Is there a way to prevent users from installing my facebook application to their pages, using the link below?
https://www.facebook.com/add.php?api_key=API_KEY&pages
Note: I do not want to disable my application, I just want to disable new installations.
The quickest way to achieve this is to parse the signed_request and compare the page information to a list of page ids you have authorised to use the app.
A very simple implementation would be along the lines of
<?php
$app_secret = 'APPSECRET';
$signed_request = parse_signed_request($_REQUEST['signed_request'], $app_secret);
$page_whitelist = array(PAGEID1, PAGEID2);
if (in_array($signed_request['page']['id'], $page_whitelist)) {
// do stuff
} else {
// output some error message
}
https://gist.github.com/4157347
Related
I'm new to Facebook APIs and have to do something which seems to me like it should be fairly simple, but there are so many ways to turn I'm looking for someone who knows the terrain to point me in the right direction. (I may already be pointed in it, but I'm not having success so I'm asking for help.)
I have a client website which has the Like button on certain pages (along with much other content of course). That is already implemented using an iframe tag, but I can do it a different way if need be.
What is not implemented and needs to be is that if the visitor has Liked that page, I want to show one block of content, and if he hasn't I want to show a different block. Most of the page would be identical, so I can't redirect or change the URL to accomplish this. Nor can I prompt the user for permission. I have to silently determine whether the visitor Likes the page he's currently on.
Ideally, what I'd like is a php function that will return a boolean whether the visitor likes the current URL or not. Here it is in pseudocode:
function VisitorLikesPageInFacebook($url) {
# $url = the URL to this page (NOT a Facebook page)
# if visitor is not logged into Facebook, return false
# if visitor is logged into Facebook and likes $url, return true
# if visitor is logged into Facebook and does not like $url, return false
# if anything else happens, return false
}
Can this be done using php? Do I need the Facebook PHP SDK? What settings do I need to have in my Facebook app, or better is there any possible way I can do this without creating a Facebook app? I've tried using $facebook->getUser() but it returns 0 unless I first go to the $facebook->getLoginUrl() address and give permission, which I can't expect visitors to the client site to do. I've tried $facebook->getSignedRequest() but it returns NULL. Is there a setting in my Facebook app that I need to set, or some other call I need to make first? Will I or my client need to have https to give the Facebook app a secure location?
The other piece of this puzzle is that I want the page to refresh when the Like button on it is clicked, and presumably when it does the return value of the above function will change. For that I assume I'll need to use the JavaScript SDK and subscribe to the Like event. Is that right? (My fallback approach, if I can't do what I need to via php, is to use the JavaScript SDK, subscribe to the Like event, and set or unset a cookie depending on whether he Liked or Unliked. Then read the cookie with php. JavaScript is nowhere near as familiar to me as php, so I'll avoid it except where required.)
If anyone can point me in the right direction, I'd be very happy! Thanks in advance.
$pageID= 'YOURID'; // Used below to fetch
$config = array(
'appID' => 'UR_ID',
'secret' => 'UR_SECRET',
'allowSignedRequest' => false,
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
?>
<html>
<head><title>FB TEST</title></head>
<body>
<?php
if($user_id)
try {
$user_like = $facebook->api('/'.$user_id.'/likes/'.$pageID,'GET');
if(!$user_like){
echo 'User doesnt like';
} catch(FacebookApiException $e) {
$login_url = $facebook->getLoginUrl();
echo 'Please auth us here.';
error_log($e->getType());
error_log($e->getMessage());
}
for my facebook quiz app I need to collect the facebookID of
each participating user. My app is in an iframe of another App.
The "facebook-files" I put in the third party folder.
In my controller I invoke it like so:
$this->ci->load->file(APPPATH.'/third_party/facebook.php');
// Connect to Facebook API
$this->facebook = new Facebook(array('appId' => $this->config->item('appkey'), 'secret' => $this->config->item('appsecret')));
It seems not possible to get the facebookID from a participant.
If try the this:
try {
$user_id = $this->facebook->api('/me');
//$signed_request = $_REQUEST["signed_request"];
//$user_id = $signed_request['user_id'];
//print_r( $user_id) ;
} catch ( FacebookApiException $e ) {
error_log( $e );
$user_id = 100;
}
the $user_id is 100.
Can you get me start how to retrieve the right facebookid ?
What would be the right way? Authentication process ?
Thanks in advance!
Ansgar
to get the Facebook ID with PHP you need to use the method $fb->getUser() : https://developers.facebook.com/docs/reference/php/facebook-getUser/
Although, for this to work, the user need to connect into your app. This can be achieve in multiple way, but if you only do it with PHP you can use the getLoginUrl method to get the URL where the user will be asked to accept to login with your app (https://developers.facebook.com/docs/reference/php/facebook-getLoginUrl/). This is also achievable with JS SDK (which is my personal preferred way)
All documentation on Login Dialog can be found here: https://developers.facebook.com/docs/opengraph/authentication/
The key concept here is that the user is anonymous until you ask them to connect in your app.
I am going to create a custom page tab on Facebook and offer a free downloadable PDF with information about my services. Is it possible to track which Facebook users have downloaded the PDF?
An option to look into is authenticating the users individually and receiving their respective Facebook user IDs as a result. You may be interested in reading up on the page tab authentication process referenced here:
Reference: http://developers.facebook.com/docs/authentication/pagetab/
Once you have this user ID, you can track their activity by opening a session containing their user information (to identify them when they download the PDF). For instance, assuming you're using PHP (alongside a CMS):
<?php
if ($current_user->fb_id == 0) {
exit();
} else {
echo $current_user->fb_id;
// do stuff with user here
}
header("Location: http://www.example.com/file.pdf");
// redirect them to the actual file
?>
Hopefully this pseudocode gives you a starting point on your project.
What I want to do is user must like my page first then only can go to my facebook apps, but I have no idea why I cannot detect it and I had var_dump my page liked, result is NULL
here is my code
$request = $_REQUEST["signed_request"];
list($encoded_sig, $load) = explode('.', $request, 2);
$fbData = json_decode(base64_decode(strtr($load, '-_', '+/')), true);
var_dump($fbData["page"]["liked"]);// output is NULL
if (!empty($fbData["page"]["liked"]))
{
echo "This content is for Fans only!";
} else {
echo "Please click on the Like button to view this tab!";
}
Any idea how to do it?
Have you made sure there is as signed_request parameter?
It only gets transmitted to your app once the page is initially loaded into the Facebook iframe – it won’t be there anymore once you start navigating inside your app.
Best thing to do IMHO is to parse the signed_request if not empty, and safe the results into your own session.
Btw., parsing it yourself is rather time-consuming – I’d suggest using the PHP SDK and use Facebook::getSignedRequest() – that method gives you all the data in decoded form, if there was a signd_request parameter.
So here’s what I usually do:
if($signed_request_data = $Facebook->getSignedRequest()) {
$_SESSION['signed_request_data'] = $signed_request_data;
}
You can call that code on every page – only if the method actually returns data, your session gets updated.
You need the permission user_likes to check if they liked your Facebook App but $fbData["page"]["liked"] is referring to your Facebook App Page which is seperate.
To edit your App Page go to App Settings > Advanced > Near the bottom you will see App Page
To use the permission user_likes to check see this SO Answer On Detecting if a User Likes a Facebook App
I know there are many Q&A on here about this but I can't seem to make sense of them because they don't show full code examples or are for doing something different than what I'm trying to do.
I have a simple facebook welcome-test tab. Not a canvas app. I want to be able to get the users id but have to make it prompt them for access to that info before it will show up in the signed request.
So what I'm looking for is a code example for a simple welcome tab. I don't need a login page or anything like that since this will be in the fan content page so they will have to be logged in already. I just want that dialog box to popup asking them for permission so I can get the userid.
Thanks
Edit:
I wanted to add that I just figured out my problem but it's not really an answer to this question. I figured out how to get the user id without asking the user for permission to access their profile. It was as easy as adding this code to the page and it works in a tab and canvas app the same way. getUser() by its self returns 0 but since the user is already logged in to be seeing this content, when getUser() returns 0, then the code simply gets the user id from the API method. Now that I finally figured this out it seems simple.
$session = $facebook->getUser();
if (!$session) {
$url = $facebook->getLoginUrl(array(
'canvas' => 1,
'fbconnect' => 0
));
echo "<script type='text/javascript'>top.location.href = '$url';</script>";
} else {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
$updated = date("l, F j, Y", strtotime($me['updated_time']));
echo "Hello " . $me['name'] . "<br />";
echo "You last updated your profile on " . $updated;
} catch (FacebookApiException $e) {
echo "Error:" . print_r($e, true);
}
}
I'd still like to know if there is a way to make the extended permissions dialog show for a tab app so it will be good to see solutions for php sdk.
you need to prompt them for allowing your application to pull data on the user
this can be done using the JS SDK's function FB.login(). you can have more details in the facebook documentation : http://developers.facebook.com/docs/reference/javascript/FB.login/
notice that the popup can be opened only on mouseclick or keyup events - otherwise popup blockers will block it.
you will also have to set a domain and site url to the application in the developers site, and init the facebook js library (the loading paragraph in - http://developers.facebook.com/docs/reference/javascript/)
<div onclick="login();">click here to login</div>
<script type="text/javascript">
function afterLogin(){
alert("user logged");
}
function login(){
FB.getLoginStatus(function(response){
if(response.status=="connected")
{
afterLogin();
} else {
FB.login(function(response){
if(response.status=="connected")
{
afterLogin();
}
});
}
});
}
</script>
I don't think facebook allows this... Facebook does not want a user's tab to be able to detect who is looking at it, and possibly displaying information to a user's friends that isn't displayed to the user.
I can be wrong :)