Do you have an example of how to confirm that the person trying to access the content of your app is a member of a specific facebook group, using php? I've read through the developer docs and all it managed to do was confuse me even more. I've seen posts similar to this one but they only show me how to print a list of members...
I need to know how to get the list and see if the user trying to access the app is a member of the group so that I can either a: allow access or b: deny access and re-direct the user to the group page so they can request membership...
Yes its pretty simple, you just need to know the ID of the group you want to do that and ask for the scope user_groups permission, so you can query the groups the user have.
With the PHP SDK you can do this:
<?php
// Remember to copy files from the SDK's src/ directory to a
// directory in your application on the server, such as php-sdk/
require_once('php-sdk/facebook.php');
$config = array(
'appId' => 'YOUR_APP_ID',
'secret' => 'YOUR_APP_SECRET',
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
if($user_id) {
// We have a user ID, so probably a logged in user.
// If not, we'll get an exception, which we handle below.
try {
$user_profile = $facebook->api('/me?fields=id,name,groups','GET');
$user_belongs_to_group= FALSE;
foreach($user_profile['groups']['data'] as $group){
if($group['id']==YOUR_GROUP_ID)
$user_belongs_to_group=TRUE;
}
if($user_belongs_to_group){
//Alright! the user belongs to the group
}
else{
//Oh snap you don't belong here, but you can if want to
}
} catch(FacebookApiException $e) {
// If the user is logged out, you can have a
// user ID even though the access token is invalid.
// In this case, we'll get an exception, so we'll
// just ask the user to login again here.
$login_url = $facebook->getLoginUrl();
echo 'Please login.';
error_log($e->getType());
error_log($e->getMessage());
}
} else {
// No user, print a link for the user to login
$login_url = $facebook->getLoginUrl();
echo 'Please login.';
}
?>
Some of this code I grabbed from the facebook, you can see the data that is returned when query for groups here: https://developers.facebook.com/tools/explorer
Press the plus sign after the name go to connections, choose groups and press send
You are in a catch-22, you will need the user to grant permission to his groups via the user_groups permission.
Related
i try to do a login with facebook, i build this code:
<?php
ob_start();
include("facebook_constants.php"); // in this file i have appid and appsecretid
$users = $facebook->getUser();
if ($users!="") {
try {
$user_profile = $facebook->api('/me','GET');
$logoutUrl = $facebook->getLogoutUrl();
$fuserid=$user_profile["id"]; // give me the id of the user
$fusername=$user_profile["name"]; // give me the name of the user
$femail=$user_profile["email"]; // give me the email of the user
$fusernamenew = str_replace(' ', '', $fusername); // change the name to username (omer lol = omerlol)
$newtoken=base64_encode($fuserid."::".$fusernamenew."::".$femail); // data to token
$itsme = $this->haimz->DB->num_rows("SELECT id FROM users WHERE fbid = ?haimz?", $fuserid); // if have user with that id = login , if not goto register page
if($itsme > 0){
echo "goto login page";
}
else{
echo "goto register page";
exit;
}
} catch (FacebookApiException $e) {
$users = null;
}
}
?>
the $fuserid give me other userid but the $fusername and $femail give me the correct .
its not the userid of the user.
its other userid.
https://developers.facebook.com/docs/apps/changelog
To better protect people's information, when people log into a version of your app that has been upgraded to use Graph API v2.0, Facebook will now issue an app-scoped ID rather than that person's orginal ID. However, for users that have previously logged into your app, the user ID will not change.
You don´t get the "real" ID of a user anymore, for privacy reasons. You only get an App Scoped ID that is unique in the App only. You can still use it to identify the user when he returns to your App with the App Scoped ID, it will only be different in another App.
You can also map App Scoped IDs between different Apps with the Business Mapping API, if needed: https://developers.facebook.com/docs/apps/for-business
I develop a Facebook application and I use PHP-sdk I use the algorithm described in the official documentation to allow user joining my app then I store his/her user_id in the database. My app uses publish_stream permissions so it publishes posts to the user's time line automatically.
I found that the application, always, does not able to publish posts for some of the registered users in the database (not all of them). I account this for they may be registered to the database before they give approval for the required permissions. The following is a blue print for the code that I use from the official documentation of Facebook api:
<?php
require_once('php-sdk/facebook.php');
$config = array(
'appId' => 'YOUR_APP_ID',
'secret' => 'YOUR_APP_SECRET',
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
?>
<html>
<head></head>
<body>
<?php
if($user_id) {
try {
/* $user_profile = $facebook->api('/me','GET');
echo "Name: " . $user_profile['name'];*/
//Here I run the code to save.
saveTheUserIdToRecordInTheDB($user_id);
//hypothetical function to save
} catch(FacebookApiException $e) {
// If the user is logged out, you can have a
// user ID even though the access token is invalid.
// In this case, we'll get an exception, so we'll
// just ask the user to login again here.
$login_url = $facebook->getLoginUrl();
echo 'Please login.';
error_log($e->getType());
error_log($e->getMessage());
}
} else {
// No user, print a link for the user to login
$login_url = $facebook->getLoginUrl();
echo 'Please login.';
}
?>
</body>
</html>
My, main, question is: If the user clicked on the login link, and then he/she does not continue for any reason (losing the internet connection, refusing giving the permissions to the app, etc), would it possible the hypothetical function saveTheUserIdToRecordInTheDB() to run and save that user's Facebook's ID to the database?
Or What's the explanation for there are some users are not posts publishable?
I want to get user access token because I need to get user's posts and comments.
When I use Graph API Explorer, the access token it generates is correct one and shows me my posts and comments and some other data. But when try to get posts and comments by using this code than it does not return me posts and comments and return some other data only which i don't need.
require_once('facebook.php');
$config = array(
'appId' => '383128895071077',
'secret' => '6a9ab479186f53db5c531a3fa5f91be0',
);
$facebook = new Facebook($config);
$access_token = $facebook->getAccessToken();
$result = $facebook->api('/me/feed/', array('access_token' => $access_token));
I searched all the google and get access token by different ways but I could not get posts and comments of me. I must be doing something wrong and need to sort out this as soon as possible.
Thanks in advance.
You should check this example
Facebook php sdk example
you should check whether we have user access token like this
// Get User ID
$user = $facebook->getUser();
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
Once we get the user details, you can ensure that user is logged into app and authorized the app.
For feeds
You should have extended permissions read_stream
then you can read the wall feed.
I got a problem regrading with my apps which is once I go to my apps, it sure will show me a login page instead of allow page?
it always display the login page 1st then only display allow page, I had tried other apps, if I am 1st time user, It sure will appear the allow page only, it did not show me the login page.
my question is how to I avoid my login page direct go to allow page?
here is my login page picture
here is my apps link
https://apps.facebook.com/christmas_testing/
here is my facebook php jdk api coding
<?php
$fbconfig['appid' ] = "XXXXXXXXXXXXX";
$fbconfig['secret'] = "XXXXXXXXXXXXX";
$fbconfig['baseUrl'] = "myserverlink";
$fbconfig['appBaseUrl'] = "http://apps.facebook.com/christmas_testing/";
if (isset($_GET['code'])){
header("Location: " . $fbconfig['appBaseUrl']);
exit;
}
if (isset($_GET['request_ids'])){
//user comes from invitation
//track them if you need
header("Location: " . $fbconfig['appBaseUrl']);
}
$user = null; //facebook user uid
try{
include_once "facebook.php";
}
catch(Exception $o){
echo '<pre>';
print_r($o);
echo '</pre>';
}
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'cookie' => true,
));
//Facebook Authentication part
$user = $facebook->getUser();
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email,publish_stream,user_birthday,user_location,user_work_history,user_about_me,user_hometown'
)
);
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
//you should use error_log($e); instead of printing the info on browser
d($e); // d is a debug function defined at the end of this file
$user = null;
}
}
if (!$user) {
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
exit;
}
//get user basic description
$userInfo = $facebook->api("/$user");
function d($d){
echo '<pre>';
print_r($d);
echo '</pre>';
}
?>
This is an effect of the new auth dialog features facebook recently rolled out.
There are two "allow/login" screens when using this new dialog :
Regular permissions such as - user_about_me, user_birthday, user_photos.
Extended permissions such as - read_insights, offline_access, publish_actions.
Each will display its own dialog. First the regular permissions will appear and after that the extended permissions will appear (if you have requested extended permissions)... This happens when the user first logs in, and possibly later if you want decide to add additional permissions to your app.
Taken from the Open Graph Beta › Auth Dialog
The updated Auth Dialog will display a set of user and friends permissions on the first dialog, and other extended permissions (if any) on a second dialog screen.
You can disable this feature and go back to the older auth dialog by changing the setting inside your app. Goto the advanced tab in the settings of your app and uncheck the Enhanced Auth Dialog check-box.
On the scope parameter, add 'offline_access' permission. With this,the user grant permission to the application even if the user is offline. The access_token that you will get is non-expiry.
I am developing a facebook application. I am not sure about getting extended permission from the user. I have seen a code related to this but it is not working well. The code has the problem that if there is a new user and comes to application,, he will be asked for all extended permissions to authorize. But one he authorize and i again add some extra extended permission and want to get that data, the pop window will not be displayed and i cannot access the user data of that newly added permission. I am using the following code for this
$facebook = new Facebook(array(
'appId' => 'xxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxx',
'cookie' => true,
));
session = $facebook->getSession();
$loginUrl = $facebook->getLoginUrl(
array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'email,publish_stream,offline_access,sms,user_location,friends_birthday'
)
);
$fbme=null;
if (!$session) {
echo "top.location.href = '$loginUrl';";
exit;
}
else {
try {
$uid = $facebook->getUser();
$fbme = $facebook->api('/me');
} catch (FacebookApiException $e) {
echo "top.location.href = '$loginUrl';";
exit;
}
}
Now if any user comes on this point he will be asked for all permission and I can get data for all those permission. But if i add new extended permission, the user that has already authorized my application will not be asked for new permission and I cannot get the data for newly added permission.
I think if you got the extended permission then facebook will not ask for the same again when that user login to your application after some time.You can see the application that you authorized in the application page.
So to ask the permission again from same user he/she must remove the permission or remove the application from his/her account.
And if the user already give permission to your application then you can use that access token.Check this