Post to timeline like Candy Crush Saga - facebook

I want to post to user time-line with their current activity with photo uploaded by them.
For example:
I voted 'xyz movie'.
..image1.. ..image2.. ..image3..
Question : Mutiple photos possible? If yes, Is there limit of photos.I need to show 3-5 photos
Similar to Candy crush saga game post:
(just for reference,not exactly like this. For curiosity I wanted to know whether this is two posts?)
Which api can we use for this?
Is this possible with FB.ui feed api?
FB.ui(
{
method: 'feed',
to:'the Facebook ID of the person you wanna send',
name: 'Facebook Dialogs',
link: 'http://emplido.com',
picture: 'http://fbrell.com/f8.jpg',
caption: 'Reference Documentation',
description: 'Dialogs provide a simple, consistent interface for applications to interface with users.'
},
function(response) {
if (response && response.post_id) {
alert('Post was published.');
} else {
alert('Post was not published.');
}
}
);

What you want is called rich stories, you can create them with open graph, here you can see what are the options available.
This is no easy deal, since you have a lot of options, so you really need to read the open graph docs to find which action fits best. In the docs you have a complete "how to", including how to post an action on a users wall with graph api https://developers.facebook.com/docs/opengraph/using-actions/
Remember that you have to two types of actions, common (docs here) and custom (docs here)
I know that documentation isn't the best answer or the one you wanted to, but in this case it's really necessary, as I said before, you have too many options, that allows you to create the best user experience for your app.
Quoting the docs here's a little example on how to create a story with open graph
To publish an action, make an HTTP POST to the following Graph API endpoint:
/{user-id}/{action-type}
This call should be signed with a user access token with
publish_actions permission or with an app access token for a user who was previously logged in.
For common actions, the {action-type} is the name of the action, such as og.likes:
/{user-id}/og.likes
For custom actions, it is a composite of the app namespace and the custom action type:
/{user-id}/{namespace}:{action-type-name}
The namespace is unique to your app, and is set in your app's dashboard on the Basic tab.
This example is the simplest one.

Related

Check if user can write on a friend's Wall

If there any way to check in PHP SDK if user can write on specific friend's Wall?
Example:
if ($facebook_can_write_to->'123456789') echo "You can write on this friend's Wall";
Using the FQL table (http://developers.facebook.com/docs/reference/fql/user/) you can check to see if the current user can post to a friends wall by loading up the friend's user information specifically the can_post field.
can_post bool Whether or not the viewer can post to the user's Wall.
According to the documentation you can post on a user friends wall if that user granted you the *publish_stream* permission:
publish_stream
Enables your app to post content, comments, and likes to a user's
stream and to the streams of the user's friends.
There are some cases in which you won't be able to do so, for example if some user blocked your application then I guess it will fail if you try, so you should just check the response you get back from facebook for the api request and see if it worked or not.
Edit
As far as I'm aware you can not ask the api (nor via fql) "can my application post to this users wall", you can only ask "have this user granted my application the publish_stream permission".
If I understand what you want, I might have kind of a solution for you though.
I say show the user the option to post on a friends wall.
When the user chooses this option try to post on the friends wall (and I assume you are using ajax for that call), if it fails return some kind of code, then in the client side check for that code, if it returns use the javascript sdk to open a dialog.
You have two choices for dialogs, you can use the Feed Dialog like this:
var obj = {
method: 'feed',
to: "FRIEND_ID",
name: 'A message',
caption: 'Just trying something',
description: 'This is how to post on a friends wall'
};
FB.ui(obj, function(response) { console.log(response); });
Or you can use the Send Dialog:
FB.ui({
method: 'send',
to: "FRIEND_ID",
name: 'A message',
link: 'LINK_URL',
});
With this one though you have to post a link, I'm not sure if that works for you. After you tried and failed for a user you can save that data and use it later.

Automatic Timeline Action posting

Following Facebook's Guide for the new open graph, I have managed to implement Timeline and "Read Article" Action on our WordPress-based site. But the guide makes you click a button to post the action. It might be silly question, but how do we make it automatically posting once user enters the article? Is that something that's happening AFTER the action has been approved by Facebook?
Does recommendation bar do that? Is that its purpose?
Yes, the Recommendations Bar does this. You could implement something similar in your own code but the Recommendations Bar supports a bunch of things out of the box like sending the activity only once the user scrolls X% of the way down and/or after a specified time interval.
Using this markup the action should be tracked in 5 seconds after the bar has loaded:
<div class="fb-recommendations-bar" data-href="{YOUR URL}" data-read-time="5"></div>
The Recommendation Bar is still in beta and won't work for anyone other than the App Administrators / Developers / Testers.
End-users will only get actions published once Facebook has approved the action. This usually takes a day or two if you provide adequate instructions. You will need to make sure users are able to remove their activity from within your site - this is a requirement for submitting a action:
Please make sure your users can
Turn sharing on/off globally on each page an article appears.
Remove articles they shared within your app on each page an article appears.
Only generate read actions when you're sure someone is interested in reading the article.
For my WordPress site, I used some code like:
setTimeout( function() {
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
// publish action to facebook
FB.api( '/me/{$action}', 'post', { article : '{$permalink}' } );
} else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
// but has not authenticated your app
} else {
// the user isn't logged in to Facebook.
}
});
}, 2000 );
Use some JavaScript to post the action after the page loads:
window.onload=postCook;

Security of feed posting

Using JavaScript SDK, it is possible to wall post with user's consent. Since It can be done entirely on client side, how to prevent someone to post something to their wall on behalf of my application, tampering with fields the fields like "picture", "link", "caption" and "description"?
Edit for the bounty:
Bragging is an essential part of any game, including online games. In my web game I want to enable users to brag on Facebook when they win, but I don't want them to be able to forge some post and send via my application, what would allow them to brag without actually winning. They may only publish something via my application if I actually allow them to do (I can only imagine some way to ensure this by using some authenticated server side API).
Facebook's Feed Dialog allows developers to prompt users if they want to publish something in their wall, and I well could use it to publish the user's winning story. The problem is that that API is entirely client-side, and can be used via Javascript SDK or just by forging an URL. I was able to forge a post in the name of my application by just filling the fields in an URL, like this given example:
https://www.facebook.com/dialog/feed?
app_id=123050457758183&
link=https://developers.facebook.com/docs/reference/dialogs/&
picture=http://fbrell.com/f8.jpg&
name=Facebook%20Dialogs&
caption=Reference%20Documentation&
description=Using%20Dialogs%20to%20interact%20with%20users.&
redirect_uri=http://www.example.com/response
The problem is that I was unable to forge such request for an existing application, like Robot Unicorn Attack : Evolution. Thus, either 1) I don't know how to forge a request to this application and that is still possible and there is no safety or 2) it is possible to prevent client side exploitation of the Facebook's API, and I don't know how to do this on my application.
So, for the bounty sake, I will consider a proper answer either 1) some proof that it is always possible to forge a post on behalf of some application, and by that I would require a way to post whatever I want on behalf of Robot Unicorn Attack : Evolution, or 2) a way to prevent users to forge feed posts on behalf of my application, in a way I can no longer do it without having server-side only information.
If you want to post anything on behalf of Robot Unicorn Attack : Evolution do the following:
0) Make sure you have added the app.
1) Using Chrome, go to https://s.adultswim.com/games3/fb-game-files/robotunicornattackevolution-sec/index.html (this URL was located by inspecting the action of the form tag above the iframe of the content on the canvas page)
2) Open Developer Tools
3) In the Console paste this:
FB.ui({
method: 'feed',
name: 'There is no security',
link: 'https://developers.facebook.com/docs/reference/dialogs/',
picture: 'http://fbrell.com/f8.jpg',
caption: 'I can post whatever i want',
description: 'Dialogs provide a simple, consistent interface for applications to interface with users.'
},
function(response) {
if (response && response.post_id) {
alert('Post was published.');
} else {
alert('Post was not published.');
}
});
4) Hit enter and see the dialog pop up on the page
1) some proof that it is always possible to forge a post on behalf of
some application, and by that I would require a way to post whatever I
want on behalf of Robot Unicorn Attack : Evolution,
You have already done that. Keep Self proof. Hence proved.
2) a way to prevent users to forge feed posts on behalf of my
application, in a way I can no longer do it without having server-side
only information.
feed posts need is an application id, which cannot be hidden. So as long as you have an application - anyone may post on its behalf . (according to me.)

Is authentication required for Facebook Apps?

I don't use Facebook, so at a bit of a loss here, as the API documentation doesn't quite answer this, perhaps someone here knows...
Looking at building a Facebook app to assist publishing from a content-driven web app. Obviously we need authorisation via OAuth to publish an app link to a facebook user's wall, but is authorization for everyone viewing the app within Facebook required? We have no interest in making use of the viewer's facebook data, we just want to show them a page.
If they have to authorise the app, then that's a bit of a barrier - but it's not clear if they can just view the app without anything getting in the way.
"is authorization for everyone viewing the app within Facebook required?"
If you mean having your app post a link to their wall, then yes, you will need to ask for their permission to do so. If you mean can other friends can see the post made by your app to an authorized user's feed? No the friends do not need to authorize your app to do that.
But remember Facebook now has the ability for you to specify which groups can see the post. See https://developers.facebook.com/docs/reference/api/user/#posts and read about the privacy field.
Yes, you can show app without any authentication. If you want user to share content then you can do it like this. Code is few months old, so I don't know if that works.
You cannot set custom text/message for the user. This will display popup window where user must confirm sharing/posting to wall.
<div id="fb-root"></div>
<script src='http://connect.facebook.net/en_US/all.js'></script>
<script type="text/javascript">
FB.init({appId: 'APP_ID', status: true, cookie: true});
function share(object) {
var obj = {
method: 'feed',
link: 'http://apps.facebook.com/your_app_url/',
picture: object.picture,
name: object.name,
caption: object.caption,
description: object.description,
action_links: [
{ text: 'My Cool App', href: 'http://apps.facebook.com/your_app_url/' }
]
};
function callback(response) {
}
FB.ui(obj, callback);
}
</script>
If you're doing a canvas app, you don't need to. You get this generic information in the initial HTTP post:
user A JSON array containing the locale string, country string and the age object (containing the min and max numbers of the age range) for the current user.
algorithm A JSON string containing the mechanism used to sign the request.
issued_at A JSON number containing the Unix timestamp when the request was signed.
You get no actual information about the user, though. You need to authenticate to get that.

FB Connect - Can It Be Used to share message with multiple users?

I suppose the answer is pretty simple, but i cant find conclusive answer either way.
Is it possible to use facebook to log in a user, fetch their friends, allow them to select them and then post to their profiles in turn, even if that means firing up a custom modal with html to select from the list of users friends before passing the IDs on to the publishStream function in a loop.
Any response would be dandy. Thanks guys and gals.
If you post to the logged-in user's stream, you have no control over which friends see it in their own streams.
Alternatively, you can send facebook notifications to friends that were selected, subject to the daily notification limit imposed on your app by facebook. Be aware that facebook is phasing out noficiations.
You can do exactly what you said. Just get the list of user IDs before hand using your custom dialog you mentioned. Then call the FB.ui function repeatedly, populating the "to" parameter with each friend ID.
FB.ui(
{
method: 'feed',
to: #,
name: 'name of post',
link: 'http://link.com',
picture: 'http://link.com/image.jpg',
description: 'descriptive text',
},
function(response) {
if (response && response.post_id) {
alert('Post was published.'+response);
} else {
alert('Post was not published.'+response);
}
}
);