I have a file named fbmain.php which will authenticate the user.
<?php
//set facebook application id, secret key and api key here
$fbconfig['appid' ] = "MY_APP_ID";
$fbconfig['secret'] = "MY_APP_SECRET";
$uid = null; //facebook user id
try{
include_once "facebook.php";
}catch(Exception $o){
echo '<pre>';
print_r($o);
echo '</pre>';
}
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'cookie' => true,
));
//Facebook Authentication part
$session = $facebook->getSession();
//Get permission from user
$loginUrl = $facebook->getLoginUrl(
array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'email,publish_stream,status_update'
)
);
if (!$session) {
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
exit;
}
if ($session) {
try {
$uid = $facebook->getUser();
} catch (FacebookApiException $e) {
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
exit;
}
}
//signed_request part
$signed_request = $_REQUEST['signed_request'];
$secret = $fbconfig['secret'];
$data = parse_signed_request($signed_request, $secret);
$fan_page_id = $data['page']['id'];
$admin_check = $data['page']['admin'];
$like_check = $data['page']['liked']; //New
//Get fan page id
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
I have included fbmain.php file to my index.php file and access user data.
Then later I wanted to access user birthday.So I added 'user_birthday' permission references to the fbmain.php file.code is given bellow
//Get permission from user
$loginUrl = $facebook->getLoginUrl(
array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'email,publish_stream,status_update,user_birthday'
)
);
code of the index.php file is given bellow,
<?php
//index.php file
include_once "fbmain.php";
$me = $facebook->api('/me');
$_SESSION['id'] = $me['id'];
$_SESSION['name'] = $me['name'];
$_SESSION['link'] = $me['link'];
$_SESSION['email'] = $me['email'];
if($me['birthday'] == null){ ?>
<script>
top.location = 'http://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=MY_REDIRECT_URL&scope=user_birthday';
</script>
<?php }else{ ?>
//Some other codes
<?php } ?>
I redirect user to permission window requesting user's birthday if $me['birthday'] returns null value. I had to add this part since I added user_birthday to the scope of permission references later.
This works for some users and display 'Request for Permission' window asking to access user's birthday.
But for some users it display a facebook error message(It may since I try to access user's birthday before display 'Request for Permission' window : $me['birthday']==null)
Can anyone tell me a proper way to get the re-permission from user to access user birthday?
Note that this problem occurs only for users those who have already authenticated in my app
You know facebook changed the parameter for the permissions from req_perms to scope in getLoginUrl() function. Try scope, may be it works.
https://github.com/facebook/php-sdk/issues/381
I don't understand php...bt check FB.ui
https://developers.facebook.com/docs/reference/dialogs/oauth/
Here you have oAuth dialog to ask for user permision.
You can use scope params for you requesting permission.
this is code for you want to replace
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email,publish_stream,user_birthday',
)
);
if you these this code ,your visitor who visit first time this code request full permision ,and already authendicate for other permisions user comes to this page it request only for birthday permisions .
you not need to use
if($me['birthday'] == null){ ?>
<script>
top.location = 'http://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=MY_REDIRECT_URL&scope=user_birthday';
</script>
<?php }else{ ?>
//Some other codes
Related
Is there some limitation with Fat Free Framework when we try to output the page into facebook tab?
I already try it with this below code, and unfortunately in the facebook tab iframe always empty blank page.
<?php
$f3=require('app/lib/base.php');
require_once 'app/lib/fb/facebook.php';
$f3->route('GET /',
function() {
echo 'Hello';
}
);
$f3->route('GET /landing',
function() {
$app_id = 'xxxx';
$secret_key = 'yyyy';
$page_id = 'zzzz';
$config = array(
'appId' => $app_id,
'secret' => $secret_key
);
$fb = new Facebook($config);
$fbdata = $fb->getSignedRequest();
$fbInPage = false;
if(!empty($fbdata) && is_array($fbdata)
&& !empty($fbdata['page']) && is_array($fbdata['page'])
&& !empty($fbdata['page']['id'])
) {
$fbInPage = $fbdata['page']['id'];
}
// Check if user not in fb tab
if(!$fbInPage) {
// Redirect to facebook tab
echo '<script>window.location.href="https://www.facebook.com/'.
$page_id.
'?sk=app_'.
$app_id.
'"</script>';
exit;
}
// Get User ID
$user = $fb->getUser();
// Check if user not connected to facebook
if ($user) {
try {
$user_data = $fb->api("/me");
} catch (FacebookApiException $e) {
$user_data = null;
}
} else {
// Asking permission for email and user_likes
$fb_login_url = $fb->getLoginUrl(array(
'scope' => 'email, user_likes'
));
echo '<script>top.location.href = "'.$fb_login_url.'"</script>';
exit;
}
}
);
$f3->run();
First when user try to access GET /landing it will redirect to facebook tab and show the page GET /. But somehow it always return empty page, already inspect it with firebug on firefox and there is no error, on the response tab always shows Reload the page to get source for: https://localhost/f3-fb/. Already try it with my office framework and works perfectly.
If anybody ever get this problem please advise.
The problem is in XFRAME, on default F3 set the XFRAME value as SAME-ORIGIN, based on this doc, developer must overload the value with ALLOW-FROM uri.
Here is the full code for index.php:
<?php
$f3=require('app/lib/base.php');
require_once 'app/lib/fb/facebook.php';
$f3->set('XFRAME', 'ALLOW-FROM https://localhost/f3-fb/');
$f3->route('POST /',
function() {
echo 'Hello';
}
);
$f3->route('GET /landing',
function() {
$app_id = 'xxxx';
$secret_key = 'yyyy';
$page_id = 'zzzz';
$config = array(
'appId' => $app_id,
'secret' => $secret_key
);
$fb = new Facebook($config);
$fbdata = $fb->getSignedRequest();
$fbInPage = false;
if(!empty($fbdata) && is_array($fbdata)
&& !empty($fbdata['page']) && is_array($fbdata['page'])
&& !empty($fbdata['page']['id'])
) {
$fbInPage = $fbdata['page']['id'];
}
// Check if user not in fb tab
if(!$fbInPage) {
// Redirect to facebook tab
echo '<script>window.location.href="https://www.facebook.com/'.
$page_id.
'?sk=app_'.
$app_id.
'"</script>';
exit;
}
// Get User ID
$user = $fb->getUser();
// Check if user not connected to facebook
if ($user) {
try {
$user_data = $fb->api("/me");
} catch (FacebookApiException $e) {
$user_data = null;
}
} else {
// Asking permission for email and user_likes
$fb_login_url = $fb->getLoginUrl(array(
'scope' => 'email, user_likes'
));
echo '<script>top.location.href = "'.$fb_login_url.'"</script>';
exit;
}
}
);
$f3->run();
Add the config $f3->set('XFRAME', 'ALLOW-FROM https://localhost/f3-fb/'); to allow this url inside on facebook iframe.
And always use POST for the route inside the facebook iframe (still don't know why must using that with F3, but it will occur the error and asking for POST route)
index.php
<?php
//facebook application
$fbconfig['appid'] = "32##########";
$fbconfig['secret'] = "ca2dc#############";
$fbconfig['baseurl'] = "http://localhost/sbs/fblogin/index.php";
//
if (isset($_GET['request_ids'])) {
//user comes from invitation
//track them if you need
}
//facebook user uid
try {
include_once "src/facebook.php";
}
catch (Exception $o) {
error_log($o);
}
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'baseurl' => $fbconfig['baseurl'],
'cookie' => true
));
//Facebook Authentication part
$user = $facebook->getUser();
// We may or may not have this data based
// on whether the user is logged in.
// If we have a $user id here, it means we know
// the user is logged into
// Facebook, but we don’t know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
$loginUrl = $facebook->getLoginUrl(array(
'scope' => 'email,offline_access,publish_stream,user_birthday,user_location,user_work_history,user_about_me,user_hometown,user_photos ,user_work_history'
));
$logoutUrl = $facebook->getLogoutUrl();
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
}
catch (FacebookApiException $e) {
//you should use error_log($e); instead of printing the info on browser
// d is a debug function defined at the end of this file
$user = null;
}
}
//if user is logged in and session is valid.
if ($user) {
//get user basic description
$userInfo = $facebook->api("/$user?fields=picture,name,email,gender,birthday");
//$pic = $facebook->api("/$user/pictures");
$profile = json_encode($userInfo);
$res = json_decode($profile, true);
$_SESSION['name'] = $res['name'];
$_SESSION['email'] = $res['email'];
$_SESSION['id'] = $res['id'];
$_SESSION['gender'] = $res['gender'];
$_SESSION['birthday'] = $res['birthday'];
$_SESSION['img'] = $res['picture']['data']['url'];
$_SESSION['auth_type'] = "facebook";
if (isset($_COOKIE['registration']) && $_COOKIE['registration'] == true) {
header("location:../sbs/registration.php");
} else {
header("location:../sbs/sbs_login.php");
}
}
?>
For the 1st time I am working on the Facebook app. I have made app on the Facebook developer. It's working properly but it is not redirecting me in the index.php. I want to redirect it in this page only so all the values are stored in the session and I am checking it if the cookies is made then this value is going to registration.php and if not then its going to sbs_login.php. Please can anybody tell where to give the redirect url?
$loginUrl = $facebook->getLoginUrl(array(
'baseurl' => $fbconfig['baseurl'],
'scope' => 'email,offline_access,publish_stream,user_birthday,user_location,user_work_history,user_about_me,user_hometown,user_photos ,user_work_history'
));
I find the solution of my problem . so this is the solution
$loginUrl = $facebook->getLoginUrl(array(
'baseurl' => $fbconfig['baseurl'],
'scope' => 'email,offline_access,publish_stream,user_birthday,user_location,user_work_history,user_about_me,user_hometown,user_photos ,user_work_history'
i am using the following code to get the access_token
<?php
//include the Facebook PHP SDK
include_once 'facebook.php';
//instantiate the Facebook library with the APP ID and APP SECRET
$facebook = new Facebook(array(
'appId' => 'REPLACE WITH APP ID',
'secret' => 'REPLACE WITH APP SECRET',
'cookie' => true
));
//Get the FB UID of the currently logged in user
$user = $facebook->getUser();
//if the user has already allowed the application, you'll be able to get his/her FB UID
if($user) {
//start the session if needed
if( session_id() ) {
} else {
session_start();
}
//do stuff when already logged in
//get the user's access token
$access_token = $facebook->getAccessToken();
//check permissions list
$permissions_list = $facebook->api(
'/me/permissions',
'GET',
array(
'access_token' => $access_token
)
);
//check if the permissions we need have been allowed by the user
//if not then redirect them again to facebook's permissions page
$permissions_needed = array('publish_stream', 'read_stream', 'offline_access', 'manage_pages');
foreach($permissions_needed as $perm) {
if( !isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1 ) {
$login_url_params = array(
'scope' => 'publish_stream,read_stream,offline_access,manage_pages',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
header("Location: {$login_url}");
exit();
}
}
//if the user has allowed all the permissions we need,
//get the information about the pages that he or she managers
$accounts = $facebook->api(
'/me/accounts',
'GET',
array(
'access_token' => $access_token
)
);
//save the information inside the session
$_SESSION['access_token'] = $access_token;
$_SESSION['accounts'] = $accounts['data'];
//save the first page as the default active page
$_SESSION['active'] = $accounts['data'][0];
//redirect to manage.php
header('Location: manage.php');
} else {
//if not, let's redirect to the ALLOW page so we can get access
//Create a login URL using the Facebook library's getLoginUrl() method
$login_url_params = array(
'scope' => 'publish_stream,read_stream,offline_access,manage_pages',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
//redirect to the login URL on facebook
header("Location: {$login_url}");
exit();
}
?>
But it is not getting back to my redirect URL, Firefox shows the following error
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept
cookies.
You can put login and auth process in another file like login.php
And then when you need to authenticate, then use include_once "login.php"; from your app.
Replace your-app-namespace.
<?php
//login.php
require 'lib/facebook.php';
require 'lib/fbconfig.php';
if (isset($_GET['code'])){
header("Location:http://apps.facebook.com/your-app-namespace");
exit;
}
$user=null;
//Facebook Authentication part
$user = $facebook->getUser();
// We may or may not have this data based
// on whether the user is logged in.
// If we have a $user id here, it means we know
// the user is logged into
// Facebook, but we don’t know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email,read_mailbox,publish_stream,user_birthday,user_location,read_stream,user_work_history,user_about_me,user_hometown'
)
);
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
//you should use error_log($e); instead of printing the info on browser
d($e); // d is a debug function defined at the end of this file
$user = null;
}
}
if (!$user) {
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
exit;
}
//get user basic description
$userInfo = $facebook->api("/$user");
function d($d){
echo '<pre>';
print_r($d);
echo '</pre>';
}
?>
Instead of using
//redirect to the login URL on facebook
header("Location: {$login_url}");
Try using :
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
I have read and tried to implement the scores system on the Facebook API almost word for word but am getting and getting an error
{"error":{"message":"Unsupported post
request.","type":"GraphMethodException"}}
So far no one has answered the solution to this problem, maybe I am doing some thing wrong. I am now re wording the question as to how other have managed to do it with code examples.
I would like to thank you in advance for you efforts in helping me.
The index.php has the following
require_once 'facebook.php';
$fbAppId = 'APPID';
$fbSecret = 'FBSECRET';
$fbCanvasUrl = 'CANVASURL';
// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
'appId' => $fbAppId,
'secret' => $fbSecret,
));
// Get User ID
$user = $facebook->getUser();
// Redirect to the canvas url if we're authorized and logged in
// You can also use $_REQUEST['signed_request'] for this
if($_GET['code']) {
echo "<script>top.location.href='".$fbCanvasUrl."'</script>";
exit;
}
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
else {
$loginUrl = $facebook->getLoginUrl();
echo "<script>top.location.href='".$loginUrl."'</script>";
exit;
}
It also includes the javascript
<script type="text/javascript">
window.fbAsyncInit = function() {
FB.init({appId: '<?=$fbAppId?>', status: true, cookie: true, xfbml: true,oauth: true});
};
(function() {
var ts = new Date().getTime();
var e = document.createElement("script");
e.type = "text/javascript";
e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js?ts='+ts;
e.async = true;
document.getElementById("fb-root").appendChild(e);
}());
</script>
So.... The index.php initiates everything, I have a Javascript file that will play the game and set a cookie with the score and the following php file picks up the cookie and sets the score....
<?php
require_once('facebook.php');
$config = array(
'appId' => 'APPID',
'secret' => 'SECRET',
);
$facebook = new Facebook($config);
$app_id = 'APPID';
$app_secret = 'SECRET';
$canvas_page_url = 'CANVASURL';
// Get the User ID
$signed_request = parse_signed_request($_POST['signed_request'],
$app_secret);
$uid = $signed_request['user_id'];
// Get an App Access Token
$token_url = 'https://graph.facebook.com/oauth/access_token?'
. 'client_id=' . $app_id
. '&client_secret=' . $app_secret
. '&grant_type=client_credentials';
$token_response = file_get_contents($token_url);
$params = null;
parse_str($token_response, $params);
$app_access_token = $params['access_token'];
//Get Score **************
if(isset($_COOKIE['Sscore']))
$cscore = $_COOKIE['Sscore'];
else
exit;
$score=$cscore;
// POST a user score
//print('Publish a User Score<br/>');
$score_URL = 'https://graph.facebook.com/' . $uid . '/scores';
$score_result = https_post($score_URL,
'score=' . $score
. '&access_token=' . $app_access_token
);
printf('<br/>%s<br/>',$score_result);
function https_post($uri, $postdata) {
$ch = curl_init($uri);
// curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
I have developed a Facebook application that runs inside an iframe in the Facebook canvas. For it to work properly I request extended permissions from the user. If the user hasn't authorized the application I send him/her to a login page with the getLoginUrl() method in the PHP SDK.
It works, but it's not pretty. The method sends the user to a landing page before the authentication page. It looks like this:
When I click "Go to Facebook.com" I see the actual page for permission requests (I also get right to the permissions page if I print the url, copy it and enter it into a new browser window). How do I make Facebook skip this step when I do the redirect from an Iframe?
My code looks like this (using CodeIgniter and Facebook PHP SDK):
$this->facebook = new Facebook(array(
'appId' => '{MY_APP_ID}',
'secret' => '{MY_SECRET}',
'cookie' => TRUE,
'domain' => $_SERVER['SERVER_NAME']
));
$this->facebook->getSession();
try {
$this->me = $this->facebook->api('/me');
}
catch (FacebookApiException $e) {
$this->me = NULL;
}
if ( is_null($this->me) ) {
redirect($this->facebook->getLoginUrl(array(
'req_perms' => 'offline_access,read_stream,publish_stream,user_photos,user_videos,read_friendlists',
'next' => $this->config->item('base_url').'fblogin.php?redirect_uri='.$this->uri->uri_string()
)));
}
I think you need to redirect the parent frame (i.e. _top) rather than the iFrame itself?
The way I do it is set up an INDEX.PHP file with the following
//if user is logged in and session is valid.
if ($fbme){
//fql query example using legacy method call and passing
parameter
try{
$fql = "select name, hometown_location, sex,
pic_square from user where uid=" .
$uid;
$param = array(
'method' => 'fql.query',
'query' => $fql,
'callback' => 'http://apps.facebook.com/yoursite/'
);
$fqlResult = $facebook->api($param);
}
catch(Exception $o){
d($o);
}
}
Then point your canvas url to http://yoursite.com/INDEX.php
The callback url in the above code which will be in INDEX.PHP sets where to look after permissions are granted.
FBMain.php looks like this
//set application urls here
$fbconfig['http://www.yoursite.com/iframeapp/YOURMAINPAGE.php/']
= "http://www.tyoursite.com/YOURMAINPAGE.php/";
$fbconfig['http://apps.facebook.com/CANVASBASEURL']
= "http://apps.facebook.com/CANVASBASEURL";
$uid = null; //facebook user id
try{
include_once "facebook.php";
}
catch(Exception $o){
echo '<pre>';
print_r($o);
echo '</pre>';
}
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['APPID'],
'secret' => $fbconfig['SECRET'],
'cookie' => true,
));
//Facebook Authentication part
$session = $facebook->getSession();
$loginUrl = $facebook->getLoginUrl(
array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms'=>'email,publish_stream,status_update,user_birthday,user_location'
)
);
$fbme = null;
if (!$session) {
echo "<script type='text/javascript'>top.location.href
= '$loginUrl';";
exit;
}
else {
try {
$uid = $facebook->getUser();
$fbme = $facebook->api('/me');
} catch (FacebookApiException $e) {
echo "<script type='text/javascript'>top.location.href
= '$loginUrl';";
exit;
}
}
function d($d){
echo '<pre>';
print_r($d);
echo '</pre>';
} ?>
Hope its a little clearer. It took me a while to figure it out, but I got there, thought I would help.