My current code:
(... variables setting, etc.)
$facebook = new Facebook(array(
'appId' => $apiid,
'secret' => $secret,
'cookie' => true,
));
$session = $facebook->getSession();
$me = null;
if ($session)
{
(do some stuff on user's 1 page)
}
else
{
$login_url = $facebook->getLoginUrl();
header("Location: ".$login_url);
exit;
}
I tried once, it worked. I was logged on user 1 to delete post ASAP. Then I've logged on user 2 account and tried this code. I was redirected to user's 2 facebook wall. What to do now? Do I need some extra permissions?
"Posting while user A" whilst logged in as User B kind of defeats the whole purpose of authentication. What you have described is likely impossible. You probably could post as User A on to User B's wall, but you cannot post as User B unless you are authenticated as them.
Related
I have a problem with my logging into my Facebook application.
When I click "login" I get redirected to Facebook to accept the permissions then Facebook redirects me back. But it doesn't change anything. The URL down is dynamic generated. When I try the same script on an other URL that's not dynamic it's work.
Here is the URL there i try to perform a login.
http://www.testaiq.se/test_592.html
What could be the problem? PHP is behind the URL over here.
require_once("facebook/facebook.php");
// Creating our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
'appId' => 'XXX',
'secret' => 'XXX',
));
// Getting User ID
$user = $facebook->getUser();
// Get Access token
$access_token = $facebook->getAccessToken();
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
// Retrieving user's friend list using fb graph api
$user_profile = $facebook->api('/me','GET');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if (!$user) {
$loginUrl = $facebook->getLoginUrl(array(
'scope' => 'user_likes'
));
}
I am using the following code to get Data on the logged Facebook user for my codeigniter application.
require_once('facebook-php-sdk/src/facebook.php');
$facebook= new Facebook(array(
'appId' => $this->config->item('app_id'),
'secret' => $this->config->item('app_secret'),
'allowSignedRequest' => false,
));
$_REQUEST += $_GET;
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me?fields=picture.width(100).height(100),first_name,last_name,username,email');
} catch (FacebookApiException $e) {
$user = null;
}
} else {
$login_url = $facebook->getLoginUrl(array(
'scope' => 'email'
));
echo 'Please login.';
}
This works and returns me the user's Facebook data, and if no user is logged in it provides the login link.
In the login link I ask for email permission as I need to collect these for communication. When the user logs in with the login link in the else clause, I successfully get the user's email address.
However I want to launch this application in a Facebook page tab using Woobox. Therefore the user would usually always be logged into their account. But the login to get email permissions is in the else statement if the user isn't logged in.
How do I ask for email permissions for an already logged in user, without haveing them login again?
How can I make it so that if the user is already logged into facebook, that the auth box asking the user for permissions comes up, where they can click ok to continue and authorize, rather than the login button.
I have this facebook app to show fb notifications in my website. Then i had this problem, Assume two users Alice & Bob. Alice is my website's regular user and she recommended it to Bob. She made him register on to my site from her own laptop. When bob tried to add the app, Alice's fb notifications shown up. Actually when Bob clicked the login link, since alice was already logged onto facebook it just pulled her details (same session), how to tackle this situation, Do we have to make Alice logout from facebook and make Bob login, Something like "Alice already logged in, sign in as a different user", Could somebody please suggest some solutions and how to do it.
The following is the piece of code am using for login
require_once('sdk/src/facebook.php');
$facebook = new Facebook(array(
'appId' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'cookie' => true
));
// Get User ID
$user = $facebook->getUser();
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
//check permissions list
if ($user) {
$permissions_list = $facebook->api('/me/permissions','GET', array('access_token' => $access_token));
//check if the permissions we need have been allowed by the user
//if not then redirect them again to facebook's permissions page
//
$permissions_needed = array('manage_notifications','publish_stream', 'read_stream');
$login_url_params = array(
'scope' => 'manage_notifications,publish_stream,read_stream',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
foreach($permissions_needed as $perm) {
if( !isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1 ) {
$login_url_params = array(
'scope' => 'manage_notifications,publish_stream,read_stream',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
echo $login_url;
header("Location: {$login_url}");
exit();
}
}
//if the user has allowed all the permissions we need,
//get the information about the pages that he or she managers
$accounts = $facebook->api(
'/me',
'GET',
array(
'access_token' => $access_token
)
);
}
else {
//if not, let's redirect to the ALLOW page so we can get access
//Create a login URL using the Facebook library's getLoginUrl() method
$login_url_params = array(
'scope' => 'manage_notifications,publish_stream,read_stream',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
//redirect to the login URL on facebook
$facebook_login = $login_url;
echo "<a href='$login_url'>Login Facebook</a>";
The best thing to do would be the following:
When a user comes to your site, detect whether they are logged into Facebook and whether they are auth'd for your app using the Javascript SDK and the FB.getLoginStatus method.
If they aren't auth'd, prompt them with the Permissions dialog and encourage them to sign up.
If they are auth'd and logged in to FB, then automatically log them into your website. To avoid the Alice/Bob confusion, show an indicator somewhere on your website that they've been logged in as "Alice" and maybe have a link underneath that says 'Not you? Click here to login as someone else' or similar
If they click on this link, or they click on a Logout link on your site call the FB.logout method in the Javascript SDK which will invalidate the current access token for that user but also log them out of Facebook.
Then, you can push them back to the login/registration page after this and they will be prompted to login to their Facebook account.
As far as I know, the new user has to log the previous user out of Facebook and log him or herself in first.
We have no control over the login/auth popup nor the locally stored Facebook session data so when Bob hits login and sees Logged in as Alice (Not You?) he's just supposed to hit 'not you?', which will log Alice out of Facebook and prompt Bob to login and then authorize. This is problematic though because when Bob leaves and Alice goes to Facebook.com she will be logged into Bob's account.
One possible solution is to grab the current logged in user's name and profile picture, and to display it next to the Login with Facebook button. That might help clarify things to the user. You should be able to display this info without being authenticated and could even provide your own link to log out of Facebook.
I'm using Facebook to manage the login for my website. I also use the PHP SDK to call the Graph API to retrieve friend lists, comments, posts etc.
The problem I'm having is that I want the site to be standalone, so that the user follows a link from Facebook and then comes to the site.
It kind of works, but sometimes when the user follows the link, they see my site's index page in the Facebook canvas area. I haven't fully managed to reproduce this, so haven't nailed down the circumstances in which it happens. however, when it happens, if I click 'Back' in the browser, I get taken back to my own site.
It looks like the link takes the user from Facebook to my site, which then calls Facebook to check that the user is logged in, but then it doesn't return to my site for some reason. but as I say, I'm not sure.
Anyway, anyone have any ideas what the problem might be?
My login code is:
// Create new Facebook object
$facebook = new Facebook(array(
'appId' => APP_ID,
'secret' => APP_SECRET,
'cookie' => true, // enable optional cookie support
));
// Create login url, in case user is not logged in or session has expired
$loginUrl = $facebook->getLoginUrl($params = array('canvas' => 0, 'fbconnect' => 0, 'req_perms' => 'publish_stream', 'cancel_url' => 'http://www.pubfish.com'));
// Get current facebook session
$session = $facebook->getSession();
$me = null;
// Session based API call.
if ($session) { // If session exists, make sure it's still valid
try { // Get session to see whether it's valid
// User is logged in and has authorised application already
$uid = $facebook->getUser();
$me = $facebook->api('/me');
} catch (FacebookApiException $e) {
echo "<script type='text/javascript'>top.location.href = '".$loginUrl."';</script>";
error_log($e);
}
}else { // No session - so ask user to log in
$url=$facebook->getLoginUrl(array('canvas' => 1,'fbconnect' => 0));
echo ('<script type="text/javascript">top.location.href=\''.$url.'\';</script>');
}
Have you tried setting 'next', like this: $params = array('canvas' => 0, 'fbconnect' => 0, 'req_perms' => 'publish_stream', 'cancel_url' => 'http://www.pubfish.com', 'next'=>'http://www.pubfish.com')? If all else fails you can use this to break out of the canvas iframe:
<script>
$(document).ready (function () {
if (window != top) top.location.href = location.href;
});
</script>
I'm tired of digging through tons of tutorials/documentations which don't help me at all.
What I have now (everything is placed inside admin control panel):
If user is logged on correct account (administrator of page with granted rights), everything works fine, post on page is posted as impersonated site.
If he is logged on other account, nothing happens. Site redirects him to his wall.
If he isn't logged on any account, he's redirected to facebook login - if he logs onto correct account, he returns to acp (it's bad solution, because it'll clear his form)
I want to achieve:
If logged in, everything as it was
Else popup with login to specific (correct) account
At the moment I'm using only PHP, but solution with JS is permitted.
My code:
<?php
/*(...)*/
$facebook = new Facebook(array(
'appId' => $apiid,
'secret' => $secret,
'cookie' => true,
));
$session = $facebook->getSession();
$me = null;
if ($session) {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
}
if($me) {
//In order to post to the page later on we need to generate an Access Token for that page, to do this we get me-accounts in the following api call
$accounts = $facebook->api('/me/accounts');
//Loop through the array off accounts to find the page with a matching ID to the one we need
foreach($accounts['data'] as $account){
if($account['id'] == PAGEID){
$ACCESS_TOKEN = $account['access_token'];
}
}
}
$message=$data['facebook_text'];
$attachment = array(
'message' => $data['facebook_text'],
'name' => $data['name'],
'description' => '',
'link'=>$someurl,
'access_token' => $ACCESS_TOKEN
);
if($image_url != NULL) $attachment['picture'] = $image_url;
try {
if($facebook->api('/PAGEID/feed', 'post', $attachment))
{
//other stuff
}
} catch (FacebookApiException $e) {
error_log($e);
//other stuff
}
}
else
{
$login_url = $facebook->getLoginUrl();
header("Location: $login_url");
exit;
}
/* (...) */
?>
Solution can't redirect anywhere, because it's inside form, so all data'll be lost.
I'm not really sure I understand what you want to do here, but this is what I use in a similar situation:
$session = $this->get_admin_session_of_page ($page_id);
$session = unserialize ($session);
$facebook->setSession ($session, false);
In the facebook php SDK there is a method to manually set the session, setSession. I save the page admin user session in DB with serialize, with the offline access and manage pages permission. Then when you need some admin privileges for the application you just unserialize it, and then use setSession. The second parameter is set to FALSE, so that this session is not saved in a cookie and logout the current user.
This way it's not important who is logged in, the work is always done as an admin of the page. I think this is safe to use in an automated script, for example to upload a user photo in a page album.
Of course, you must use caution with this if it gets more involved then that, or implement your own security.