I'm trying to find the ID of the user visiting my page tab (without having to make him authentify before using the page)
I've tried several methods:
$requete_fb = $facebook->api('/me');
$me = $facebook->api('me', array('fields' => 'username'));
$request = $facebook->getSignedRequest();
$uid = $facebook->getUser();
But all of them did not work (getUser returns me 0, the others PhP errors.)
So how can I do that? I'm not trying to break the TOS, I'm trying to fetch basic information (the locale).
Any other way to do it?
It is not possible to get a user_id without the user's permission:
The user_id and oauth_token will only be passed if the
user has authorized your app.
However the locale is available in the user object. Please see Signed Request for more information.
Related
for my facebook quiz app I need to collect the facebookID of
each participating user. My app is in an iframe of another App.
The "facebook-files" I put in the third party folder.
In my controller I invoke it like so:
$this->ci->load->file(APPPATH.'/third_party/facebook.php');
// Connect to Facebook API
$this->facebook = new Facebook(array('appId' => $this->config->item('appkey'), 'secret' => $this->config->item('appsecret')));
It seems not possible to get the facebookID from a participant.
If try the this:
try {
$user_id = $this->facebook->api('/me');
//$signed_request = $_REQUEST["signed_request"];
//$user_id = $signed_request['user_id'];
//print_r( $user_id) ;
} catch ( FacebookApiException $e ) {
error_log( $e );
$user_id = 100;
}
the $user_id is 100.
Can you get me start how to retrieve the right facebookid ?
What would be the right way? Authentication process ?
Thanks in advance!
Ansgar
to get the Facebook ID with PHP you need to use the method $fb->getUser() : https://developers.facebook.com/docs/reference/php/facebook-getUser/
Although, for this to work, the user need to connect into your app. This can be achieve in multiple way, but if you only do it with PHP you can use the getLoginUrl method to get the URL where the user will be asked to accept to login with your app (https://developers.facebook.com/docs/reference/php/facebook-getLoginUrl/). This is also achievable with JS SDK (which is my personal preferred way)
All documentation on Login Dialog can be found here: https://developers.facebook.com/docs/opengraph/authentication/
The key concept here is that the user is anonymous until you ask them to connect in your app.
Ive searched high and low for an answer to this on here but havent been able to find anything. Please answer if you can, its appreciated.
The Setup:
Im learning how to work with the PHP Facebook API SDK by using one of the examples as a base. Im new to working with APIs so Im a little confused and have been having a problem trying to list a users groups.
The Question:
Ive got the app made. Ive got the proper permissions and extended permissions. I am able to get the users name and basic info.
I think my problem comes with the access token required to access the extended permission needed to get a users groups. Im not sure if Im sending it to the API correctly.
This is what Ive got:
<?
if($user_id) {
// We have a user ID, so probably a logged in user.
// If not, we'll get an exception, which we handle below.
try {
$access_token = $facebook->getAccessToken();
$user_profile = $facebook->api('/me','GET');
$user_groups = $facebook->api('/me/groups','GET', array( 'access_token=' => $access_token ));
echo "Name: " . $user_profile['name'];
echo "<br />";
echo "Groups: " . $user_groups['name'];
} catch(FacebookApiException $e) {
// If the user is logged out, you can have a
// user ID even though the access token is invalid.
// In this case, we'll get an exception, so we'll
// just ask the user to login again here.
$args['scope'] = 'user_groups,user_likes';
$login_url = $facebook->getLoginUrl($args);
echo 'Please login.';
error_log($e->getType());
error_log($e->getMessage());
}
} else {
// No user, print a link for the user to login
$args['scope'] = 'user_likes,user_groups';
$login_url = $facebook->getLoginUrl($args);
echo 'Please login.';
}
?>
Any help is appreciated.
Thanks.
I'm not exactly sure, but here are a few points:
There's no reasons to manually add the access token when using a facebook sdk, those will add the access token for you. Should be:
$user_groups = $facebook->api('/me/groups','GET');
The format of the json encoded result for the "/me/groups" is completely different than of the "/me".
Where the result for "/me" is just a set of key/value data, the result for "/me/groups" is wrapped inside a "data" parameter which is an array of objects.
As it states in the User Object documentation (under the groups connection):
An array of objects containing the version(old-0 or new Group-1),
name, id, administrator (if user is the administrator of the Group)
and bookmark_order(at what place in the list of group bookmarks on the
homepage, the group shows up for the user).
When in doubt about how facebook responses to different queries, use the Graph Explorer tool with which you can test the different queries and see the responses that facebook returns.
For example the result for /me and the result for /me/groups
Please give me some idea that how to access user's information through facebook application even though i have created one app which was registered in facebook which allow the users to add with that application so that we can access the user's information through the registered application.
Please reply me soon as possible
check http://php-drops.blogspot.com/2011/04/facebook-login-fconnect-graph-api-php.html
That's going to depend on how much information you're looking to get about the user. You can use the signed_request object to get the user that's signed in:
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_url_decode($payload), true);
And from the data get the user
$user = $data->user;
Once you have a verified and logged in user, you can use the graph API to get back what you want about the user as long as you've set up your permissions correctly:
$user_profile = $facebook->api('/me','GET'); // with $facebook being your authenticated FB object
The $user_profile will have all of the information about the user that's listed on this link:
FB User Object
Let me know if that's what you were asking about. The above information is based on a PHP program, you can do most of that with the FBJS code as well.
I want to implement facebook connect on my site. I have used the oauth api to obtain a permissions request for the app.
However, I am having the following problem.
If a user signs into my site for the first time using facebook connect, i need to create a new username / password for him (on my site) to be able to surf my site and have all the session variables set. However, what should i use as the username / password ?
I understand that a facebook user can change his email address.
How do i handle users who are logging in using facebook connect for the second or third time (who are already members of my site) ? I need not create a user for them on my site as its already created when he logged in for the first time. Do i check for email address to see if the facebook user's email address exists in the database ? Also, comes the same problem that a facebook user can change his email address.
What is the one thing that does not change for a facebook user that i can use for his username ? Also, what do i use for his password ? Also, i understand that if i use username/password from available app data, then using normal mechanism a user can login to my site too. How do i prevent this security hole ?
Please help.
I use the information that facebook send in the callback (facebook unique user id or normal id)and then check if the user is on my database, if not i insert him but i leaving blank the othe rstuff like password or user email (also you can request that info too check the line 418 in the php api and add "'req_perms' => 'email',")because i can retrive that data when they connect again and then set the sessions like allways.
if the users change teh email just check that on every login and update the data.
example:
$facebook = new Facebook(array(
'appId' => 'xxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'cookie' => true,
));
$session = $facebook->getSession();
$me = null;
// Session based API call.
if ($session) {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
}
}
// login or logout url will be needed depending on current user state.
if ($me) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
if ($me) {
if (!isset($_SESSION["usr_id"])){
$_SESSION["usr_id"] =$me['id'];
$_SESSION["usr_name"]=$me['name'];
// or do your sql verification and then set the sessions
}
}
/////////////////////////////////////////////
Facebook offers user's unique ID. You can recognize user with this information.
I know I can request:
https://graph.facebook.com/me?access_token=ACCESS_TOKEN
But 'me' which refers to the 'active user' which presumably is the user logged on to facebook on this machine which would be the server, I need the facebook user at the clients end user_id so my server can make requests to the GraphAPI about that user using the format:
https://graph.facebook.com/USER_ID?access_token=ACCESS_TOKEN
I guess you are missing the fundamentals of the user authentication concept which is not only related to Facebook.
Let us assume that two users A & B visited domain.com/fb_profile.php, which contains (the example file from the PHP-SDK):
<?php
require '../src/facebook.php';
$facebook = new Facebook(array(
'appId' => 'APPLICATION_ID',
'secret' => 'APPLICATION_SECRET',
'cookie' => true,
));
$session = $facebook->getSession();
$me = null;
// Session based API call.
if ($session) {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
}
}
// rest of code
They both logged in successfully, and the page reloaded. What happened now is that we have a valid session for both users!
And when the fb_profile.php is requested from the user A (client) the $facebook->api('/me'); will be holding the "active user" details from that specific request (client)! and your machine (the server) will be holding the sessions for all the logged in users!
So each time fb_profile.php is requested from a client with a valid session, the result of executing $facebook->api('/me'); will be related to that specific session from that specific client!
So what have you said here (in bold) is wrong:
But 'me' which refers to the 'active
user' which presumably is the user
logged on to facebook on this machine
which would be the server
And by the way, when you have a valid session both:
$facebook->api('/me');
And:
$facebook->api('/USER_ID');
Will return the same info (of course the USER_ID is the id of the user logged in on the client-side).
Looking at the source code of the SDK's I found they parse the user_id from the access token:
/*
* access_token:
* 1249203702|2.h1MTNeLqcLqw__.86400.129394400-605430316|-WE1iH_CV-afTgyhDPc
* |_______|
* |
* user id
*/
BUT one shouldnt have to do this as instead of requesting the token your app should redirect them to the landing page following which facebook will re POST the signed_request with the access_token and user_id. The facebook documentation on authorisation (it seems to have since been updated) wrongly told ones app to request token but that is only applicable for websites not apps. I find it annoying how the facebook docs keep telling one how simple it is yet they fail to simply explain it and get wrong anyway...