Facebook PHP sdk doesnt set cookie with iframe linking - facebook

I am using PHP sdk for Facebook.
require_once 'facebook-sdk/facebook.php';
session_start();
$facebook = new Facebook(array(
'appId' => 'app_id',
'secret' => 'app_secret',
'cookie' => true,
));
$facebook->getUser();
if($user){
// do stuff
}else{
//redirect to app login
}
After this piece of code there is link on my page that points to this same page with a query string.
something like Continue
But when I click this link $user is "0". This happens only şn Safari and IE. When I check cookies set by app doesnt exist in these browsers.
Any ideas?

Since the user id won't change, is it a problem if you send it via GET?
Continue
and then at the top of your script and after getting the $user the way you are doing:
if($_GET['step'] == 2){
$user = $_GET['id'];
}
If you really need to keep the cookies you can add this at the top of your script, it must be the first line.
header('P3P: CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"');
Also you might want to check this questions
Iframe Facebook application and cookies [Internet Explorer]
Session Lost on IE Facebook App iFrame
wich are related to the header solution.

Related

Facebook fan detection outside facebook

During the past few hours I've been working on a "web app" for our hostesses. Its purpose is to login a facebook user and send him to next page where are like boxes with sign out button. This part is done, however I would like to make the process faster by inserting a likejacking script, so the user doesn't have to do anything but to log in and log out.
But I have one problem - how to check if the user is Fan or not (because if he already liked the page he will unlike it)? I've tried a solution which I'm using on my FB pages to fan gate, but it is not working outside facebook.
Here is the code I was trying to use:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => '0000000',
'secret' => '1654adadadada',
'cookie' => true
));
?>
<div id="fb-root"></div>
<?php
$signed_request = $facebook->getSignedRequest();
if ($signed_request['page']['liked'])
{
echo header('Location: liked.html');
}
else
{
echo header('Location: notliked.html');
}
your can get the data from FB graph.
https://graph.facebook.com/me/likes/PAGE_ID_TO_CHECK?access_token=XYZ
you will not be able to get this data without the token.

$facebook->getUser() returning 0 using PHP SDK

I have just started with the Facebook application development. I downloaded the PHP SDK from Facebook couple of weeks ago.
Following is the first piece of code which i wrote.
<?php
require 'src/facebook.php';
$app_id = 'My APP ID';
$application_secret = 'My APP Secret';
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $application_secret,
'cookie' => true, // enable optional cookie support
));
$uid = $facebook->getUser();
echo $uid;
?>
But it is always giving me 0 as a result even when i am already login into my facebook account in other tab.
My Canvas URL is pointing to my localhost as i have hosted this app on my local machine only.
I have read almost every post related to this issue but i was not able to solve this issue somehow.. It would be really helpful if anybody could help me in resolving this issue.
Cheers.
Ajay
The code will always return 0 unless you have authorised the app - even if you are logged into facebook elsewhere. Login to your app by going to the URL outputted by $facebook->getLoginUrl();
Then, you will find that $facebook->getUser() will return the correct User ID.

Any way to get signed_request via FB PHP SDK outside of tab/app?

I've been working on a way to determine if a user likes a particular page so a tab on that page can be fangated or not. I didn't want to prompt the user for authorization for user_likes, so I avoided the JS SDK and used the PHP SDK:
<?php
require 'src/facebook.php';
$app_id = "...";
$app_secret = "...";
$facebook = new Facebook(array('appId' => $app_id, 'secret' => $app_secret, 'cookie' => true));
$signed_request = $facebook->getSignedRequest();
$like_status = $signed_request["page"]["liked"];
/* testing response */
if ($like_status) {
/* liked content */
} else {
/* not liked content */
}
?>
My problem is signed_request is passed only when the code is on the FB tab--if I hit the PHP page outside of FB, I get nothing. I wondered if there's a way to get this user info outside of Facebook.com.
You can try saving the signed_request in a session or cookie so you can use it until it expires. After which, the user will have to come through the tab again to renew it. Naturally, if you are planning to use cookies, you should keep the signed_request decoded so no one can find and use the access_token from the cookie.
Sounds like this isn't really feasible outside of the Facebook tab. We've begun deploying our tabs in PHP in order to pull this data without an action on the user's part.
Thanks!

how to tell if the user is already logged in and has already accepted my app

I am just creating a facebook tab on a users page.
I am using the php facebook SDK, and this little snippet(see below) from the tutorials.
My question is , if the user is logged into FB and comes back to my page later $user is not found and they have to connect again. Is there not a way to know that they are already logged in and already granted me access?
I hope this question makes sense
$facebook = new Facebook(array(
'appId' => FB_APP_ID,
'secret' => FB_APP_SECRET,
'cookies' => 'true'
));
$user = $facebook->getUser();
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl(array('scope' => 'publish_stream, manage_pages'));
}
Nope, it won't be done automagically on server-side. To know who user is - you need to ask them to follow the login url
OR
use JS SDK. In that case user is logged in automatically and all you need is to refresh the page by JS (there is an example shipped with php sdk on how to do that)

Directing users to facebook login page without asking for permissions

I'm trying to redirect users to the facebook login page then back to my app without the Log In to app page displaying. Is this possible?
I've looked into the "next" parameter which is automatically generated by the PHP-SDK but cannot seem to change it.
Is there anyway to do what I'm looking for? I want to make sure users are logged in in order to check to see if they have authed my app but do not want them to if they are not already.
Thanks for any help!
No, i don't think it is possible to modify the next parameter. The only place where i saw the next parameter(in the PHP SDK) is in the getLogoutUrl() function, as seen in the source of the base_facebook.php. And that parameter defines which url to go, after logout.
For getLoginUrl() in the base_facebook.php file, we have
return $this->getUrl(
'www',
'dialog/oauth',
array_merge(array(
'client_id' => $this->getAppId(),
'redirect_uri' => $currentUrl, // possibly overwritten
'state' => $this->state),
$params));
as the last line in the function, which obviously means that the oauth-dialog will be shown, no matter what you try.
If your app is not on Facebook, then you can go for <fb:login-button>Login with Facebook</fb:login-button> in Javascript, and subsequently follow the example from this url. You'll see there that it's not possible to remove that dialog entirely, even if you don't ask for any permissions.
The Javascript SDK's FB.login() method will also bring up the auth dialog.
Hope this helps.
They have to accept permissions for the first time only. Facebook will never let you to get user's data without their knowledge/accept
If you are using php :
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'cookie' => true
));
//Facebook Authentication part
$user = $facebook->getUser();
if (!$user) {
// user is not logged on --> redirect to the login url
} else {
// user is logged on you can do what you want
}