I want to extract events from a facebook Page to an official website and struggle with graph and oauth to get out the information.
Simplified code, phase 1&2 in same code:
<?php
$app_id = '...........4639';
$app_secret = '7547xxxxxxxxxxxxxxxxxxxxxxxx';
if (isset($_GET['code'])) {
//stage 2
$state = $_GET['state'];
$code = $_GET['code'];
//the code doesn't work. If I use graph api explorer to get key, I'm all fine.
//the code here from graph api explorer.
//$code = 'AAAIERWeZCHZxxxxxxxxxxxxxxxxxxxxx';
$s = "https://graph.facebook.com/_PAGE_ID?fields=feed.fields(story,message,picture)&access_token=" . $code;
$json = file_get_contents($s);
die($json);
} else {
//stage 1
$my_url = 'http://www.myself.com/fb/index.php';
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id=" .
$app_id . "&redirect_uri=" . urlencode($my_url) . "&state=" . $_SESSION['state'];
//now redirect to myself - phase2
header("Location: " . $dialog_url);
exit();
}
In case anyone sits in the same annoyance:
file_get_contents doesn't seem to cope with the token request. The following code works.
<?php
function curlRequest($url) {
$ch = curl_init();
$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$timeout = 5;
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$app_id = '................';
$app_secret = '..................................';
$my_url = 'http://www.memyself.andi/me.php';
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
// Redirect to Login Dialog
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. urlencode($_SESSION['state']) . "&scope=user_birthday,read_stream";
header("Location: " . $dialog_url);
}
if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id=' .
$app_id . '&redirect_uri=' . urlencode($my_url) .
'&client_secret=' . $app_secret . '&code=' . urlencode($code);
//die($token_url);
$response = curlRequest($token_url);
//bummer - this won't work (php 5.3/ubuntu)
//$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$_SESSION['access_token'] = $params['access_token'];
$graph_url = "https://graph.facebook.com/_THE_PAGE_ID/feed?access_token="
. $params['access_token'];
$json = json_decode(file_get_contents($graph_url));
echo serialize($json);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
Related
I have the scrips that redirect to the facebook's oauth dialog and need a user_checkins permission
<?php
session_start();
$app_id = "[APP_ID]";
$app_secret = "[APP_SECRET]";
$my_url = "(back to this page)";
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state']."&scope=user_checkins" ;
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = #file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?fields=checkins&access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo "<pre>";
print_r($user);
echo "</pre>";
} else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
dialog display only
THIS APP WILL RECEIVE:
■ Your basic info
but it should have one more line with checkins permission, isn't it?
so, i try to use the Graph API Explorer.
First i test with my APP, the result is the same,
still can't get user_checkins permission
But if i change the "Application:" section to Graph API Explorer and test again,
Everything seems to be OK..
So, I think it's cause of my APP settings.. or something..
Could you please suggest me how to fix this ?
By the looks of it, I would say Facebook has deprecated the user_checkins and friends_checkins permissions and rolled them into user_status and friends_status.
Anyway, request the user_status permission instead, and you will now be able to read the user's checkins.
there is an option to get the checkins. facebook have given other option to this.
http://developers.facebook.com/docs/reference/api/user/#posts
You can get the checkins with
https://graph.facebook.com/me/posts?with=location
I'm beginner who try to create Facebook App. Here is the code:
<?php
$app_id = "xxx";
$canvas_page = "https://apps.facebook.com/xxx/";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=user_birthday";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo ("<p>Welcome. Your Facebook ID is " . $data["user_id"] . "</p>");
if (isset($_POST['salary'])) {
echo "<p>You wrote salary: " . $_POST['salary'] . "</p>";
}
else {
echo "<p>You didn't wrote salary.</p>";
};
echo "<form method='post' action='$canvas_page'>";
echo "<input type='text' name='salary'>";
echo "<input type='submit'>";
echo "</form>";
}
?>
Why the result always show "You didn't wrote salary".
That code does actually work on my canvas, so the problem must be with the auth url. Briefly:
if this condition:
if (empty($data["user_id"]))
gets to be true, what you will have will be the user redirected to the auth url and after that back to your canvas page.
You can check if this happens looking at the url: if there is a code=something attached to the end of the url it means that the user has been redirected, doing this obviously you lose the while _POST content.
You could just in case have a print_r or var_dump of $data to be sure that it is actually filled with something.
Bye =)
EDIT 14.10.11: Actually your code is right, there's nothing wrong in it, so the sample code is your own code
At the bottom is a working example of server side flow. It is a file fb_server_side_flow.php that I prepared from a template I found on developers.facebook.com. My first question is what exactly is $code = $_REQUEST["code"]; doing? Is it getting a Facebook cookie? If so how is $code = $_REQUEST["code"]; different from the code directly below? Is it really necessary to use session_start at towards the top of fb_server_side_flow.php?
Mainly I am trying to implement a system that gives my user an OPTION to login via Facebook but a login via Facebook is not a requirement. Is there any documentation available on implementing a login via Facebook OPTION as opposed to a required login via Facebook?
Thank you!
....
function get_facebook_cookie($app_id, $app_secret) {
$args = array();
parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
ksort($args);
$payload = '';
foreach ($args as $key => $value) {
if ($key != 'sig') {
$payload .= $key . '=' . $value;
}
}
if (md5($payload . $app_secret) != $args['sig']) {
return null;
}
return $args;
}
$cookie = get_facebook_cookie(YOUR_APP_ID, YOUR_APP_SECRET);
....
fb_server_side_flow.php
<?php
$app_id = "****";
$app_secret = "****";
$my_url = "http://www.sepserver.net/dsg/fb_server_side_flow.php";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
The first block of code is for retrieving Facebook cookie parameters for users who are already authorized and logged in.
The second block of code is for letting the user authorize your application (oauth) AND for retrieving an access_token your application can use to make API (FB Graph) calls on the user's behalf.
$_REQUEST relates to POST or GET parameters, not cookies. If you check the docs on authentication flow, you can see that Facebook redirects the user to http://your_redirect_uri?code=1234abcd after the user has approved your application. You're supposed to grab that code parameter and use it to make another call to graph.facebook.com to get the user's access_token.
The purpose of session_start() is to prepare the $_SESSION array, so that $_SESSION['state'] is preserved across page reload. If your framework already has session handling code, you can omit it. It's only used for the CSRF protection bit.
Optional login is pretty straightforward. If you're using the new PHP SDK, you can check the return value of $facebook->getUser(); -- if it's 0, the user is not logged in (and you can show content as normal, with perhaps an additional link to fb_server_side_flow.php to begin the authorization procedure.)
Hi I am integrating paypal with my website. I want that user enter their all information on my site (creditcard information and personal information).
I have down loded paypalfunctions.php from paypal developer website.
My code is :-
if(isset($_POST['submitCard']))
{
$firstName =trim($_POST['firstName']);
$lastName =trim($_POST['lastName']);
$street =trim($_POST['street']);
$city =trim($_POST['city']);
$state =trim($_POST['state']);
$zip =trim($_POST['zip']);
$countryCode =$_POST['country'];
$currencyCode ='USD';
$paymentType ='Sale';
$paymentAmount =$_POST['productPrice'];
$creditCardType =$_POST['cardType'];
$creditCardNumber=$_POST['cardNo'];
$expDate ='122015';
$cvv2 =$_POST['cvv'];
$returnResult=DirectPayment( $paymentType, $paymentAmount, $creditCardType, $creditCardNumber,
$expDate, $cvv2, $firstName, $lastName, $street, $city, $state, $zip,
$countryCode, $currencyCode );
echo '<pre>';
print_r($returnResult);
DirectPayment method is in paypalFunctions.php and this is
function DirectPayment( $paymentType, $paymentAmount, $creditCardType, $creditCardNumber,
$expDate, $cvv2, $firstName, $lastName, $street, $city, $state, $zip,
$countryCode, $currencyCode )
{
//Construct the parameter string that describes DoDirectPayment
$nvpstr = "&AMT=" . $paymentAmount;
$nvpstr = $nvpstr . "&CURRENCYCODE=" . $currencyCode;
$nvpstr = $nvpstr . "&PAYMENTACTION=" . $paymentType;
$nvpstr = $nvpstr . "&CREDITCARDTYPE=" . $creditCardType;
$nvpstr = $nvpstr . "&ACCT=" . $creditCardNumber;
$nvpstr = $nvpstr . "&EXPDATE=" . $expDate;
$nvpstr = $nvpstr . "&CVV2=" . $cvv2;
$nvpstr = $nvpstr . "&FIRSTNAME=" . $firstName;
$nvpstr = $nvpstr . "&LASTNAME=" . $lastName;
$nvpstr = $nvpstr . "&STREET=" . $street;
$nvpstr = $nvpstr . "&CITY=" . $city;
$nvpstr = $nvpstr . "&STATE=" . $state;
$nvpstr = $nvpstr . "&COUNTRYCODE=" . $countryCode;
$nvpstr = $nvpstr . "&IPADDRESS=" . $_SERVER['REMOTE_ADDR'];
$resArray=hash_call("DoDirectPayment", $nvpstr);
return $resArray;
}
/**
'-------------------------------------------------------------------------------------------------------------------------------------------
* hash_call: Function to perform the API call to PayPal using API signature
* #methodName is name of API method.
* #nvpStr is nvp string.
* returns an associtive array containing the response from the server.
'-------------------------------------------------------------------------------------------------------------------------------------------
*/
function hash_call($methodName,$nvpStr)
{
//declaring of global variables
global $API_Endpoint, $version, $API_UserName, $API_Password, $API_Signature;
global $USE_PROXY, $PROXY_HOST, $PROXY_PORT;
global $gv_ApiErrorURL;
global $sBNCode;
//setting the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$API_Endpoint);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
//turning off the server and peer verification(TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
//if USE_PROXY constant set to TRUE in Constants.php, then only proxy will be enabled.
//Set proxy name to PROXY_HOST and port number to PROXY_PORT in constants.php
if($USE_PROXY)
curl_setopt ($ch, CURLOPT_PROXY, $PROXY_HOST. ":" . $PROXY_PORT);
//NVPRequest for submitting to server
$nvpreq="METHOD=" . urlencode($methodName) . "&VERSION=" . urlencode($version) . "&PWD=" . urlencode($API_Password) . "&USER=" . urlencode($API_UserName) . "&SIGNATURE=" . urlencode($API_Signature) . $nvpStr . "&BUTTONSOURCE=" . urlencode($sBNCode);
//setting the nvpreq as POST FIELD to curl
curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);
//getting response from server
$response = curl_exec($ch);
//convrting NVPResponse to an Associative Array
$nvpResArray=deformatNVP($response);
$nvpReqArray=deformatNVP($nvpreq);
$_SESSION['nvpReqArray']=$nvpReqArray;
if (curl_errno($ch))
{
// moving to display page to display curl errors
$_SESSION['curl_error_no']=curl_errno($ch) ;
$_SESSION['curl_error_msg']=curl_error($ch);
//Execute the Error handling module to display errors.
}
else
{
//closing the curl
curl_close($ch);
}
return $nvpResArray;
}
}
?>
it gives error
Array
(
[TIMESTAMP] => 2010-12-21T06:06:54Z
[CORRELATIONID] => 1cafc53222e76
[ACK] => Failure
[VERSION] => 64
[BUILD] => 1620725
[L_ERRORCODE0] => 10002
[L_SHORTMESSAGE0] => Security error
[L_LONGMESSAGE0] => Security header is not valid
[L_SEVERITYCODE0] => Error
)
i cant understand what is problem is going on.Please help.
Here are a few things to need to worry about as well:
Login to the developer site:
https://developer.paypal.com/
Go to Applications
On the left side, hit "Sandbox Accounts"
You should be able to create one of type BUSINESS right there with the "Create Account" button if there isn't one.
Click on the account, choose "Profile", make sure the account is the BUSINESS kind.
The API Credentials tab will the display the username/password/signature you want to use.
If you don't use the credentials of a sandbox account when using the sandbox url, you are likely to get this 10002 Security error not valid code.
Have configure your API credentials correctly?
you can dump the hash_call out if needed.
If you are doing sandbox testing,
Make sure the endpoint of the call is: https://api-3t.sandbox.paypal.com/nvp
-- pointed to the 'SANDBOX'
I am developing a facebook application using php-sdk. i want to take some extended permissions from user of my application. As this is application where user comes after login into facebook, so how can i take extended permission when user visit my page? We cannot place login button in which we can take permissions.I means when user first time comes to my application a pop up widow having a list of permission. How to display that at first visit of any user to my application. Any one can guide me how to take and where to place that code?
Thanks in advance.
Regards,
Awais Qarni
check this
`<?php
$app_id = "YOUR_APP_ID";
$app_sec = "APP_SEC";
$canvas_page = "APP_CANVAS_PAGE_URL";
$scope = "&scope=user_photos,email,publish_stream"; $auth_url"http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page).$scope;
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode(".", $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, "-_", "+/")), true);
if (empty($data["user_id"])) {
echo(""); }
$access_token = $data["oauth_token"];
$user_id = $data["user_id"];
$user = json_decode(file_get_contents( "https://graph.facebook.com/me?access_token=" . $access_token));
function get_facebook_cookie($app_id, $application_secret) {
$args = array();
parse_str(trim($COOKIE["fbs" . $app_id], "\""), $args);
ksort($args);
$payload = "";
foreach ($args as $key => $value) {
if ($key != "sig") {
$payload .= $key . "=" . $value;
}
}
if (md5($payload . $application_secret) != $args["sig"]) {
return null;
}
return $args;
}
$cookie = get_facebook_cookie($app_id, $app_sec);
?>