client=params';
$code = $_REQUEST["code"];
//auth user
if(empty($code)) {
$dialog_url = 'https://www.facebook.com/dialog/oauth?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url).'&scope=offline_access,read_stream,publish_stream,manage_pages';
echo("<script>top.location.href='" . $dialog_url . "'</script>");
}
//get user access_token
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url)
. '&client_secret=' . $app_secret
. '&code=' . $code;
$access_token = file_get_contents($token_url);
am using the above code for authentication. when i try to print the $_REQUEST params, i couldnt find any variable names 'signed_request'. is any other method can we use with the above code..??
Unfortunately that's not possible. Very annoying but well.. it's facebook so there's nothing else to expect.
You should do this from your side. Facebook will send you the page id in the signed_request so you can verify the page and show/disable content:
<?php
if(!empty($_REQUEST["signed_request"])) {
$app_secret = "APP_SECRET";
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if (isset($data["page"])) {
echo $data["page"]["id"];
} else {
echo "Not in a page";
}
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
This code is taken from this answer. Just check the $data["page"]["id"] against the one you want.
Related
I'm trying to allow users to register on my web application via Facebook. As part of my normal registration users must supply their email address, and I need to include this as part of the Facebook registration.
I am using the code below, which works correctly, except it doesnt return the user email address as part of Facebook's response. I am aware I need to specifically "ask" for the email, but I'm confused where/how I do this in my code below?
I am also aware a user may choose to not supply their email address as part of the process, but I'm able to handle that.
// Grab our facebook details
$app_id = $this->config->item('fb_app_id');
$app_secret = $this->config->item('fb_secret_key');
$my_url = $this->config->item('fb_url');
session_start();
if(isset($_REQUEST["code"]))
{
$code = $_REQUEST["code"];
}
else
{
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if ((isset($_REQUEST['state'])) && (($_REQUEST['state'] == $_SESSION['state'])))
{
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=". $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
if ( ! empty($user))
{
// NO EMAIL HERE?!
$email = strtolower($user->email);
}
}
Looks like this has been asked before. The answer can be found here:
Facebook Graph API, how to get users email?
This code works for me...Hopefully it will work well for you also
define('FACEBOOK_APP_ID', 'YOUR_APP_ID_HERE');
define('FACEBOOK_SECRET', 'YOUR_APP_SECRET_HERE');
// No need to change function body
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
/*
echo "<pre>";
print_r($response);
echo "</pre>"; // Uncomment this for printing the response Array
*/
$email = $response["registration"]["email"];
I’ve just created a Facebook app, this is my first attempt and I followed Facebook developer’s documentation totally, while completing everything as stated I am stucked at this error while authorizing app:
An error occurred. Please try again later.
<?php
$app_id = '1603369454518730';
$app_secret = '511b194f6sdgg6eca7cc748d7be6d82d';
//$canvas_page = "http://apps.facebook.com/myapp";
$canvas_page = "http://myappweb.com/app/landhere.php";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri= " . urlencode($canvas_page);
//Requesting Signed Parameter:
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
//User Info. Variables:
try {
$userId = $data["user_id"];
} catch(Exception $e) {
echo $e -> getMessage();
echo "<br>";
}
if (!empty($data["user_id"])) {
if ($data['page']['liked']) {
echo "hello";
} else {
echo "like page";
}
} else {
echo("<script> top.location.href='" . $auth_url . "'</script>");
}
?>
Ive tried suggestion that I found in other threads such as checking app id and app secret, disabling sandbox. But none of this has worked yet for me. Kindly help me with this.
Thank you.
I'm not into coding too much, but kinda sorted it out.
Your canvas page should be the url of the page not your app url.
Also I tried using the following code and it works.
<?php
$app_id = "APP_ID";
$canvas_page = "CANVAS_PAGE";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page);
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo ("Welcome User: " . $data["user_id"]);
}
?>
If I'm not mistaken, (My interaction with the PHP SDK is minimal), you need to add a redirection url to which FB will return when authentication is complete, to acomplish that you will have to do two steps:
1) $auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page);
2) In you'r applications' page: https://developers.facebook.com/apps/app_id
press Edit and in "Select how your app integrates with Facebook"
select Website.
put in the URL the you'r http://apps.facebook.com/myapp.
good luck
I'm trying to make it so my facebook app is available in English and Japanese.
I tried using tags but could not get them to work:
http://developers.facebook.com/docs/internationalization/
I then thought I'd just make two versions of the app, one in English, the other in Japanese. When I open my app, the oauth permission dialog is shown. I approve the app and then it takes me to a page which keeps looping, producing a new $_GET['code'] each time. I then click on "facebook" at the top left hand corner of the screen. I then click on my app again and this time I can access it ok in English or Japanese. How can I stop the app looping the first time around? How can I go directly to the version of the app based on the users locale? Thanks
<?php
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$result = parse_signed_request($_REQUEST['signed_request'],"app_secret");
$locale = $result['user']['locale'];
$token = $result['oauth_token'];
if ($token != ""){
if ($locale == "ja_JP"){
if ($_SERVER['HTTPS']){
header("Location: https://secure.example.com/facebook/ja/index.php");
exit;
}
else {
header("Location: http://example.com/facebook/ja/index.php");
exit;
}
}
else{
if ($_SERVER['HTTPS']){
header("Location: https://secure.example.com/facebook/en/index.php");
exit;
}
else {
header("Location: http://example.com/facebook/en/index.php");
exit;
}
}
}
else {
if($_SERVER['HTTPS']){
$canvas_page = "https://secure.example.com/facebook/";
}
else {
$canvas_page = "http://example.com/facebook/";
}
$app_id = "my_app_id";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
echo("<script> top.location.href='" . $auth_url . "'</script>");
exit;
}
?>
You could put all your texts in a simple locale-based array. You first need to get the user's locale, then use it as a key
$loc["ja_JP"]["MyText"] = "My JP text";
$loc["en_US"]["MyText"] = "My US text";
$result = parse_signed_request($_REQUEST['signed_request'],"app_secret");
$locale = $result['user']['locale'];
echo $loc[$locale]["MyText"];
For resources (specific localized pictures for example), you could get the files in a locale-based directory.
Im trying to use this code to start building a simple facebook app but I cant seem to get to grips with the access token part so i can get the users birthday etc.
Can someone please take a look and let me know what im doing wrong :
<?php
$app_id = "*********";
$canvas_page = "https://apps.facebook.com/hotness-battle/";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . '&scope=email,user_birthday';
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id=200482573356726&redirect_uri=http://www.impact25.com/hotness-battle/&client_secret=*******&code='.$data['oauth_token'].'';
echo("<script> top.location.href='" . $token_url . "'</script>");
$uid = $data["user_id"];
$token = $data['oauth_token'];
$full_name = json_decode(file_get_contents('http://graph.facebook.com/'.$uid))->name;
$gender = json_decode(file_get_contents('http://graph.facebook.com/'.$uid))->gender;
$birthday = json_decode(file_get_contents('http://graph.facebook.com/'.$uid.'?access_token='.$token))->birthday;
echo $full_name;
echo '<br><br>';
echo $gender;
echo '<br><br>';
echo $token;
echo '<br><br>';
echo $cookie['access_token'];
}
Okay, obviously you just copied the above code from somewhere...here are a couple of tips:
Read the Canvas Tutorial
The second OAuth request is not needed ($token_url) since if the user authorized your app you'll have the access_token in the signed_request
Don't do multiple graph calls, one call will retrieve everything you need
Don't print the access_token to the user
Make secure calls to the graph ( https )
Here is a working code to get you started:
<?php
$app_id = "APP_ID";
$canvas_page = "https://apps.facebook.com/appnamespace";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . '&scope=email,user_birthday';
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
$uid = $data["user_id"];
$token = $data['oauth_token'];
$graph_url = 'https://graph.facebook.com/' . $uid . '?access_token=' . $token;
$user_info = json_decode(file_get_contents($graph_url));
$full_name = $user_info->name;
$gender = $user_info->gender;
$birthday = $user_info->birthday;
echo $full_name;
echo '<br><br>';
echo $gender;
echo '<br><br>';
echo $birthday;
echo '<br><br>';
}
I have problems with authorizing of the user in a facebook page tab. I have tried a lot of different methods in both PHP and Javascript without any luck at all basically.
If someone could explain this for me and show some code it would be great! I was thinking on to do the authorizing in PHP and then continue to grab some user-data width Javascript.
I also need to be able to let the user agree on the persmissions. so a popup for authorizing and permissions is what i need help with.
What do you think? Is there a better way?
Help with some code for this would as i said be great!
In order to know whether user already authenticated your app or not, decode signed_request and check if oauth_token is passed:
<?php
$secret='APP_SECRET';
$signed_request=($_REQUEST['signed_request']);
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;}
// check signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$information=parse_signed_request($signed_request, $secret);
$oauth_token=$information["oauth_token"];
?>
Then, use this script to get user authenticated if $oauth_token is empty:
<?php
$app_id = "APP_ID";
$canvas_page = "YOUR_TAB_URL";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=ENTER WANTED PERMISSIONS HERE";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($oauth_token)) {echo("<script> top.location.href='" . $auth_url . "'</script>");}
?>
Fill in APP_SECRET, APP_ID, YOUR_TAB_URL and WANTED PERMISSIONS in these scripts, cheers.