We have a Flash site that integrates heavily with Facebook. When users sign up we get them to allow a Facebook app that ties into the site. This is done through the AS3 Facebook API library from Adobe.
When users have done this, they should then be able to sign up, submitting some personal details and so on. The Flash sends this request to our PHP which then checks to see if the user is actually logged into Facebook, and has allowed our app.
The problem we're having is that when a user goes to do this, the PHP facebook library says that the user is not logged in. If we then refresh the page and try signing up again, everything works fine.
I'd imagine it's a cookie thing, but we're really banging our head against a wall here and can't figure out why it's not working.
Cheers,
Mark.
Are you using OAuth (good example here by chirs coenraets)
Regardless, you may need to use a flash php/js proxy (php i presume since thats what your using) to deal with any crossdomain policy issues.
Related
I am trying to login into Facebook via cURL in PHP. At this moment, I want to get my cookies from the browser and use them as a cookie file in cURL.
Is this even possible?
As soon as FB is registering what you're doing, your account gets locked. There are several API frameworks out there to access FB and there's almost nothing left what can only be done by scraping there content.
Yes you can do it this way, but it's not the recommended way.
A team of some friends and I have come up with an app/product idea that we have been working on. I have to be vague on exactly what the details are, but hopefully I can explain it well enough to have the questions we have answered.
First, we have a web server with a database - we have developed all of the code for that in PHP. Each user will have a device which when an action is performed on the device, it sends a message to our server, and the PHP code on our server handles the message and stores the sent data in the appropriate fields in our database.
We want to run this through Facebook - we have an app and a Facebook page created for this. The idea is that when a user performs an action on his or her device and the message is sent to the server, the PHP code will automatically make a post on the Facebook page on the user’s behalf (not on the Page’s behalf).
Between all of us on working on this project, we have spent many days and many hours trying to figure out how to make the automatic post to the page. It’s extremely difficult googling this topic since all of the various examples are using different versions of the Facebook SDK (we are using the latest). There are lots of somewhat similar type questions/examples, but we can't find one that answers specifically what we are asking. In fact, we aren’t even sure that anybody but an ‘admin’ can post on a Facebook page with the new SDK, any longer. I do see this link in the Facebook developer section, https://developers.facebook.com/docs/graph-api/reference/v2.5/page/feed, where it says under the Publishing section:
Permissions
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
So, it sounds as if a user can post to the Facebook page if it is given an access token with publish_actions permission, yet we can’t find any example of code of this actually being done. Could anybody explain how to do the automatic posting to the page on a user’s behalf (hopefully, using PHP, since that is the language we are using on the server side), or at least point us to a good example? We are all experienced developers, but this is the first time any of us has done anything with Facebook development. So we certainly aren’t amateurs, but with Facebook development, we are. We may be overlooking something obvious, but after seeing so many links, my mind is jello.
A summary of our questions:
1. Can it even be done with the latest Facebook SDK that a post can be made to a Facebook Page for our product on the user’s behalf? (to be clear, we are talking about the Facebook Page we created for our app, not a user's page)
2. If so, what specific permissions do we need to give the user, just the publish_actions one? We don’t want to give the user too much permission to be able to screw up our page, of course.
3. Can this be done automatically with PHP from the server?
Any help would be GREATLY appreciated!
I'm trying to implement login and registration on a page using the Facebook API for both JS and PHP SDK 4.0. The 4.0 SDK seems relatively new and have changed a lot in recent time. There aren't a lot of answers out there. The documentation also seems pretty poor.
I already have a page with standard login using php/mysql. This will just be another option of login/registration for users.
After a couple of years just reading on Stackoverflow, this is my first post. Sorry in advance if it's in some way inadequate.
This is how I figure I would like to set this up:
A Facebook-button next to the login with a JS Facebook-login dialog connected to it.
If the user authorizes: send the result with an ajax-request to a php-page
Use FacebookJavaScriptLoginHelper to set up a session.
Get a long life access-token with getLongLivedSession.
Make a request for /me. Check if the email for this account is already a user on my site.
If not already a user: Ask for a username, register the user with info from Facebook.
Connect the account by saving the internal userid and the access-token in my database
Questions so far:
Am I supposed to send the token with my AJAX-call from the client, or would this be a security risk? I could just fetch the token with the PHP SDK instead.
Should i store the token with $_SESSION? Should I even store this manually myself? If so, is there built in functionality for this in the PHP SDK? Couldn't find any.
When a user has gone through this process I want to be able to check server side directly on page load if the user has authorized my app (and is logged in on FB).
Am I supposed to acquire the access-token using $_SESSION, or is there functionality for this? Isn't there any built in functionality to do a standard check if the user is authorized already?
When doing this in PHP, should I use the FacebookRedirectLoginHelper? Seems a bit odd since I'd never want to redirect with PHP, when my login dialogs will be with JS.
Maybe I've gotten the gist of this all wrong. My main concern is if I really would have to be storing the token with $_SESSION. I've seen a lot of people doing it in tutorials, but found nothing about it in Facebooks docs.
Thank you for your detailed post. Not a lot of people put so much effort in their first post ;)
The token you refer to is automatically stored in the cookie by the JS SDK. You can instantiate a session on the PHP side in the following way:
$js_helper = new FacebookJavaScriptLoginHelper($app_id);
$session = $js_helper->getSession();
Or: https://developers.facebook.com/docs/php/FacebookJavaScriptLoginHelper/4.0.0
You don't have to store the token by yourself, since it's already stored in the cookie.
Does this make the situation more clear?
I searched in Stack Overflow, Google, etc, but I can't figure out how to show my stuff from my Facebook on my website. I tried some solutions and each one prompted the login dialog and visitors had to log in and accept my application (I've created one to test).
Many answers here were too generic, I didn't understand them that is why I'm asking.
I want something that would let my website "log in" to Facebook and show my status or photos to visitors without them needing to accept an app or log in into Facebook with their account.
I tried a facebook-php-sdk example with my AppID and AppSecret and it asked me to log in.
Also, github.com/facebook doesn't have an SDK for Python similar to facebook-php-sdk
You could write a script (eg. using the FB PHP SDK) that uses a long-lived access token to fetch your FB data and then store the data in your backend database (or other store for your website). To Facebook, your script will look like an app and your machine will be the only 'user' of that app. Note, long-lived access tokens are good for 60 days max. You could also try using an App Access Token to fetch basic info. App Access Tokens don't expire.
This might not be exactly what you are looking for since you posted this with the php and python tag, but it might solve your problem.
If you're website is powered by the wordpress engine you can use If-this-then-that : https://ifttt.com/
It basically allows you to create "recipes" with something like:
if new status on Facebook then create post on wordpress
The post will not require others to log in to Facebook.
This is without writing a single line of code only a couple of mouse clicks. So I'm not sure if this satisfies your needs.
Hello I am looking to build a basic API and application/apps system on my social network something like Facebook or other sites have, my site is in php/mysql. Here are some questions.
1)
Basically what I want to do is give a user a API key and secret. After I have these how can I use them in my php app to authenticate a user request which would come from there server?
2)
I can basically build an API to send a request to my server with CURL and get the result back to the page in XML or JSON or whatever, the problem is when sending the request the user would have to know the user ID they want to send to lookup data against, this is fine for an API but I am wanting to have an Apps section where the user's app site would be using the API and would be loaded into my site in the app section with an iframe, the problem is, I need to find a good way to make it where a logged in user on my site can go to the app section and go to an app and there username should be available to that page loaded in the iframe. Facebook and myspace do this somehow and many other sites; I am lost how to get around this hurdle.
Any help on any of this is really appreciated, thank you
Update:
I just had an idea, if I require a cookie to be set when a user visit's my site, then they would have a cookie and it could hold there User ID, then my API script could look for that cookie to exist and grab it's value?
If you plane on using an IFRAME, then no, your API hosted on a separate website (the website inside the IFRAME) would not be able to grab the cookie. The cookie is only visible on the website that it was set for.
I have only used Facebook API with the FBML (not the IFRAME,) but all they do their is basically replace what's in the page with the info that the "tag" is calling. I'm not sure if there is a better way, but you could possibly call a page on the app's server (say the app is hosted at http://example.com/app/, and you called http://example.com/app/?id=28318&name=John%20Maguire,) and have your API code handle it and turn it into a variable?
Maybe you should look into the source code of the Facebook API client.