I'm trying to make a facebook application that would do something on my own timeline. I can't understand facebook's own manual about this so i'm not really sure how things work there, so i'm hoping someone can clarify things here. I don't want anyone installing that application or somehow abusing it to post things on my timeline in my name. What steps should i take to prevent these things if possible?
Beyond what you have learned yet, you can use the php-sdk to authenticate and then check the visitors user id.
"i will edit in code as we discover what you are trying to accomplish, action wise."
php sdk example.
// init php sdk here.
// check if we have a user
// call api to get info about use
$user_profile = $facebook->api('/me');
// if we have a user, we can use that user id as a wrapper to filter content.
if($user_profile[id]==='000000000'){
// 000000000 is your facebook id for this example.
// i am logged in, and only i can see this.
// get some info, make a few posts, add photos etc; here.
}
cURL example
when you curl 'me', it ensures that it is the current session user, then when you compare that to your actual user id, you can gate "so to speak" content that only you can see and use.
cURL'ing to the me connection is only needed to create gate, you can do all your other curl calls after you know it is you doing it.
http://anotherfeed.com/curl.api.php?objid=me
here is an example, when i curl me, it looks for a logged in user, if there is an access token which for this example i excluded, it will return an array with my "me" info including my id.
Hard coded i will use $me=$curlresults[id] which is my user id returned by the session call.
to gate i simply
$me=$curlresults[id]
if($me==='myfacebookuserid'){
// do my other curl calls here, i know only i can see this.
}
Full cURL example.
get your user access token for your app from the token tool below, store it somewhere safe so you can pass it in via url param or session param.... https://developers.facebook.com/tools/access_token/
add your facebook user id where it says myfacebookuserid
to secure this you will need to pass the access token in with post, get or session.
for this example we will use the get method.
yourpage.php?user_token=youruseraccesstoken is how it is passed in this example.
$access_token = $_GET['user_token'];
$build = 'https://graph.facebook.com/me?'.$access_token.'';
function GetCH($url){
$ch=null;
if(!$ch){
$ch = curl_init();
}
curl_setopt($ch, CURLOPT_URL, "".$url."");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FORBID_REUSE, true);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$return=curl_exec($ch);
if(!curl_errno($ch)){
return $return;
}else{
$fb_fail=curl_error($ch);
return $fb_fail;
}
curl_close($ch);
unset($ch);
};
$returned=GetCH($build);
$locs=json_decode($returned, true);
$meid=$locs[id];
if($meid==='myfacebookuserid'){
// do my other curl calls here, i know only i can see this.
}
Related
I am new to Magento 2. I need help in the following query.
How to call an external API on page load or on click of a button in Magento 2.2?
Do we need to create an observer for the same or is there a better way to do it. Will appreciate if any links are provided for step by step process.
First of all, we need to know how to call a basic API. Here is example about GET:
$externalAPI = 'https://your/external/api_url'
$ch = curl_init($externalAPI);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
$result = curl_exec($ch);
var_dump($result);
From the Magento side, we can use \Magento\Framework\HTTP\Client\Curl class:
$apiUrl = '';
$this->curl->addHeader('Content-Type', 'application/json');
$this->curl->get($apiUrl);
$body = $this->curl->getBody();
$httpCode = $this->curl->getStatus();
//Quick decoding body
$dataResponse = \Zend_Json::decode($body);
How to call an external API on page load or on click of a button in
Magento 2.2?
Do we need to create an observer for the same or is there
a better way to do it.
It depends on the requirements. When do you need to connect to API? Or just display it on the frontend?
Once you know when(or where?) you need to call the external API. You can choose the Plugin, Observer, or Ajax solution.
Facebook documentation says offline_access is depreca ted.How do I extend the access token for 60 day?
I did enabled deprecated offline_access from advanced settings for app.
you can try to two ways:
1. enable the offline deprecation functionality, and grab the exchanged token value in available and then run cUrl functionality. After running the cUrl just pass the response value in var_dump().. you could see the access token and the expires date..
you will get different value for the opposite process of (1).
You can use https://developers.facebook.com/docs/howtos/login/extending-tokens/ for long lived access tokens, or https://developers.facebook.com/docs/howtos/login/login-as-app/ for non-expiring app access tokens. But you probably need the first.
function fb_renew_access_token($args=array()){
$token_url = "https://graph.facebook.com/oauth/access_token?client_id=".$args["app_id"]."&client_secret=".$args["app_secret"]."&grant_type=fb_exchange_token&fb_exchange_token=".$args["old_token"];
$c = curl_init();
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($c, CURLOPT_URL, $token_url);
$contents = curl_exec($c);
$err = curl_getinfo($c,CURLINFO_HTTP_CODE);
curl_close($c);
$paramsfb = null;
parse_str($contents, $paramsfb);
return $paramsfb;
}
//to get the extended access token
$extended_access = fb_renew_access_token(array("app_id"=>"4545454544s45454545","app_secret"=>"sdfgds2fg4d2f54g5df4gdsdsfgdsfg54dfg","old_token"=>"54sdf54sd54f35asdgs4ghdsd5sh4d5trh4djhdfj45fdh"));
Possible answer or bug: Using the user access token seems to work, it deletes the request and will throw an error when trying to read it in the future, but it still exists in the graph and providing apptoken still shows it, and for some reason wouldn't delete it. Seems contrary to documentation, but changing apptoken to access token seemed to at least provide a workaround for me.
First, the code I'm using (as the one in the documentation always returned an entity not visible by user type message)
function do_delete_request($url, $optional_headers = null)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//include array of additional headers
if (count($optional_headers)) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $optional_headers);
}
return curl_exec($ch);
}
$full_request_id = build_full_request_id($request_id, $user_id);
$delete_url = "https://graph.facebook.com/" .$full_request_id. "?access_token=".$apptoken;
$result = do_delete_request($delete_url);
I'm sorry if that's messy, I don't know how to format stuff here. I'm at a loss after a lot of googling, I never ask this stuff.
$result returns true, over and over again. Graph explorer shows the request still exists.
By deleting it, does that just mean I remove it from the requests interface for a user? Or am I doing something wrong in my delete process?
I need a way to tell whether or not a request has been accepted already or not. Thanks for any help.
Facebook sends the user to your app with the Request ID(s) in the URL, that's how you tell when a request has been accepted. It's up to you to check for a process a response to a request.
https://apps.facebook.com/[app_name]/?request_ids=[request_ids]
As far as delete not working, is the request still their after some time? Facebook, and many busy sites, do heavy caching so things like delete may not be processed immediately.
I'm creating test users in Facebook for my application. It works sometimes. When it doesn't, the error occurs on this call:
function getTestAccounts($fb, $a) {
$s = urlencode($a);
**$accounts = $fb->api("/{$fb->getAppId()}/accounts/test-users?access_token=$s");**
if( isset($accounts['data']) )
return $accounts;
else
return null;
}
Error is:
Uncaught OAuthException: (#15) This method must be called with an app access_token.
Previously I've obtained the token with this function:
function getAppAccessToken($fb) {
$access_token_url = "https://graph.facebook.com/oauth/access_token";
$parameters = "grant_type=client_credentials&client_id=" . $fb->getAppId() . "&client_secret=" . $fb->getApiSecret() . "&junk=1";
return file_get_contents($access_token_url . "?" . $parameters);
}
When I output the offending token, it looks something like this and does not change (should it?)
access_token=229234510434203|TK2UDoGCPthCBeDIvhRIPkSG8Wk
I've tried clearing cookies. That seemed to work but might have been coincidental with something else because it does not now.
I assume the access token returned from FB changes but it's always coming back the same.
Mark
for a user access token i use the below, where the number is my app id. "used with php-sdk"
$access_token = $_SESSION['fb_135669679827333_access_token'];
for an application access token i use cURL
$app_access_token = GetCH();
function GetCH(){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
if(substr($url,0,8)=='https://'){
// The following ensures SSL always works. A little detail:
// SSL does two things at once:
// 1. it encrypts communication
// 2. it ensures the target party is who it claims to be.
// In short, if the following code is allowed, CURL won't check if the
// certificate is known and valid, however, it still encrypts communication.
curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
}
$sendCH = curl_exec($ch);
curl_close($ch);
return $sendCH;
};
Let me know if this helps.
I made a greenhorn mistake. What I failed to notice was that this problem was only occurring after I opened another browser tab and logged to Facebook as myself or a test user. The new Facebook session was interfering with the API.
I guess the API uses the access token of the logged on user instead of what's passed in the request. Kind of obvious once you understand it!
Hope this helps the next person :-)
Im trying to make something similar to twitpic.com's email submission feature.
Their address schema is something like username.key#twitpic.com. When you send an email to that address it processes it and uploads your picture.
What im wondering is how they generate and handle those addresses in php. I know how to pipe a single email address to a program using cpanel, but how is this done dynamically?
Ill settle on what this is even called or some google search results so i can do my own research, but i just want a place to start.
There's an option in cpanel to set a default address that catches all email sent to addresses that don't exist. This is probably the easiest way to do it.
In fact, in the version of cpanel I have, if you go to Default Address, and go to Advanced Options there an option to pipe to a program all mail without a valid address.
Ok i found this.
http://twiki.cpanel.net/twiki/bin/view/AllDocumentation/AutomationIntegration/Api2AddForwarder
Trying to find out how/where i can do this using PHP
update
Found a cpanel api class here
http://www.phpclasses.org/browse/file/17045.html
Im trying to contact the author of the class to see how to add the functionality of the api to that class (which can already handle creation of forwarders)
Juse copy and pase below code and replace the desired variables and it will be work :
/*Host Credentials*/
$host = "Host Name";
$port = "Port Number ex. 2083";
$HostUserName = "Your cpanel username";
$HostPassword = "Your cpanel password";
/*-------------------------*/
/*Email details which you want to create*/
$email = "email name which you want to create";
$domain = "Domain name on which you want to create the email for subdomain you can write ex. subdomain.domain.com";
$password = "Password for your email"
$quota = "limit which you want to assign for this account."
/*--------------------*/
$query = 'https://'.$host.':'.$port.'/frontend/x3/mail/doaddpop.html?email='.$email.'&domain='.$domain.'&password='.$password.'"a='.$quota;
$curl = curl_init(); // Create Curl Object
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); // Allow self-signed certs
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); // Allow certs that do not match the hostname
curl_setopt($curl, CURLOPT_HEADER, 0); // Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); // Return contents of transfer on curl_exec
$header[0] ="Authorization: Basic " . base64_encode($HostUserName.":".$HostPassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header); // set the username and password
curl_setopt($curl, CURLOPT_URL, $query); // execute the query
$result = curl_exec($curl);
curl_close($curl);