I am looking for ways to do this. API doesn't seem to be helping. I tried many ways without api too. I need to achieve this with javascript.
Does anyone know any kind of way to do this?
I have tried something like this:
How to detect if a tumblr user is logged in?
https://github.com/apandhi/Tumblr-Logged-In-Checker
which is without api. I can't find how to do this with api and I am not sure if it's even possible.
To update my comment.
If you run this code on your blog (or in the console)
document.cookie.indexOf('logged_in=1') != -1;
It returns true if user is logged in, or false if user is not logged in.
By this logic you can set this equal to a variable and run different functions depending on the value of the variable.
var user_logged_in = document.cookie.indexOf('logged_in=1') != -1;
if(user_logged_in) {
// insert code here for logged in users
}else{
// insert code here for non logged in users
}
Related
I know that if I want to check if PFUser.currentUser is logged with Facebook, I can use:
if FBSDKAccessToken.currentAccessToken() != nil {
print("you logged with FB!!")
//do your stuff.
}
How can I know if in a blogging app, another user is logged on parse via Facebook? (or twitter? or other ways?).
So just to be clear, I don't want to know if CURRENT USER is logged in via FB!, but if ANOTHER user is, still better HOW this user logged in.
For example, in a class named "posts" under the column "author" I have pointer to that user in default "users" class. Is there a way, planned by Parse, in wich I can perform that check? In their docs this case seems to be missing, they only talk about login, linking, referring, but not checking (if not for current user).
should I insert a new column in class User as for example "userLoggedInBy" ??
I'm developing using the Facebook PHP SDK.
I wanted to make it so that when the user logs out of Facebook, they will automatically be logged out of my website too.
I am using the following code to detect the session, using the session cookie:
$facebook->getUser();
For some reason, the getUser() function still returns the user's Facebook ID, even after they have logged out of Facebook on their website.
Am I to detect the session first using another Function?
On the official documentation example here, is the following excerpt from their comments:
// Get User ID
$user = $facebook->getUser();
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
This lead me to believe that the session cookie for Facebook would become unset upon Facebook logout?
Kind Regards,
Luke
I have the same issue!
The FB PHP SDK saves those things into the $_SESSION!
You can delete them like this when your user clicks logout:
$_SESSION['fb_'.APP_ID.'_user_id'] = '';
$_SESSION['fb_'.APP_ID.'_access_token'] = '';
Although this is not the final solution, it works for now.
I appreciate comments and solutions on that!
I want to give an alternative, in a way you don't have to handle session stuff. Although, I must warn you this is slower than cleaning up the session, because it relies on a new request. What we're doing in the code below is to check on Facebook if the token is still valid. Here it's:
try {
$facebook->api('/me','GET');
$logged = true;
} catch(FacebookApiException $e) {
$logged = false;
}
In my case, I was doing everything using the JavaScript SDK, so I couldn't clean session on logout. But in my landing page, I was needing a work around to check it before send the response back.
If you're facing something like this, definitely a good solution.
The problem seems to be in php-sdk in basefacebook.php at line 567
protected function getSignedRequestCookieName() {
return 'fbsr'.$this->getAppId();}
This method returns the name of the cookie the sdk is looking for. However, javascript-sdk uses 'fbs_' prefix. Change this to 'fbs_' and it works fine.
return 'fbs'.$this->getAppId();}
$facebook->destroySession();
To destroy the session you can also use:
$facebook->destroySession();
I looked around and could not find anything to do this (well it was not obvious or semi-obvious)
So say i have a facebook application that offers a service that people will pay for during use. The average user can come on and "Subscribe" to it, while the admin of those pages can perform an activity that will cost them money (make me money).
I do not want hacking attempts or anything to hurt our product. So, how can i verify that someone is an admin using the PHP SDK.
What we are currently doing is storing the $_POST["signed_request"] in $_SESSION's data and working with that. Either the $_POST or $_SESSION is not safe 100% (firesheep).
Is there any way to verify this? graph api?
Okay, first things first. To retrieve the signed_request and check if the user is an admin you would use something like:
$signed_request = $facebook->getSignedRequest();
if ($signed_request['page']) { // Loaded in a page tab
if ($signed_request['page']['admin']) {
// Current user is admin
} else {
// Normal user
}
} else { // Canvas view
}
Now I'm not sure what do you mean by:
What we are currently doing is storing the $_POST["signed_request"] in
$_SESSION's data and working with that.
Because if you are using the PHP-SDK then you don't need to worry about storing the signed_request in the session since the SDK will handle it for you.
Now for the last part:
Either the $_POST or $_SESSION is not safe 100% (firesheep).
That's not true, the signed_request is useless without your app secret key to decode it. So even if someone was able to obtain it, it won't compromise your application. Read more about signed_requests here.
You know how users can clear the pre-populated form and revert to normal registration?
I'm developing an iframe registration app and when the user clears the form fields, it looks like the signed_request is still valid (if upon load the user was logged into facebook).
Anyone know how we are supposed to know if the user is really using FB info or registration info? I previously thought the session would tell us but my session is still valid after the
user hits "clear form".
// Check to make sure we have a signed_request object, if not, redirect to home
var sreq = Request.Form["signed_request"];
if (string.IsNullOrEmpty(sreq))
{
Response.Redirect(WebConstants.SiteConstants.Home);
}
var app = new FacebookApp();
WHy is app.UserId still populated if the user clears the FORM!
How do I detect that we really want to integrate with FB or not ?
thanks!
I agree about the authentication vs registration but I think the Facebook API is not clearing the authentication cookie correctly because it is still valid if you clear the form or logout (i'm using iFrame registration), so I guess I'm looking for a best practice since when I get the signed-request, the id is the authenticated user so the only work-around I have right now is to check for String.IsEmptyOrNull( on the password field) - which tells me that this user did not use facebook registration). I think this is a hack but if anyone knows the "proper" way to take a signed request and convert it to an object please comment on my approach. It is kinda amazing that we still have to write a ton of code for what should be a straight forward approach to getting what we need. I've seen tons of complaints about FB development and they are mostly true - the Google API is not this frustrating and FB makes it almost impossible to test different environments as well (not to mention the famous cookie problems with localhost).
Problem : App.UserId is still the authenticated user after clearing the iframe form or logging out of FB - go figure.
Solution : check the presense of password field - this tells us that we have a non-fb registration going on....
C#.NET for all the minority out there.
// Check to make sure we have a signed_request object, if not, redirect to home var sreq = Request.Form["signed_request"]; if (string.IsNullOrEmpty(sreq)) { Response.Redirect(WebConstants.SiteConstants.Home); }
JObject meObject = null;
var app = new FacebookApp();
if (app.SignedRequest != null)
{
meObject = JObject.Parse(app.SignedRequest.Dictionary["registration"].ToString());
// Access meObject
JavaScriptSerializer ser = new JavaScriptSerializer();
fbReg = ser.Deserialize<FBRegistration>(meObject.ToString());
if (fbReg != null)
{
// 02 Feb 2011 - MCS - bug in facebook API, does not delete cookie if logout of FB
// We check to see if we have password - then - we know we can check the UserId
if (String.IsNullOrEmpty(fbReg.password))
{
// FB Registration
FacebookUserId = app.UserId;
}
else
{
FacebookUserId = 0;
// Non FB Registration
Registration and authentication are two completely different things. Just because the user "clears" a form does not log them out of facebook. The C# SDK is just detecting if a signed_request exists and is valid.
Ok, I have this array of a users friends, and I'm just wondering how I can filter out the ones that are offline so that I only have the online ones in the array :D
Thanks
You don't need to do that, you just have to account for current logged in user whether it is you or anyone else and behind the scenes it will be however is logged in. You should simply make a check if a user is logged in (any user including friend):
if ($facebook->user > 0 && isset($facebook->user))
{
// your code here....
}
The code in the condition will run only if a user is logged in.