EDIT:
I'm sorry for making this thread as I've figured out the problem.
Here's what happened:
First, I noticed that the URL being sent lacked a "/" between .com and account/verify_credentials. When I updated that, I got a 404 error. Then I looked at the twitteroauth.php and I noticed that the top one:
/* Set up the API root URL. */
public $host = "https://api.twitter.com/1/";
// public $host = "https://dev.twitter.com";
was commented out. I uncommented it, and commented out the lower one (which I'm guessing is no defunct or not used?) and now it works perfectly fine!
Thanks everybody, and thanks Mr. Williams for a great Oauth library!
I've been implementing Abraham Williams Twitter OAuth library and it's been going well so far until I tried to do something with it after connecting to Twitter. That's when I was getting a 303 HTTP code. I then changed my implementation to the way he implements it on his github site, and I still get the same issue. Does anyone have an idea of what's happening?
apitest.php is where the problem occurs, where the $connection variable has a 303 HTTP code. The corresponding $connection variables in redirect.php and callback.php both return a 200. By the way, all of the files are in the same directory.
Here's the code:
connect.php (The HTML on this page has a button that goes to redirect.php)
<?php
/**
* #file
* Check if consumer token is set and if so send user to get a request token.
*/
/**
* Exit with an error message if the CONSUMER_KEY or CONSUMER_SECRET is not defined.
*/
require_once('twitconfig.php');
if (CONSUMER_KEY === '' || CONSUMER_SECRET === '') {
echo 'A consumer key and secret are required.';
exit();
}
?>
redirect.php
<?php
/* Start session and load library. */
session_start();
require_once('twitteroauth.php');
require_once('twitconfig.php');
/* Build TwitterOAuth object with client credentials. */
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
/* Get temporary credentials. */
$request_token = $connection->getRequestToken(OAUTH_CALLBACK);
/* Save temporary credentials to session. */
$_SESSION['oauth_token'] = $token = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
/* If last connection failed don't display authorization link. */
switch ($connection->http_code) {
case 200:
/* Build authorize URL and redirect user to Twitter. */
$url = $connection->getAuthorizeURL($token);
header('Location: ' . $url);
break;
default:
/* Show notification if something went wrong. */
echo 'Could not connect to Twitter. Refresh the page or try again later.';
}
?>
callback.php
<?php
/**
* #file
* Take the user when they return from Twitter. Get access tokens.
* Verify credentials and redirect to based on response from Twitter.
*/
/* Start session and load lib */
session_start();
require_once('twitteroauth.php');
require_once('twitconfig.php');
/* If the oauth_token is old redirect to the connect page. */
if (isset($_REQUEST['oauth_token']) && $_SESSION['oauth_token'] !== $_REQUEST['oauth_token']) {
$_SESSION['oauth_status'] = 'oldtoken';
header('Location: ./clearsessions.php');
}
/* Create TwitteroAuth object with app key/secret and token key/secret from default phase */
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
/* Request access tokens from twitter */
$access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);
/* Save the access tokens. Normally these would be saved in a database for future use. */
$_SESSION['access_token'] = $access_token;
/* Remove no longer needed request tokens */
unset($_SESSION['oauth_token']);
unset($_SESSION['oauth_token_secret']);
/* If HTTP response is 200 continue otherwise send to connect page to retry */
if (200 == $connection->http_code) {
/* The user has been verified and the access tokens can be saved for future use */
$_SESSION['status'] = 'verified';
header('Location: ./apitest.php');
} else {
/* Save HTTP status for error dialog on connnect page.*/
header('Location: ./clearsessions.php');
}
?>
apitest.php (where the problem is seen via a print_r)
<?php
session_start();
require_once('twitteroauth.php');
require_once('twitconfig.php');
if (empty($_SESSION['access_token']) || empty($_SESSION['access_token']['oauth_token']) || empty($_SESSION['access_token']['oauth_token_secret'])) {
header('Location: ./clearsessions.php');
}
/* Get user access tokens out of the session. */
$access_token = $_SESSION['access_token'];
/* Create a TwitterOauth object with consumer/user tokens. */
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token['oauth_token'], $access_token['oauth_token_secret']);
/* Get logged in user to help with tests. */
$user = $connection->get('account/verify_credentials');
print_r($connection);
print_r($_SESSION);
?>
The output of the first print statement is:
TwitterOAuth Object (
[http_code] => 303
[url] => https://dev.twitter.comaccount/verify_credentials.json?oauth_consumer_key=UoXXKdfnVHh2fYD8Csw&oauth_nonce=09bc369393a8eab3a1dc36eaa6230b45&oauth_signature=pe5dYtYq%2FvlGb0c%2BnRR%2BQAXI0Ec%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1314249851&oauth_token=351699791-F6stFFk81poF8ooORgLLxaE2cpSdDT2Vr0Tz9yJm&oauth_version=1.0
[host] => https://dev.twitter.com
[timeout] => 30
[connecttimeout] => 30
[ssl_verifypeer] =>
[format] => json
[decode_json] => 1
[http_info] => Array ( [url] => https://dev.twitter.comaccount/verify_credentials.json?oauth_consumer_key=UoXXKdfnVHh2fYD8Csw&oauth_nonce=09bc369393a8eab3a1dc36eaa6230b45&oauth_signature=pe5dYtYq%2FvlGb0c%2BnRR%2BQAXI0Ec%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1314249851&oauth_token=351699791-F6stFFk81poF8ooORgLLxaE2cpSdDT2Vr0Tz9yJm&oauth_version=1.0
[content_type] =>
[http_code] => 303
[header_size] => 565
[request_size] => 401
[filetime] => -1
[ssl_verify_result] => 1
[redirect_count] => 0
[total_time] => 0.053773
[namelookup_time] => 0.003355
[connect_time] => 0.006399
[pretransfer_time] => 0.047636
[size_upload] => 0
[size_download] => 0
[speed_download] => 0
[speed_upload] => 0
[download_content_length] => 0
[upload_content_length] => 0
[starttransfer_time] => 0.053629
[redirect_time] => 0
[certinfo] => Array ( ) )
[useragent] => TwitterOAuth v0.2.0-beta2
[sha1_method] => OAuthSignatureMethod_HMAC_SHA1 Object ( )
[consumer] => OAuthConsumer Object ( [key] => UoXXKdfnVHh2fYD8Csw [secret] => SyKfxRorvUs6THwj5l26TGEkFOCGf1vG86N7PoS97o [callback_url] => ) [token] => OAuthConsumer Object ( [key] => 351699791-F6stFFk81poF8ooORgLLxaE2cpSdDT2Vr0Tz9yJm [secret] => q8fHaTaFvOUL8XKYX89LSgubr2fSl1xHBUAi8MUqIc [callback_url] => )
[http_header] => Array ( [location] => http://guide.a.id.opendns.com/?url=dev%2Etwitter%2Ecomaccount%2Fverify%5Fcredentials%2Ejson%3Foauth%5Fconsumer%5Fkey%3DUoXXKdfnVHh2fYD8Csw%26oauth%5Fnonce%3D09bc369393a8eab3a1dc36eaa6230b45%26oauth%5Fsignature%3Dpe5dYtYq%252FvlGb0c%252BnRR%252BQAXI0Ec%253D%26oauth%5Fsignature%5Fmethod%3DHMAC%2DSHA1%26oauth%5Ftimestamp%3D1314249851%26oauth%5Ftoken%3D351699791%2DF6stFFk81poF8ooORgLLxaE2cpSdDT2Vr0Tz9yJm%26oauth%5Fversion%3D1%2E0
[content_length] => 0
[connection] => close
[date] => Thu, 25 Aug 2011 05:24:50 GMT
[server] => OpenDNS Guide ) )
The output of the second print statement is:
Array (
[access_token] => Array (
[oauth_token] => 351699791-F6stFFk81poF8ooORgLLxaE2cpSdDT2Vr0Tz9yJm
[oauth_token_secret] => q8fHaTaFvOUL8XKYX89LSgubr2fSl1xHBUAi8MUqIc
[user_id] => 351699791
[screen_name] => jibjib21 )
[status] => verified )
Does anyone have an idea of what's going on with this 303 error and how to resolve it? Any help would be greatly appreciated. Thanks!
A 303 response is a redirect. My guess is you need to add .json (or whatever format you are using) to the end of the URL you are requesting.
I.e. instead of 'account/verify_credentials', you need to request 'account/verify_credentials.json'.
Related
I am using a PHP library (https://github.com/djchen/oauth2-fitbit) to retreive a users Fitbit data via Oauth2. I am getting the data correctly but I am not sure how to grab a specific item from the multidimensional array response.
I am using code below but doesnt work
$response = $provider->getResponse($request);
var_dump($response['encodedId'][0]);
Full PHP code
$provider = new djchen\OAuth2\Client\Provider\Fitbit([
'clientId' => 'xxx',
'clientSecret' => 'xxx',
'redirectUri' => 'http://xxx-env.us-east-1.elasticbeanstalk.com/a/fitbitapi'
]);
// start the session
session_start();
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
// Fetch the authorization URL from the provider; this returns the
// urlAuthorize option and generates and applies any necessary parameters
// (e.g. state).
$authorizationUrl = $provider->getAuthorizationUrl();
// Get the state generated for you and store it to the session.
$_SESSION['oauth2state'] = $provider->getState();
// Redirect the user to the authorization URL.
header('Location: ' . $authorizationUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
try {
// Try to get an access token using the authorization code grant.
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// We have an access token, which we may use in authenticated
// requests against the service provider's API.
echo $accessToken->getToken() . "\n";
echo $accessToken->getRefreshToken() . "\n";
echo $accessToken->getExpires() . "\n";
echo ($accessToken->hasExpired() ? 'expired' : 'not expired') . "\n";
// Using the access token, we may look up details about the
// resource owner.
$resourceOwner = $provider->getResourceOwner($accessToken);
var_export($resourceOwner->toArray());
// The provider provides a way to get an authenticated API request for
// the service, using the access token; it returns an object conforming
// to Psr\Http\Message\RequestInterface.
$request = $provider->getAuthenticatedRequest(
'GET',
'https://api.fitbit.com/1/user/-/profile.json',
$accessToken
);
// Make the authenticated API request and get the response.
$response = $provider->getResponse($request);
var_dump($response['encodedId'][0]);
Response data
eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NjAzNzgxOTYsInNjb3BlcyI6InJ3ZWkgcnBybyByaHIgcmxvYyByc2xlIHJzZXQgcmFjdCByc29jIiwic3ViIjoiNEg4NU5WIiwiYXVkIjoiMjI3UUNXIiwiaXNzIjoiRml0Yml0IiwidHlwIjoiYWNjZXNzX3Rva2VuIiwiaWF0IjoxNDYwMzc0NTk2fQ.NN9OOx--3YLvwai0hl0ZRJ4MNWXlaMwcEJ_xxxxxb2382a930144c3a76e69567dcbf0d9834c574919fff8c268b378e635735f1bbf 1460378196 not expired array ( 'encodedId' => '4545NV', 'displayName'
=> 'dan', )...
I am using the same PHP library for FitBit API integration. The response you have pasted with the question is the data that is coming because of the following part of your code:
// requests against the service provider's API.
echo $accessToken->getToken() . "\n";
echo $accessToken->getRefreshToken() . "\n";
echo $accessToken->getExpires() . "\n";
echo ($accessToken->hasExpired() ? 'expired' : 'not expired') . "\n";
// Using the access token, we may look up details about the
// resource owner.
$resourceOwner = $provider->getResourceOwner($accessToken);
var_export($resourceOwner->toArray());
When you try to get the user profile from FitBit, you make the below request :
$request = $provider->getAuthenticatedRequest(
'GET',
'https://api.fitbit.com/1/user/-/profile.json',
$accessToken
);
// Make the authenticated API request and get the response.
$response = $provider->getResponse($request);
The $response comes in the below format and you can see there that "encodeId" is not the direct key there. Below is the example of var_dump($response); -
Array(
[user] => Array
(
[age] => 27
[avatar] => https://static0.fitbit.com/images/profile/defaultProfile_100_male.gif
[avatar150] => https://static0.fitbit.com/images/profile/defaultProfile_150_male.gif
[averageDailySteps] => 3165
[corporate] =>
[dateOfBirth] => 1991-04-02
[displayName] => Avtar
[distanceUnit] => METRIC
[encodedId] => 478ZBH
[features] => Array
(
[exerciseGoal] => 1
)
[foodsLocale] => en_GB
[fullName] => Avtar Gaur
[gender] => MALE
[glucoseUnit] => METRIC
[height] => 181
[heightUnit] => METRIC
[locale] => en_IN
[memberSince] => 2016-01-17
[offsetFromUTCMillis] => 19800000
[startDayOfWeek] => MONDAY
[strideLengthRunning] => 94.2
[strideLengthRunningType] => default
[strideLengthWalking] => 75.1
[strideLengthWalkingType] => default
[timezone] => Asia/Colombo
[topBadges] => Array
(
[0] => Array
(
)
[1] => Array
(
)
[2] => Array
(
)
)
[waterUnit] => METRIC
[waterUnitName] => ml
[weight] => 80
[weightUnit] => METRIC
)
)
In order to access anything in there you need to access it in this manner -
$encodedId = $response['user']['encodedId];
I hope this was helpful to you. You can ask more questions related to fitbit API as I have got it all working, including the Fitbit Subscriver API and Notifications.
I am trying to use codebird to tweet using PHP. Initially I was unable to get Access Token but after I defined CallbackURL in settings that issue seems to be resolved. Now it is returning oauth token:
Codebird\Codebird Object ( [_oauth_token:protected] => codehere [_oauth_token_secret:protected] => codehere [_return_format:protected] => 0 [_supported_media_files:protected] => Array ( [0] => 1 [1] => 2 [2] => 3 ) [_version:protected] => 3.0.0-dev [_use_curl:protected] => 1 [_timeout:protected] => 10000 [_connectionTimeout:protected] => 3000 )
But when i try to tweet i get following error:
stdClass Object ( [errors] => Array ( [0] => stdClass Object ( [code]
=> 89 [message] => Invalid or expired token. ) ) [httpstatus] => 401 [rate] => )
Following is my code
Codebird\Codebird::setConsumerKey('copy+paste from twitter', 'copy+paste from twitter'); // I changed it to my settings
$cb = \Codebird\Codebird::getInstance();
if (! isset($_SESSION['oauth_token'])) {
// get the request token
$reply = $cb->oauth_requestToken(array(
'oauth_callback' => 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']
));
// store the token
$cb->setToken($reply->oauth_token, $reply->oauth_token_secret);
$_SESSION['oauth_token'] = $reply->oauth_token;
$_SESSION['oauth_token_secret'] = $reply->oauth_token_secret;
$_SESSION['oauth_verify'] = true;
// redirect to auth website
$auth_url = $cb->oauth_authorize();
header('Location: ' . $auth_url);
die();
} elseif (isset($_GET['oauth_verifier']) && isset($_SESSION['oauth_verify'])) {
// verify the token
$cb->setToken($_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
unset($_SESSION['oauth_verify']);
// get the access token
$reply = $cb->oauth_accessToken(array(
'oauth_verifier' => $_GET['oauth_verifier']
));
// store the token (which is different from the request token!)
$_SESSION['oauth_token'] = $reply->oauth_token;
$_SESSION['oauth_token_secret'] = $reply->oauth_token_secret;
// send to same URL, without oauth GET parameters
header('Location: ' . basename(__FILE__));
die();
}
// assign access token on each page load
$cb->setToken($_SESSION['oauth_token'], $_SESSION['oauth_token_secret']);
print_r($cb);
$params = array(
'status' => 'Auto Post on Twitter with PHP http://goo.gl/OZHaQD #php #twitter'
);
$reply = $cb->statuses_update($params);
print_r($reply);
Thanks in advance for the assistance.
Is your callback address the one registered with Twitter in the app definition?
Do you have "read and write" access in the app definition?
Have you exceeded the rate limit for posting?
I'd check those things first, as I don't see anything obviously missing from your code snippet.
The specific 401 error message I get is:
"error":"invalid_client","error_description":"The client credentials are invalid"}"
This error isn't listed anywhere in the PayPal documentation. I am certain I am using the test credentials and using the correct sandbox endpoint. The error occurs when I attempt to get an access token.
This is the class where the access token is retrieved:
private function _generateAccessToken($config) {
$base64ClientID = base64_encode($this->clientId . ":" . $this->clientSecret);
$headers = array(
"User-Agent" => PPUserAgent::getValue(RestHandler::$sdkName, RestHandler::$sdkVersion),
"Authorization" => "Basic " . $base64ClientID,
"Accept" => "*/*"
);
$httpConfiguration = $this->getOAuthHttpConfiguration($config);
$httpConfiguration->setHeaders($headers);
$connection = PPConnectionManager::getInstance()->getConnection($httpConfiguration, $config);
//print_r($connection); die;
$res = $connection->execute("grant_type=client_credentials");
$jsonResponse = json_decode($res, true);
if($jsonResponse == NULL ||
!isset($jsonResponse["access_token"]) || !isset($jsonResponse["expires_in"]) ) {
$this->accessToken = NULL;
$this->tokenExpiresIn = NULL;
$this->logger->warning("Could not generate new Access token. Invalid response from server: " . $jsonResponse);
} else {
$this->accessToken = $jsonResponse["access_token"];
$this->tokenExpiresIn = $jsonResponse["expires_in"];
}
$this->tokenCreateTime = time();
return $this->accessToken;
}
This is the $connection variable I have when I print_r (I removed the authorization string):
PayPal\Core\PPHttpConnection Object( [httpConfig:PayPal\Core\PPHttpConnection:private] => PayPal\Core\PPHttpConfig Object ( [headers:PayPal\Core\PPHttpConfig:private] => Array ( [User- Agent] => PayPalSDK/rest-sdk-php 0.6.0 (lang=PHP;v=5.4.21;bit=64;os=Linux_2.6.18- 308.16.1.el5;machine=x86_64;openssl=0.9.8e-fips-rhel5;curl=7.24.0) [Authorization] => Basic REMOVED AUTHORIZATION STRING == [Accept] => */* ) [curlOptions:PayPal\Core\PPHttpConfig:private] => Array ( [32] => 3 [78] => 30 [19913] => 1 [13] => 60 [10018] => PayPal-PHP-SDK [10023] => Array ( ) [81] => 2 [64] => 1 ) [url:PayPal\Core\PPHttpConfig:private] => https://api.sandbox.paypal.com/v1/oauth2/token [method:PayPal\Core\PPHttpConfig:private] => POST [retryCount:PayPal\Core\PPHttpConfig:private] => 1 ) [logger:PayPal\Core\PPHttpConnection:private] => PayPal\Core\PPLoggingManager Object ( [loggerName:PayPal\Core\PPLoggingManager:private] => PayPal\Core\PPHttpConnection [isLoggingEnabled:PayPal\Core\PPLoggingManager:private] => 1 [loggingLevel:PayPal\Core\PPLoggingManager:private] => 3 [loggerFile:PayPal\Core\PPLoggingManager:private] => PayPal.log ))
As far I can tell, I have correct credentials, correct endpoint, not sure what else it could be?
A HTTP401 on /token is returned if the client_id/secret aren’t recognized (either the wrong credentials for the environment, or the credentials aren’t active).
Can you run a test via cURL to rule out any environment / code-specific issues?
curl -v -u "client_id:secret" "https://api.sandbox.paypal.com/v1/oauth2/token" -X POST -d "response_type=token&grant_type=client_credentials"
(Replace client_id and secret above with your own)
Make sure payment $config mode is Sandbox and clientId and clientSecret keys are Sandbox same time.
Good evening all,
I am using the PHP code from https://github.com/abraham/twitteroauth
The login works perfectly but when trying to post a status to Twitter i get the following error:
stdClass Object ( [errors] => Array ( [0] => stdClass Object ( [code] => 220 [message] => Your credentials do not allow access to this resource. ) ) )
I am using the following code:
session_start();
require_once('twitteroauth/twitteroauth.php');
require_once('config.php');
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['oauth_token'],
$_SESSION['oauth_token_secret']);
$token_credentials = $connection->getAccessToken($_REQUEST['oauth_verifier']);
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $token_credentials['oauth_token'],
$token_credentials['oauth_token_secret']);
$account = $connection->get('account/verify_credentials');
$status = $connection->post('statuses/update', array('status' => 'Text of status here'));
I have followed the same instructions as the website. Where am i going wrong?
In your case do you have to create an api on twitter ?
https://apps.twitter.com/
If you did, check the configuration of your api.
this link could be helpful.
https://dev.twitter.com/docs/auth/oauth/faq
I am working on an application that is basically going to operate in a Kiosk, the point is to allow users while they are at a business to be able to login to facebook and after logging in it posts a message saying they are there, afterwords they are given a coupon.
The problem has arisen that after they have logged in and then logged out, the next person logs in with their account ends up posting as the previous user, this continues adnauseum.
After getting their coupon the script automatically logs them out after 15 seconds and returns the application to the home screen for the next user. When they login, which they are able to do it returns them to the page asking for permission to post, but it is pulling all of the previous users information. This is the code being called in the page after being sent to logging in on facebook.
<?php
//include the Facebook PHP SDK
include_once 'couponGenerator/facebook.php';
//start the session if necessary
if( session_id() ) {
} else {
session_start();
}
//instantiate the Facebook library with the APP ID and APP SECRET
$facebook = new Facebook(array(
'appId' => '00000000000',
'secret' => '000000000000000000000',
'cookie' => true,
'status' => true,
'oath' => true
));
$access_token = $facebook->getAccessToken();
$_SESSION['active'][$access_token];
//get the news feed of the active page using the page's access token
$page_feed = $facebook->api(
'/me/feed',
'GET',
array(
'access_token' => $_SESSION['active']['access_token']
)
);
$fbuser = $facebook->api('/me');
//var_dump($page_feed); exit;
?>
I have attempted on the homepage of of deleting facebook cookies and sessions and this has not solved anything, I am just trying to figure out what I am doing wrong and any advice would be very welcome.
$facebook->destroySession();
$facebook->_killFacebookCookies();
public function _killFacebookCookies()
{
// get your api key
$apiKey = $this->getAppId();
// get name of the cookie
$cookie = $this->getSignedRequestCookieName();
$cookies = array('user', 'session_key', 'expires', 'ss');
foreach ($cookies as $name)
{
setcookie($apiKey . '_' . $name, false, time() - 3600);
unset($_COOKIE[$apiKey . '_' . $name]);
}
setcookie($apiKey, false, time() - 3600);
unset($_COOKIE[$apiKey]);
$this->clearAllPersistentData();
}
Here is the updated connection class
`
<?php
//include the Facebook PHP SDK
include_once 'facebook.php';
//instantiate the Facebook library with the APP ID and APP SECRET
$facebook = new Facebook(array(
'appId' => '122628977190080',
'secret' => '123123123123123123123123',
'cookie' => true
));
$access_token = $facebook->getAccessToken();
unset ($_SESSION['active'][$access_token]);
session_unregister ($_SESSION['active'][$access_token]);
//Get the FB UID of the currently logged in user
$user = $facebook->getUser();
//if the user has already allowed the application, you'll be able to get his/her FB UID
if($user) {
//start the session if needed
if( session_id() ) {
} else {
session_start();
}
//do stuff when already logged in
//get the user's access token
$access_token = $facebook->getAccessToken();
//check permissions list
$permissions_list = $facebook->api(
'/me/permissions',
'GET',
array(
'access_token' => $access_token
)
);
//check if the permissions we need have been allowed by the user
//if not then redirect them again to facebook's permissions page
$permissions_needed = array('publish_stream', 'email');
foreach($permissions_needed as $perm) {
if( !isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1 ) {
$login_url_params = array(
'scope' => 'publish_stream,email',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
header("Location: {$login_url}");
exit();
}
}
//if the user has allowed all the permissions we need,
//get the information about the pages that he or she managers
$accounts = $facebook->api(
'/me/accounts',
'GET',
array(
'access_token' => $access_token
)
);
//save the information inside the session
$_SESSION['access_token'] = $access_token;
$_SESSION['accounts'] = $accounts['data'];
//save the first page as the default active page
$_SESSION['active'] = $accounts['data'][0];
//redirect to manage.php
header('Location: ../facebook_result.php');
} else {
//if not, let's redirect to the ALLOW page so we can get access
//Create a login URL using the Facebook library's getLoginUrl() method
$login_url_params = array(
'scope' => 'read_stream,email',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
//redirect to the login URL on facebook
header("Location: {$login_url}");
exit();
}
?>`
After calling the logoff script, I am run this piece of code on the homepage to see if everything is set.
<?php
try {
$uid = $facebook->getUser();
$fbme = $facebook->api('/me');
echo "$uid";
} catch (FacebookApiException $e) {
print_r($e);
}
?>
it gives me this result
FacebookApiException Object ( [result:protected] =>
Array ( [error] => Array ( [message] =>
An active access token must be used to query information about the current user.
[type] => OAuthException [code] => 2500 ) )
[message:protected] => An active access token must be
used to query information about the current user.
[string:private] => [code:protected] => 0 [file:protected] =>
/home/m3dev/public_html/couponsite/couponGenerator/base_facebook.php
[line:protected] => 1046 [trace:private] => Array ( [0] => Array ( [file] => /home/m3dev/public_html/couponsite/couponGenerator/base_facebook.php [line] => 751 [function] => throwAPIException [class] => BaseFacebook [type] => -> [args] => Array ( [0] => Array ( [error] => Array ( [message] => An active access token must be used to query information about the current user. [type] => OAuthException [code] => 2500 ) ) ) ) [1] => Array ( [function] => _graph [class] => BaseFacebook [type] => -> [args] => Array ( [0] => /me ) ) [2] => Array ( [file] => /home/m3dev/public_html/couponsite/couponGenerator/base_facebook.php [line] => 560 [function] => call_user_func_array [args] => Array ( [0] => Array ( [0] => Facebook Object ( [appId:protected] => 162628977190080 [apiSecret:protected] => **SECRET KEY REMOVED ** [user:protected] => 0 [signedRequest:protected] => Array ( [algorithm] => HMAC-SHA256 [code] => 961628b1ca0354544541d58e.1-34319949|p3D3pSNoawlC1wBllhiN7zoEpJY [issued_at] => 1331218933 [user_id] => 34319949 ) [state:protected] => [accessToken:protected] => 162628977190080|**SECRET KEY REMOVED** [fileUploadSupport:protected] => ) [1] => _graph ) [1] => Array ( [0] => /me ) ) ) [3] => Array ( [file] => /home/m3dev/public_html/couponsite/index.php [line] => 71 [function] => api [class] => BaseFacebook [type] => -> [args] => Array ( [0] => /me ) ) ) )
You may be destroying a Facebook session but you don't seem to be destroying your own session.
Clear out
$_SESSION['active'][$access_token];
You need to force Facebook Re-Authentication for each user.
I'm not sure if the PHP API you're using supports this, but the OAuth dialog can receive a auth_type that when valued to reauthenticate forces the user to provide his credentials:
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url)
. '&auth_type=reauthenticate&auth_nonce=' . $auth_nonce;
This can be done useg the Javascript API as well.