I have made an app as a Page Tab. I need to redirect to the facebook-app if someone opens the website url directly. For that, I need to check the content of the address bar and if it doesn't contain www.facebook.com inside it, I will redirect to the facebook-app url. But, the problem is that inside the facebook iframe I am unable to get the content of the address bar.
Can you please tell me a good way to enable redirect to the fb-app in case someone accesses my website url directly?
Probably the easiest way to achieve this, is to do next check in JavaScript:
if (window.top !== window){
window.location = 'http://facebook.com/YOUR_PAGE?sk=v_YOUR_APP_ID'
}
If you are wanting to redirect to a tab, a more complete way of doing this is checking for the 'page' parameter that is only sent through in the signed request for a page tab.
The reason being that only checking for the signed request will allow users to access your 520px tab app in a Facebook canvas (i.e. https://apps.facebook.com/yourapp which may not be what you want.
So for example
$fb = new Facebook( array(
'appId' => <your_app_id>,
'secret' => <your_app_secret>);
$sr = $fb -> getSignedRequest();
And then redirect the user as they hit the page
if (!($sr['page'])) {
die('<script>window.top.location = "<your_tab_url>"</script>');
};
Facebook posts a signed request parameter when you open an app in fanpage.
You can check if that parameter is null or not.
In php,
if(isset($_REQUEST["signed_request"]){
// Opened in facebook
}else{
//opened outside facebook.
}
In asp.net
if(Request.Form["signed_request"] !=null)
{
// Opened in facebook
}
else
{
// opened outside facebook.
}
Related
I am building a website that uses the php facebook libraries. At the beginning of every page I am checking to see if the user is logged into facebook or not (or trying to) with the $facebook->getLoginStatusUrl($params) function. The issue I have is that the only real way to check with that function is to have the user redirected to a page based on their statues (by directing them to the url given back by that function). I cant use file_get_contents or cURL because the URL returned by that function uses https. Is their anyway I can get the contents of that URL with a server-side method? Or is the absolute only way to do this with a redirect? I would much prefer not to make this a client side action (via Javascript). Any ideas?
You can use the facebook getUser() function to check if the user is logged and has given permisssions to your web. After that you can use getLoginUrl() or getLogoutUrl() to show the user the right button:
$user = $facebook->getUser();
if (!$user)
{
$loginUrl = $facebook->getLoginUrl(array(
'redirect_uri' => REDIRECT_URL,
'scope' => APP_PERMS,
'display' => 'page'
));
//do something with $loginUrl, for example:
echo 'Login with facebook';
}
else
{
//check that this user is still valid
$realUser = $facebook->api('me');
...
You can learn more about this functions in facebook docs:
https://developers.facebook.com/docs/reference/php/
Is their anyway I can get the contents of that URL with a server-side method?
That won’t help you, because it’s not your server that the client uses to log in to Facebook, but his browser.
And therefor the check if the user is logged in must happen in their browser – that’s why the browser gets redirected to Facebook, because this is the only way to read the cookies that are set under Facebook’s domain.
I would much prefer not to make this a client side action (via Javascript).
It already is kind of a client-side action, because of the redirect.
There is absolutely no way to have your server alone figure out if the user is logged in to Facebook in their browser.
I have made a facebook application
I have uploaded all my code on my server, so facebook can retrieve it from there.
All my code is in HTML, php and javascript.
When the user visits www.mywebsite.com/facebook/app they will go to my index.php file.
But if the user types in www.mywebsite.com/facebook/app/pictures/picture.jpg he will see the picture.
Now I want to make sure, this content only can be access through facebook.
So I want to redirect everybody who tries to enter www.mywebsite.com/facebook/app/..../ to my facebook application www.facebook.com/myapp
Is there any way to do this?
Thank you
While it is very unreliable you could use the $_SERVER['HTTP_REFERER'] variable in php to see if the user typed in the url directly in their browser. It will be empty if the user has typed in the url directly, but i believe it should be set if your page is embedded through facebook.
see http://www.electrictoolbox.com/php-http-referer-variable/ for more info
How I fixed it
// Saves the original URL
$Origin_URL = $_SERVER['HTTP_REFERER'];
// The original URL must also contain the word facebook
$face = "facebook";
// Checks if the URL contains 'facebook'
$contains = strpos($Origin_URL,$face);
// If the original url is empty or doesn't contain facebook
// the user will be redirected to the facebook site
if(Origin_URL == "" || $contains === false)
header("Location: www.facebook.com/website");
This is not bulletproof, so try toy with it a little :)
I am having an issue with the php Facebook sdk.
I have read many posts talking about the same kind of issues (Access token invalid, redirect loop etc...) but none could help.
Briefly, how my project is designed:
It is a Facebook application that is meant to run only with a user logged in Facebook.
Using the Yii Framework, I have created a Filter that is called every time a page is loaded, to ensure that the content is visible only by Facebook logged on users.
It should behave exactly like the application BranchOut on Facebook.
My issue, and how to reproduce it:
I logon to my application using the typical login process from Facebook (OAuth, access token)
I logout manually on the Facebook page, and then try to do a new action on my application
The filter checks if I am logged on Facebook, and because I am not, it redirects me to the Facebook login page.
After I login to Facebook again, I get the typical infinite loop between Facebook and my application's filter.
Here is the code of my filter:
$fb_logged = false;
try
{
$user = Yii::app()->facebook->getUser();
$me = Yii::app()->facebook->api('/me');
$fb_id = $me['id'];
$fb_logged = true;
}
catch (Exception $e)
{
$fb_logged = false;
}
if($fb_logged)
{
print_r($fb_id. ' has logged');
/* Check if user exists on MyApp
... */
}
// If user NOT logged on FB, send him to the FB login page
else
{
$loginUrl = Yii::app()->facebook->getLoginUrl(array(
'redirect_uri' => Yii::app()->getRequest()->getUrl() // I have tried many things here.
));
echo("<script> top.location.href='" . $loginUrl . "'</script>");
Yii::app()->end();
}
What is exactly happening is that after login on FB, the Filter is called again, because a request to the same URL is made. And at that point, the a call the api('/me') generates an exception, because it cannot find any valid access token, and starts looping on it.
I can add that my configuration is good (or seems to be), I have checked all my urls, domain name according to Facebook's app settings.
I have also tried many things like redirecting to a new specific URL, but anyway I need to use the filter as well because I want to make sure this is still the same user (or act consequently if the user has changed).
The only thing that works is to redirect the user to a page that has no Filter (no call to api("/me") is done). And then, clicking by hand to a new link in the application, and there the access token is found. And this is not the behavior I want.
I really hope someone can help me!
Thanks in advance.
After your new login attempt, you should get a new code in the URL that is redirect to. So look for that code parameter, and if it’s there, exchange it for a new access token.
Take a look at the yiiauth extension as well. It was posted just today, and with it you can log in with 29 different providers: Facebook, OpenID, Google, Twitter, Yahoo etc.
It uses the HybridAuth library and AFAICT it makes authentication very easy.
I have followed the facebook developer tutorial in order to do this to no avail.
Basically I need user to authorize my app from within a page tab.
I have used their recommended javascript to redirect the user on page load to redirect them to the oauth popup however when the app loads I just get the dreaded "sorry an error occurred"
The URL that is generated is "https://www.facebook.com/dialog/oauth/?client_id=247274355370447&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fnull%2F286793781401206%2F247274355370447&scope=email,user_about_me" so I can see my variables for both page_id and app_id are being passed in.
Here is my complete JS code
<script>
var oauth_url = 'https://www.facebook.com/dialog/oauth/';
oauth_url += '?client_id=<? echo $app_id;?>';
oauth_url += '&redirect_uri=' + encodeURIComponent('https://www.facebook.com/pages/null/<?php echo $page_id;?>/<?php echo $app_id;?>');
oauth_url += '&scope=email,user_about_me'
window.top.location = oauth_url;
</script>
I am having the same issue.
You should be able to do this.
The URL to redirect to after the user clicks a button in the dialog. The URL you specify must be a URL of with the same Base Domain as specified in your app's settings, a Canvas URL of the form hxxps://apps.facebook.com/YOUR_APP_NAMESPACE or a Page Tab URL of the form hxxps://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
This doesn't work for me. I still get the error saying the redirect_uri isn't owned by the user.
I would rather not have to add a page on my site to redirect them back to the site but its seems the correct way does not work.
The easiest fix i have found at the moment is to set the redirect_uri back to a page on my domain. The same domain as the page_tab content is loaded from.
e.g. My page tab loads hxxp://example.com/ so set the redirect_uri to hxxp://example.com/redirect.php
in redirect.php use the follow code
<script>
window.top.location = "{YOUR_FACEBOOK_PAGE_TAB_URL}";
</script>
I recommend using the FB.login() function if you want the user to remain on your Page Tab App after authorization. You can do so with this code:
FB.login(function(response) {
if (response.authResponse) {
// do something with newly authorized user
} else {
console.log('User cancelled login or did not fully authorize.');
}
}, {scope:'PERMISSION_1', 'PERMISSION_2'});
It will open the dialog in an iframe, and trigger the callback after they have submitted or cancelled the authorization.
This solution is using the javascript SDK.
I think this might be because you are trying to redirect them back to facebook.com, so it doesn't see this as valid url for your application. You would need to redirect to a page on your own site, and then if need be redirect them from there back to the actual facebook page app tab
When I try to use ['signed_request'] in PHP, I can't get [page][liked] / Page ID value.
I only can get [algorithm], [issued_at], [user], [country], [locale], [age] values from ['signed_request'].
I have created "users_like" Permission in the App's Auth Dialog page. I have set up a Canvas page.
Please help me find out the problem and solution.
P.S. I want to set up a landing page which can check the user whether like it or not.
// create the Facebook Graph SDK object
require_once('facebook.php');
$facebook = new Facebook(array(
'appId'=>'xxxxxxxx', // replace with your value
'secret'=>'xxxxxxxx' // replace with your value
));
$signedRequest = $facebook->getSignedRequest();
// Inspect the signed request
if($signedRequest['page']['liked'] == 1){ //Do your stuff here }
That is all that's required, you don't need any permissions.
EDIT: Also, make sure that you are actually trying to access a page, not, for example, an app canvas.