200 Permissions error using graph api - facebook

after get my posts in my web page , then if user login he can add like / comment to that post problem is am getting an error if any user try add like or comment
200 Permissions error
if i login in with my username and password i can make like or add comment !!
am sending like via :
jQuery.post('https://graph.facebook.com/'+comm_id+'/likes/',{
access_token : "<?php echo $access_token ?>"
});
CODE :
$facebook = new Facebook(array(
'appId' => '',
'secret' => '',
'cookie' => true,
));
$user = $facebook->getUser();
if ($user) {
if (session_id()) {
} else {
session_start();
}
$access_token = $facebook->getAccessToken();
//check permissions list
$permissions_list = $facebook->api(
'/me/permissions', 'GET', array(
'access_token' => $access_token
)
);
//check if the permissions we need have been allowed by the user
//if not then redirect them again to facebook's permissions page
$permissions_needed = array('publish_stream', 'read_stream', 'manage_pages');
foreach ($permissions_needed as $perm) {
if (!isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1) {
$login_url_params = array(
'scope' => 'publish_stream,read_stream,manage_pages',
'fbconnect' => 1,
'display' => "page",
'redirect_uri' => 'http://localhost/fb/index.php',
);
$login_url = $facebook->getLoginUrl($login_url_params);
header("Location: {$login_url}");
exit();
}
}
}else {
//if not, let's redirect to the ALLOW page so we can get access
//Create a login URL using the Facebook library's getLoginUrl() method
$login_url_params = array(
'scope' => 'publish_stream,read_stream,manage_pages',
'fbconnect' => 1,
'display' => "page",
'redirect_uri'=>'http://localhost/fb/index.php',
);
$login_url = $facebook->getLoginUrl($login_url_params);
//redirect to the login URL on facebook
header("Location: {$login_url}");
exit();
}
$logoutUrl = $facebook->getLogoutUrl();
which access token is for the user is loged in

Make sure you have the publish_stream permission for any user you want to be able to create posts for. Remember, creating a comment is still creating content.
Checkout the publish_stream permission on Facebook's permissions documentation
Enables your app to post content, comments, and likes to a user's
stream and to the streams of the user's friends. This is a superset
publishing permission which also includes publish_actions. However,
please note that Facebook recommends a user-initiated sharing model.
Please read the Platform Policies to ensure you understand how to
properly use this permission. Note, you do not need to request the
publish_stream permission in order to use the Feed Dialog, the
Requests Dialog or the Send Dialog.

Related

Facebook app working on serve side, not working as a "App on Facebook"

I'm doing a facebook app and it works fine on my server and url, when i try to integrate it as a "App on Facebook" it fails to load or login after logout. I believe that the scope for permissions is giving some problems.
The url for the server: http://veritas.betamass.com
The url for the "App on Facebook" side: https://apps.facebook.com/orientacionveritas/
Note that if you login successfully on the server the you will be able to see the "App on Favcebook, if not you will get a nothing.
The code that makes the connection to facebook:
if(!isset($_SESSION['user']))
{
//Application Configurations
$app_id = "148133482012457";
$app_secret = "24d0088e17c1dcb33ac6bb424a5d2a5c";
$site_url = "http://veritas.betamass.com/";
try{
include_once "src/facebook.php";
}catch(Exception $e){
error_log($e);
}
// Create our application instance
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
'cookie' => true,
));
// Get User ID
$user = $facebook->getUser();
$access_token = $facebook->getAccessToken();
$facebook->setAccessToken($access_token);
// We may or may not have this data based
// on whether the user is logged in.
// If we have a $user id here, it means we know
// the user is logged into
// Facebook, but we don�t know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
//print_r($user);
if($user){
// Get logout URL
$logoutUrl = $facebook->getLogoutUrl();
}else{
// Get login URL
$params = array(
'scope' => 'read_stream, publish_stream, email, user_about_me, user_hometown, user_education_history, user_interests',
'redirect_uri' => $site_url,
);
$loginUrl = $facebook->getLoginUrl($params);
/*$loginUrl = $facebook->getLoginUrl(array(
'scope' => 'read_stream, publish_stream, email, user_about_me, user_hometown, user_education_history',
'redirect_uri' => $site_url,
));*/
}
If the user doesn't exist or doesn't have a session, you need to make them login first. Your code doesn't take this into account.
Try redirecting the user to $facebook->getLoginUrl() if the session / $facebook->getUser() returns false.

Facebook request access token and get email

I have a facebook login script for my site that currently works fine. I want to add the ability to request the email from user, along with the current basic info. I know i need to request an access token, but icant quite figure out how. Here's my current code:
$facebook = new Facebook(array(
'appId' => APP_ID,
'secret' => APP_SECRET,
'cookie' => true
));
$session = $facebook->getSession();
if (!empty($session)) {
# Active session, let's try getting the user id (getUser()) and user info (api->('/me'))
try {
$uid = $facebook->getUser();
$user = $facebook->api('/me/');
You have to provide an extended permission for email at the time of login..
$access_token = $this->facebook->getAccessToken();
//check permissions list
$permissions_list = $this->facebook->api('/me/permissions', 'GET', array('access_token' => $access_token));
$permissions_needed = array('email');
foreach ($permissions_needed as $perm) {
if (!isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1) {
$login = $facebook->getLoginUrl(array('scope' => 'email,user_birthday',
'redirect_uri' => your site redirectUri,
'display' => 'popup'
));
header("location:$login");
}
}
$user = $facebook->getUser();
if ($user) {
try {
$userInfo = $facebook->api("/$user");
} catch (FacebookApiException $e) {
echo $e->getMessage();
}
}
print_r($userInfo);
Have a look at the server-side authentication process - this is where you pass through the permissions you want (known as "scope"). The user will be presented with a login panel if they are not already logged in, and then afterwards a separate permissions panel for any permissions above basic you are requesting and that they haven't already granted. You will then receive an auth token or a code that can be exchanged for a token, and you use this to then further query the user and get their email details in the response.
Good luck!

how to post on friends' walls using php sdk?

i am trying to post to my friends' feeds using this code, but it is not working . i am stuck, any help ??
$app_url ="http://localhost.local/PMS/facebook/PostWithPHP.php";
$facebook = new Facebook(array(
'appId' => 'APPID',
'secret' => 'APPSECRET',
'cookie' => true,
));
// Get User ID
$user = $facebook->getUser();
if ($user) {
$user_friends = $facebook->api('/me/friends');
sort($user_friends['data']);
try {
// Proceed knowing you have a logged in user who's authenticated.
$access_token = $facebook->getAccessToken();
$vars = array(
'message' => 'My Message',
'name' => 'title',
'caption' => 'Caption',
'link' => 'Link',
'description' => 'Description',
'picture' => 'image'
);
foreach($user_friends['data'] as $f){
$sendTo = $f['id'];
$sendToName = $f['name'];
$result = $facebook->api("/".$sendTo ."/feed", 'post', $vars);
}
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl(array('redirect_uri'=> $app_url));
echo "<script type='text/javascript'>";
echo "top.location.href = '{$loginUrl}';";
echo "</script>";
}
and another question is that using this code, but with replacing $facebook->api("/".$sendTo ."/feed", 'post', $vars); by $facebook->api("/me/feed", 'post', $vars); and of course without looping friends, posts on my timeline. how can i make it post on my wall ??
I guess for a post to a timeline you will need an accessToken from the user where to publish the content. In your case you just have the accessToken of the registered user, not of his friends. That is a restriction by FB I think.
1st check you getting the user id(place echo and check) if not try this... I think this will help you brother
$token_url = "https://graph.facebook.com/oauth/access_token?" ."client_id=" . $app_id ."&client_secret=" . $app_secret .
"&grant_type=client_credentials";
$access_token = file_get_contents($token_url);
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$user_id = $data["user_id"];
There are a few things wrong with your code. First of all, make sure the link and picture parameters for the post are valid URLs. Facebook will give you a error message otherwise ((#100) link URL is not properly formatted). Also, the link must go to the Canvas or Site URL for your application.
That should solve the issues with posting to a friend's wall.
However, may I remind you that your application is in violation of the Facebook Platform Policy. Facebook doesn't allow multiple posts to the stream (whether its yours or a friends) unless there is explicit permission from the user. It also to stop common friends seeing the same message from multiple friends.
You can follow the tutorial here:
https://www.webniraj.com/2012/11/22/facebook-api-posting-a-status-update/
But, instead of making a API call to: /me/feed, you replace me with the friend's User ID, so it looks like /12345/feed
Please note that Facebook has now disabled posting to Friends' walls via the API. Instead, you should either tag the user in an action or use the Requests API.

FB-api: The user hasn't authorized the application to perform this action

I try to post on my wall using facebook api, and offline access tokens.
And every time I has one mistake:
Uncaught OAuthException: (#200) The user hasn't authorized the
application to perform this action
Here is my code:
require 'api/facebook.php';
$facebook = new Facebook(array(
'appId' => "app_id",
'secret' => "app_sec",
"cookie" => true,
'fileUpload' => true
));
$facebook->setFileUploadSupport(true);
$access_token = $facebook->getAccessToken();
$user_id = $facebook->getUser();
$result = mysql_query("UPDATE users SET user_id_facebook='".$user_id."' WHERE id='".$myrow2['id']."'",$db);
$result = mysql_query("UPDATE users SET access_token_facebook='".$access_token."' WHERE id='".$myrow2['id']."'",$db);
if($user_id == 0 || $user_id == "")
{
$login_url = $facebook->getLoginUrl(array(
'redirect_uri' => "http://apps.facebook.com/rapid-apps/",
'scope' => "email,publish_stream,user_hometown,user_location,user_photos,friends_photos,
user_photo_video_tags,friends_photo_video_tags,user_videos,video_upload,friends_videos,offline_access"));
echo "<script type='text/javascript'>top.location.href = '$login_url';</script>";
exit();
}
$post = array(
'access_token' => $access_token,
'message' => 'This message is posted with access token - '
);
$res = $facebook->api('/me/feed', 'POST', $post);
as of may 2nd the offline_access permission will be deprecated and should not be used anymore
in the meantime you have an option to disable this deprecation through the developers site for your application ( https://developers.facebook.com/apps/330955886953999 )...
for further information about the removal see:
http://developers.facebook.com/roadmap/offline-access-removal/
You need to adjust the permissions in your initial app authorization request sent to the user. By default you only gain read-only access to their basic information.
See http://developers.facebook.com/docs/authentication/permissions/

How to on Facebook wall using Graph API

I have developed an application for facebook. I want that whenever any user add my application by clicking on allow permission dialog, a message is automatically posted on the users wall only for the first time.
<?php
include_once 'fb_sdk_212/src/facebook.php';
include_once 'config.php';
$flag_post=0;
$facebook = new Facebook(array(
'appId' => FACEBOOK_APP_ID,
'secret' => FACEBOOK_SECRET_KEY,
'cookie' => true,
'domain' => 'xxxxx.in'
));
$session = $facebook->getSession();
if (!$session) {
$flag_post=1;
$url = $facebook->getLoginUrl(array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'email,user_birthday,status_update,publish_stream'
));
echo "<script type='text/javascript'>top.location.href = '$url';</script>";
} else {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
$updated = date("l, F j, Y", strtotime($me['updated_time']));
echo "Hello " . $me['name'] . "<br />";
echo "You last updated your profile on " . $updated."<br/>";
if($flag_post == 1){
# let's check if the user has granted access to posting in the wall
$api_call = array(
'method' => 'users.hasAppPermission',
'uid' => $uid,
'ext_perm' => 'publish_stream'
);
$can_post = $facebook->api($api_call);
echo $can_post;
$attachment = array(
'name' => 'Tracer',
'description' => 'xxxx',
'caption' => 'xxxxx',
'picture' => 'images/mt75.jpg',
'link' => 'tracer/'
);
if($can_post){
# post it!
$facebook->api('/'.$uid.'/feed', 'post', $attachment );
echo 'posted';
} else {
die('Permissions required!');
}
}
} catch (FacebookApiException $e) {
echo "Error:" . print_r($e, true);
}
}
?>
Well you need to get publish_stream extended permission.
http://developers.facebook.com/docs/authentication/permissions
This can be done in the permission dialog
http://developers.facebook.com/docs/reference/javascript/FB.login
by adding publish_stream to the perms list.
After that you will be able to publish to the user's wall at any time.
I would do one of the following:
Add a field in a database table to indicate that it has been done. Then just check if it has been set. If cookies are enabled on the users PC you could use but using a database would be best.
Get the user to take an action to do the post. So it requires a user action. This has the disadvantage that some users may not do it.
I feel like you can handle this fairly easily without Facebook being involved in decision to publish to the users wall or not. In your database's user table you should have a column for first_fb_post. When a user account is created it should default to 0, then once you publish the wall post it should be updated to 1.
And your facebook publish function would be set like:
if($first_fb_post == 0)
{
//your FB publishing code here
//update your user table to mark this users first_fb_post to 1
}
You could hook into the first time the user "installs" your app. When they do this they are redirected to your site with a get parameter of 'code' set in the url:
if(isset($_GET['code'])){
// User Authorized app. Lets hook the install event.
if($can_post){
# post it!
$facebook->api('/'.$uid.'/feed', 'post', $attachment );
echo 'posted';
} else {
die('Permissions required!');
}
}