How would I take the results of the Facebook Registration Plugin and email it to myself?
Well, you should post what you have got so far..anyway, as described in the documentation:
The data is passed to your application
as a signed request. The
signed_request parameter is a simple
way to make sure that the data you're
receiving is the actual data sent by
Facebook.
So you need to specify the redirect_uri and then process/extract the data you want from the signed_request and email it with the method you are using. How to process the data is described in the bottom of the document I linked above:
<?php
define('FACEBOOK_APP_ID', 'your_app_id');
define('FACEBOOK_SECRET', 'your_app_secret');
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
echo '<p>signed_request contents:</p>';
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
echo '<pre>';
print_r($response);
echo '</pre>';
} else {
echo '$_REQUEST is empty';
}
?>
So instead of the print_r and echo functions, send the fields you want!
Related
I'm currently on working on creating an app that added to facebook page's tab. The documentation is here:
http://developers.facebook.com/docs/appsonfacebook/pagetabs/
But the documentation mentions nothing about a callback for the application is removed. Is there a such callback that will alert me when my application is removed a tab that I can use to update my records?
If it matters, I'm currently using PHP.
Go to your app: Admin page -> Edit settings -> advanced then Deauthorize Callback URL
Here is a php example on how I deauthorize a user in my code:
require_once(dirname(dirname(dirname(__FILE__))).'/autoload.php');
App::init();
DBConn::init();
error_log("request");
$app_secret = 'yoursecretkey';
$request = parse_signed_request($_POST['signed_request'], $app_secret);
$fbid=$request["user_id"];
error_log($fbid);
if ($fbid) {
$rec = new ADOdb_Active_Record( "users" );
$found=$rec->load("id=?",array($fbid));
if ($found){
$rec->deauth= 1;
$rec->save();
}
}
echo "ok";
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
I don't believe there is such a callback only one for if the user cancels giving your app the privileges first time around.
When you try to auth the user next time on your site and the auth does not succeed then you know they have either:
Deauthed your app
Or the fb token has not been used for 60 days
As such the users should reauth your app.
Edit: By site I do mean app. English Fail.
How can I get the user id of the facebook user who is registering on my website using the facebook registration plugin.
The Graph Api says that each facebook object has a unique ID.
I want to know a way by which I can get this ID.
The json Code of the registration Plugin is:
<iframe src='http://www.facebook.com/plugins/registration.php?
client_id=325340244194060&
redirect_uri=http://www.pingcampus.com/facebook_registration_plugin/store_user_data.php&
fields=[
{
"name": "name"
},
{
"name": "email"
},
{
"name": "gender"
},
{
"name": "birthday"
},
{
"name": "captcha"
}
]'
scrolling="auto"
frameborder="no"
style="border:none"
allowTransparency="true"
width="500"
height="800"
>
</iframe>
The PHP Code that i use to get the details is :
<?php ob_start();
define('FACEBOOK_APP_ID', '325340244194060');
define('FACEBOOK_SECRET', '2ab5cb734f39d8417569cc7be7a0e89a');
// No need to change function body
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
/*
"<pre>";
print_r($response);
"</pre>"; // Uncomment this for printing the response Array
*/
$name = htmlentities($response["registration"]["name"]);
$email = htmlentities($response["registration"]["email"]);
$gender = htmlentities($response["registration"]["gender"]);
$dob = htmlentities($response["registration"]["birthday"]);
$phone = htmlentities($response["registration"]["phone"]);
} else {
echo '$_REQUEST is empty';
}
?>
Per https://developers.facebook.com/docs/plugins/registration/ the user_id is on the signed_request data.
I don't know PHP, but based on your above code and the information from the registration documentation, it should look something like this:
.....
$name = htmlentities($response["registration"]["name"]);
.....
$id = $response["user_id"];
There is no way of doing this, instead you need to save the user's data in your database as soon as the user is register or login with facebook through your app.
I'm trying to make it so my facebook app is available in English and Japanese.
I tried using tags but could not get them to work:
http://developers.facebook.com/docs/internationalization/
I then thought I'd just make two versions of the app, one in English, the other in Japanese. When I open my app, the oauth permission dialog is shown. I approve the app and then it takes me to a page which keeps looping, producing a new $_GET['code'] each time. I then click on "facebook" at the top left hand corner of the screen. I then click on my app again and this time I can access it ok in English or Japanese. How can I stop the app looping the first time around? How can I go directly to the version of the app based on the users locale? Thanks
<?php
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$result = parse_signed_request($_REQUEST['signed_request'],"app_secret");
$locale = $result['user']['locale'];
$token = $result['oauth_token'];
if ($token != ""){
if ($locale == "ja_JP"){
if ($_SERVER['HTTPS']){
header("Location: https://secure.example.com/facebook/ja/index.php");
exit;
}
else {
header("Location: http://example.com/facebook/ja/index.php");
exit;
}
}
else{
if ($_SERVER['HTTPS']){
header("Location: https://secure.example.com/facebook/en/index.php");
exit;
}
else {
header("Location: http://example.com/facebook/en/index.php");
exit;
}
}
}
else {
if($_SERVER['HTTPS']){
$canvas_page = "https://secure.example.com/facebook/";
}
else {
$canvas_page = "http://example.com/facebook/";
}
$app_id = "my_app_id";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
echo("<script> top.location.href='" . $auth_url . "'</script>");
exit;
}
?>
You could put all your texts in a simple locale-based array. You first need to get the user's locale, then use it as a key
$loc["ja_JP"]["MyText"] = "My JP text";
$loc["en_US"]["MyText"] = "My US text";
$result = parse_signed_request($_REQUEST['signed_request'],"app_secret");
$locale = $result['user']['locale'];
echo $loc[$locale]["MyText"];
For resources (specific localized pictures for example), you could get the files in a locale-based directory.
I have problems with authorizing of the user in a facebook page tab. I have tried a lot of different methods in both PHP and Javascript without any luck at all basically.
If someone could explain this for me and show some code it would be great! I was thinking on to do the authorizing in PHP and then continue to grab some user-data width Javascript.
I also need to be able to let the user agree on the persmissions. so a popup for authorizing and permissions is what i need help with.
What do you think? Is there a better way?
Help with some code for this would as i said be great!
In order to know whether user already authenticated your app or not, decode signed_request and check if oauth_token is passed:
<?php
$secret='APP_SECRET';
$signed_request=($_REQUEST['signed_request']);
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;}
// check signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$information=parse_signed_request($signed_request, $secret);
$oauth_token=$information["oauth_token"];
?>
Then, use this script to get user authenticated if $oauth_token is empty:
<?php
$app_id = "APP_ID";
$canvas_page = "YOUR_TAB_URL";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=ENTER WANTED PERMISSIONS HERE";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($oauth_token)) {echo("<script> top.location.href='" . $auth_url . "'</script>");}
?>
Fill in APP_SECRET, APP_ID, YOUR_TAB_URL and WANTED PERMISSIONS in these scripts, cheers.
In an iframe .php app, how to detect itself is in a Page mode or in the Canvas mode? Thanks!
Reading the documentation:
Facebook will always send a signed_request (for canvas and page urls)
If it's a page, Facebook will add an extra parameter called page
so based on this, you could do something like:
<?php
if( isset($_REQUEST['signed_request']) ) {
// We are in Canvas or Page now
// Let's extract the data from the signed_request
// to check if we are inside a Facebook Page
$app_secret = "APP_SECRET";
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if( isset($data["page"]) ) {
echo "Page";
} else {
echo "Canvas";
}
} else {
echo "None, or something went wrong!";
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
I also had to add website in the criteria. This is my Yii code
if(empty($_POST['signed_request']) === false)
$signedRequest = Yii::app()->fb->getSignedRequest();
if(isset($signedRequest['page']))
$this->layout = 'tab';
else if(isset($signedRequest['user']) && ! isset($signedRequest['page']))
$this->layout = 'canvas';
else
$this->layout = 'website';
Thanks to #ifaour solution;
I had to modify it to get it work;
This what worked for me;
I noticed that signed request is only sent when site is loaded under canvas; but when direct access then no signed request is sent.
So I ended using this code:
if( !isset($_SESSION['signed_request']) && empty($_SESSION['signed_request']) ) {
exit("direct access not allowed.");
}
else
{
// echo 'Canvas';
// continue script
}