I have been trying to get facebook page's contents using PHP Curl. But even if i am logged into facebook from my browser , the page which the CUR session returns requests for login id an password . I think its some issue of ccokies which I dont know. Please help how to send the cookies stored in my browser in the CURL request.
As with most websites Facebook uses cookie based sessions to keep you authenticated.
You'll need to get your CURL script to authenticate to Facebook and then scrape the data that you're after. When you do this you'll need to make sure that the cookies are stored across the different (auth and then following requests) by using a "cookie jar". If you look in the PHP CURL documentation they explain how to use a cookie jar and persist cookies across multiple requests.
I'm not sure what data you're trying to fetch but I think you're likely to do better using Facebook's API to fetch the data. APIs are designed for machines/processes to fetch data, whereas the website is there for people to view. If you use the API you won't have to scrap the data out from within the page/display.
Related
I am trying to login into Facebook via cURL in PHP. At this moment, I want to get my cookies from the browser and use them as a cookie file in cURL.
Is this even possible?
As soon as FB is registering what you're doing, your account gets locked. There are several API frameworks out there to access FB and there's almost nothing left what can only be done by scraping there content.
Yes you can do it this way, but it's not the recommended way.
So I've start building an application for a website in Swift. The main goal is to have an iOS App which can receive notifications (in JSON from website) and can show all the features of the website.
So I can login and sign-up from the app to my database but the thing is I don't understand how to take out my session login and display it in an UIWebView. So the user has just to log-in and he can see the website with his account. The only thing I can make is to show the website as a guest.
Can someone help me please ?
As far as I know UIWebView does not store/send any cookie(session) for your web site. That means you're always not authenticated.
In order to complete your task you need to create your own cookie handling mechanism.
You need to save auth cookies sent to you by the server in response HTTP header, e.g.
Set-Cookie: JSESSIONID=ABAD1D;
Then you need to make any required request and MANUALLY put cookie header filed in your request header e.g.
Cookie: JSESSIONID=ABAD1D
Save response somewhere and render HTML in a WebView
BOTTOM LINE: All this stuff is a huge overhead to your app. Instead you need to write API of your web-site specifically for iOS(and other) apps, using different authentication approach and data transfer (well known).
What you want to do is basically create a little browser, I don't think it is a good idea.
I've been playing around with the Facebook PHP SDK for a site that I'd like to use Facebook's single sign in for. I've been able to login to my Facebook account from my site and successfully tested a few of the features (posting to /me, an FQL query etc.).
When generating the login URL I have set the cookie parameter to true, however I seem unable to establish a persistent session with Facebook. At the moment the Facebook login window redirects the whole website (I have not yet tested this within the webpage or a popup). The user can authorise and is returned to my site, but the session data is stored in a query string on the return URL. If this string is removed the user must reauthenticate.
Previously I have worked with the JS SDK and this has not been an issue. It's worth noting in this case that I am avoiding using the FBJS (because I believe the PHP SDK is an alternative) and FBML (because it is deprecated) - I also have not implemented a cross domain communication file as this appears to be unnecessary.
I have read about conducting the authentication within an iFrame. I'm unable to find any documentation about this though.
I have considered storing the $_GET querystring in a session on my site and appending it to the website URL, or an iFrame URL, when I need to authenticate. I'm certain that this is the incorrect way to achieve what I'd like though.
Please could someone point me in the direction of some documentation regarding this. Perhaps I am mistaken in thinking I can do this without JS, or maybe I need to manually set up the session cookie? I've searched at length but have been unable to find any documentation that describes this specifically.
Thanks for any help!
Hello I am looking to build a basic API and application/apps system on my social network something like Facebook or other sites have, my site is in php/mysql. Here are some questions.
1)
Basically what I want to do is give a user a API key and secret. After I have these how can I use them in my php app to authenticate a user request which would come from there server?
2)
I can basically build an API to send a request to my server with CURL and get the result back to the page in XML or JSON or whatever, the problem is when sending the request the user would have to know the user ID they want to send to lookup data against, this is fine for an API but I am wanting to have an Apps section where the user's app site would be using the API and would be loaded into my site in the app section with an iframe, the problem is, I need to find a good way to make it where a logged in user on my site can go to the app section and go to an app and there username should be available to that page loaded in the iframe. Facebook and myspace do this somehow and many other sites; I am lost how to get around this hurdle.
Any help on any of this is really appreciated, thank you
Update:
I just had an idea, if I require a cookie to be set when a user visit's my site, then they would have a cookie and it could hold there User ID, then my API script could look for that cookie to exist and grab it's value?
If you plane on using an IFRAME, then no, your API hosted on a separate website (the website inside the IFRAME) would not be able to grab the cookie. The cookie is only visible on the website that it was set for.
I have only used Facebook API with the FBML (not the IFRAME,) but all they do their is basically replace what's in the page with the info that the "tag" is calling. I'm not sure if there is a better way, but you could possibly call a page on the app's server (say the app is hosted at http://example.com/app/, and you called http://example.com/app/?id=28318&name=John%20Maguire,) and have your API code handle it and turn it into a variable?
Maybe you should look into the source code of the Facebook API client.
We have a webpage that we provide to partner companies via an iFrame. The iFrame contains several javascript files that make ajax requests to our server for data. The iFrame itself requires an API Key that is keyed to the domain of the partner. This prevents the iFrame from displaying if it is installed on a domain that isn't registered. However, it would be pretty easy to simply copy the contents and javascript files of the iFrame from a registered site and host them on a non-registered site.
Ideally we'd like to use the API key to restrict Ajax requests and prevent our server from providing the requested data for non-registered sites. However, it appears that the HTTP_REFERER server variable is not set for Ajax requests. How can we tell what site that the request is coming from? Is it possible? If not, how can we prevent unauthorized access?
Relying on HTTP_REFERER isn't the way to go. You want your client's website to use an API to contact your website over a secure link, and get a temporary session string, which is then used as part of the source url for the IFRAME, which is how google does it (not with referer.)
Make the url for the IFRAME valid for a limited time, after which you display a nice message about going back to the client's page to start over.
When the iframe is requested you can generate a unique ID on your server, then set that as a cookie on the client. Every AJAX request should contain that cookie. Only keep around the ID's for the last hour or so.
You can never rely on HTTP_REFERER because some proxy servers and firewalls will strip it out to preserve users' privacy.
The challenge is that the iframe is authorized to a specific domain, so my API Key is tied to that. I followed the following tutorial to generate my API keys.
https://ajax.dev.java.net/ajax/api-keys
Do you think that relying on the HTTP_REFERER variable will prevent users from accessing the iframe? Sun claims that Google uses this method for Google Maps API authentication.
Once the API key has been authenticated, then the cookie approach should do the trick, I think. Thanks!