When the Joomla! (1.5.26) session has expired, I redo the login, after submitting username and password I get this message: "You are currently logged in to the private area of this site."
If I click on another internal-link the redirection works, but if I re-click on the same return url link (where I was where the session has expired) I re obtain the previous message, but I'm logged in correctly!
I use the Joomla! SEF. No other external component/module/plugin.
To make it running I have to delete manually the browser's cache!
Ideas?
Just had this happen to me, and remembered seeing your question. I don't know what your SEF ramifications are, but in my case, the native Joomla url works "normally":
http://mysite.com/?option=com_mycomponent&view=myview&Itemid=48
When I inadvertently excluded "view" like below, it gave me the same result as you're experiencing:
http://mysite.com/?option=com_nmm&Itemid=48
This suggests to me that your SEF is translating the friendly url into an invalid Joomla url. Hope this helps! Joomla knows you're logged in, but is missing all the info it needs to display whatever it is that you're expecting.
After months I got it!!!
Joomla! 1.5.26 line 324 in the file /libraries/joomla/application/application.php
Comment the following lines
/*
if (!$moved && strstr(strtolower($_SERVER['HTTP_USER_AGENT']), 'webkit') !== false) {
// WebKit browser - Do not use 303, as it causes subresources reload (https://bugs.webkit.org/show_bug.cgi?id=38690)
echo '<html><head><meta http-equiv="refresh" content="0;'. $url .'" /></head><body></body></html>';
}
else {
// All other browsers, use the more efficient HTTP header method
header($moved ? 'HTTP/1.1 301 Moved Permanently' : 'HTTP/1.1 303 See other');
header('Location: '.$url);
}
*/
And leave only
// All other browsers, use the more efficient HTTP header method
header($moved ? 'HTTP/1.1 301 Moved Permanently' : 'HTTP/1.1 303 See other');
header('Location: '.$url);
The webkit bug has been resolved. Check here: Bug 38690 - Submitting a POST that leads to a server redirect causes all cached items to redownload
Related
I created app in facebook by this tutorial: https://developers.facebook.com/docs/appsonfacebook/pagetabs/
It's only page tab, so the page is loaded by iFrame, but facebook return this error:
"400 Bad Request
Your browser sent a request that this server could not understand."
Any ideas ?
I had the same problem. It's becouse there is a POST request for your page instead of GET. You can solve it (well... kind of) by putting this PHP code in the very beggining of your page:
if ($_POST) {
header("Location: " . $_SERVER['REQUEST_URI']);
exit();
}
I'm utilizing the Facebook PHP SDK on its own. I do not want to use the JS SDK at all.
Because getUser(); from the SDK can return a user id even if the user is not logged in, I have opted for using a try/catch statement to check if the user is logged in.
try
{
$me = $CI->facebook->api('/me');
$CI->our_fb['is_fb']='YES';
echo "hello";
}
catch(FacebookApiException $e)
{
echo "catch";
}
This statement is included in the global include file of all of my files (for simplicity).
So, depending on the situation, I generate a Facebook login URL. The expected functionality is that the user logins to Facebook, authorises the app, is returned to the redirect URI set in the login URL at which point the try statement will execute, and $CI->our_fb['is_fb'] will be set.
This is however not happening.
If the user is already logged into Facebook and the app is authorised, it works perfectly. SUCCESS
If the user is not logged into Facebook, once redirected the variable is not set. FAILURE
If the user is logged in but the app is NOT authorised after redirect the variable is not set. FAILURE.
In the latter two cases if you simply refresh the page, the variable is set - SUCCESS. Refreshing the page is however unnecessary/pointless extra effort.
My problem is that if you need to login to FB/or authorise the app e.g the first time you login with FB, you have an additional unneeded refresh, and I don't know why.
I suspect it is something to do with the cookie/session? Which saves the access token that I assume is returned/passed to the SDK automatically not being set at the same time?
Anyone got any ideas?
If you're having an app on facebook (tab or canvas). PHP SDK only get the User ID on initial loading of a page because a signed_request is sent with the request to your app.
But, when the app refreshes, the signed_request is lost (as it's facebook who send it).
So, in this case, you can append the signed_request to every URLs your use in your app - but that's really not optimal as the signed_request won't be regenarated - neither refreshed.
Your only real option is to rely on the JS SDK to set cookie correctly and allow getUser to work as expected. This is required because you're considered as a third-party app in Facebook (being in an iframe) and most browser will block you from setting cookies - so you need a work around handled by the JS SDK for you. You can search for cross-domain cookies or third-party cookie for explanation about the workarounds, but these workaround only work via JS scripting and iframe management.
Also, be sure to setup the JS SDK correctly: channel file, cookie allowed, and send P3P headers (for IE).
You can also check this related question: A proper approach to FB auth
About website, the same mostly stays (but you have no signed_request). At this point, seriously consider using the JS SDK as it's way easier. Or else, you can make sure your app flow follow these guidelines: https://developers.facebook.com/docs/concepts/login/login-architecture/
The way I am seeing this is, you are trying to avoid that refresh if the user is not logged in and precedes to log in after the page has initially loaded.
So what you can do is make an ajax request to another page on your site, say for example id.php, which just loads the php sdk and echo $userid; and then you can grab the user id after login without the refresh.
Basically the cookie is used to save the signed request and session is used to save 'state', 'code', 'access_token', 'user_id'. If the above are present PHP SDK uses them, no matter if they are valid or not.
I think your problem lies in the CODE sent by facebook. Specifically these lines in base_facebook.php:
if ($code && $code != $this->getPersistentData('code')) {
$access_token = $this->getAccessTokenFromCode($code);
...
protected function getAccessTokenFromCode($code, $redirect_uri = null) {
if (empty($code)) {
return false;
}
if ($redirect_uri === null) {
$redirect_uri = $this->getCurrentUrl();
}
...
Because CODE is issued for specific url sometimes there is such situation: Visitor arrives on www.example.com. He givies permissions and is redirected to example.com/login. But the code is not valid there, so the getUserAccessToken returns false. When you refresh the page you get same urls and everything's fine.
You're on the right track of not using getUser() because as I wrote above it's taken from the session if available.
My server use only https with an htaccess redirect at root level, when my tab app is called from a FB page if the user use an http connection I lost the signed request.
Everyone knows a solution?
How to force Facebook to use https when call a tab?
thanks
luc
How to force Facebook to use https when call a tab?
In theory, HTTP status codes 307 (Temporary Redirect) and 308 (Permanent Redirect) should be used for this, since they require the method to stay the same, so the client would have to fetch the resource that’s been redirected to using POST with the same data again.
However, I have no experience how well this works with the browsers that are out there.
Probably better to “redirect” client-side, using JavaScript. Of course, that requires a resource that is available using HTTP only, and is not redirected server-side to it’s HTTPS counterpart.
In the future, this “problem” will go away on it’s own, I assume – since Facebook announced end of last year that they will move all users to HTTPS; so I think some time from now we won’t be required to give a HTTP URL for canvas/page tab apps any more, and use just one HTTPS version.
I resolved in this way:
In the FBapp manager I used as http url a page created on a different server that accept http.
In this page I used the following code .
$signed_request = $facebook->getSignedRequest();
$page_id = $signed_request["page"]["id"];
$fql_query_url = "https://graph.facebook.com"
."/$page_id?fields=link"
."";
try {
$fql_query_result = #file_get_contents($fql_query_url);
$fql_query_obj = json_decode($fql_query_result, true);
} catch(Exception $o){ }
$pageinfo = $fql_query_obj[link];
$pageinfo = str_replace("http://","https://",$pageinfo);
$tabpage = "$pageinfo"."?sk=app_$appId";
echo "
<!-- force tab iframe -->
<script type=\"text/javascript\">
top.location.replace('$tabpage');
</script>
";
?>
that's all
Anyone seen this error?
I am using the following javascript to connect to facebook..
$("#fbsignin").click(function(){
FB.login(function(response) {
if (response.session) {
$('#fb_signin').submit();
} else {
// $('#fb_authfail').click();
}
}, {perms: 'email,user_location,publish_stream'});
});
Chrome, Safari and Firefox work great. IE 7 & 8 work as well as long as I am logged into facebook in another tab/window. If I don't have a FB session and if I am required to enter the email/password in the FB pop, then I just get an error which says "An error occured". I can close that window and try authenticating again and it works. I searched through the questions and
I have the <div id="fb-root"></div> right after the <body> tag.
It could be a P3P issue. People have found in the past that if the correct P3P headers are not sent, Internet Explorer will ignore any cookies it receives. Its an irritating and undocumented problem.
For PHP, include this at the start of your script (before any output):
header('P3P: CP="CAO PSA OUR"');
For Apache (or a .htaccess file), include:
Header set P3P "CP=\"CAO PSA OUR\""
(note that the above directive is untested, if someone could verify, that'd be great.)
I'm trying to integrate my project with Facebook. I'm taking baby steps at first and just trying to login, get a Facebook session, and get some user data. I'm developing it locally so my Facebook application settings are:
site URL: http://127.0.0.1:8888/mySite/
The canvas URL is the same as above. I haven't specified a site domain.
However, when I click on the login button, I get an error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
At the moment I haven't written any server-side code to deal with redirects, etc. All I've done is add the JavaScript SDK based on the tutorial in Facebook for Websites.
What have I done wrong? It's obviously something to do with my Facebook application settings, but I can't see what!
UPDATE:
To answer the API Error Code: 191
The redirect_uri should be equal (or relative) to the Site URL.
Tip: Use base URLs instead of full URLs pointing to specific pages.
NOT RECOMMENDED: For example, if you use www.mydomain.com/fb/test.html as your Site URL and having www.mydomain.com/fb/secondPage.html as redirect_uri this will give you the 191 error.
RECOMMENDED: So instead have your Site URL set to a base URL like: www.mydomain.com/ OR www.mydomain.com/fb/.
I went through the Facebook Python sample application today, and I was shocked it was stating clearly that you can use http://localhost:8080/ as Site URL if you are developing locally:
Configure the Site URL, and point it
to your Web Server. If you're
developing locally, you can use
http://localhost:8080/
While I was sure you can't do that, based on my own experience (very old test though) it seems that you actually CAN test your Facebook application locally!
So I picked up an old application of mine and edited its name, Site URL and Canvas URL:
Site URL: http://localhost:80/fblocal/
I downloaded the latest Facebook PHP-SDK and threw it in my xampp/htdocs/fblocal/ folder.
But I got the same error as yours! I noticed that XAMPP is doing an automatic redirection to http://localhost/fblocal/ so I changed the setting to simply http://localhost/fblocal/ and the error was gone BUT I had to remove the application (from privacy settings) and re-install my application and here are the results:
After that, asked for the publish_stream permission, and I was able to publish to my profile (using the PHP-SDK):
$user = $facebook->getUser();
if ($user) {
try {
$post = $facebook->api('/me/feed', 'post', array('message'=>'Hello World, from localhost!'));
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
Results:
For me, it was a missing app domain. Go into the app, and make sure that you have the root of your site set up as an app domain. See screenshot.
This is just because of a URL mistake.
Whatever website URL is specified should be correct.
I mentioned website URL as http://localhost:3000/
and domain as localhost, but in my browser I was running http://0.0.0.0:3000/.
When I ran server as localhost:3000 it solved the problem.
As I mentioned, the site URL as localhost Facebook will redirect to the same, if we are running
0.0.0.0:3000, it will rise error that "Given URL is not allowed by the Application configuration".
I was also facing the same problem when I am using the facebook authentication method.
But I rectify that issue with following changes in Facebook api (Apps >> My App >> Basic).
I removed the url which i have given in
===> App on Facebook (Canvas URLs)
I gave site url only in
===> Website with Facebook Login option
Then i gave that AppId and App Secret in my webpage.
So by clicking on login button, It ask for access permissions then it redirect it to give url (Website with Facebook Login ).
I fixed this by passing the redirect url to the FacebookRedirectLoginHelper::getAccessToken() in my callback function:
Changing from
try {
$accessToken = $helper->getAccessToken();
}
...
to
try {
$accessToken = $helper->getAccessToken($fbRedirectUrl);
}
...
I am developing on a vagrant box, and it seems FacebookRedirectLoginHelper::getCurrentUrl() had issues generating a valid url.
Had the same problem:
$params = array('redirect_uri' => 'facebook.com/pages/foobar-dev');
$facebook->getLoginUrl($params);
When I changed the redirect_uri from the devloper page to the live page, 191 Error came up.
So I deleted the $params:
$facebook->getLoginUrl();
After the app-request now FB redirects to the app url itself f.e.: my.domain.com
What I do now is checking in index.php of my app if I'm inside FB iframe or not. If not I redirect to the live FB page f.e.:
$app = 'facebook.com/pages/foobar-live';
$rd = (isset($_SERVER['HTTP_REFERER'])) ? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) : false;
if ($rd == 'apps.facebook.com' || (!isset($_REQUEST['signed_request']))) {
echo '<script>window.parent.location = "'.$app.'";</script>';
die();
}
I have noticed also that even if you specify your website under secion - Website With Facebook Login -> Site url as e.g. http://example.com, but if your App Domains section is empty, and you open website as www.example.com you will get this error, too. To avoid it in "App Domains" section write example.com, that will allow subdomains, like www.example.com, something.example.com etc
in the facebook App Page, goto the basic tab. find "Website with Facebook Login" Option.
you will find Site URL: input there put the full URL ( for example http://Mywebsite.com/MyLogin.aspx ). this is the URL you can use with the call like If the APP ID is 123456789
https://graph.facebook.com/oauth/authorize?client_id=123456789&redirect_uri=http://Mywebsite/MyLogin.aspx&scope=publish_actions
Something I'd like to add, since this is error 191 first question on google:
When redirecting to facebook instead of your own site for a signed request, you might experience this error if the user has secure browsing on and your app does redirect to facebook without SSL.
Working locally...
I couldn't get the feeds api to work, but the share api worked pretty much straight away with no problems.
For me it's the Valid OAuth Redirect URIs in Facebook Login Settings. The 191 error is gone once I updated the correct redirect URI.