I am using php-sdk for showing facebook information of the user. I have successfully shown the user profile info but while fetching any album or photos I am getting the blank data to me. I read the photos requires access_token.
Also if I put this query in the facebook graph api explorer it showing me the perfect result. So query is right may be my way of passing the url is wrong.
I am not getting the issue.
Please help.
';
$app_secret = '';
$my_url = '';
$config = array(
'appId' => '<appid>',
'secret' => '<appsecrete>',
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
$code = $_REQUEST["code"];
if($user_id) {
//auth user
if(empty($code)) {
$dialog_url = 'https://www.facebook.com/dialog/oauth?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url) ;
echo("<script>top.location.href='" . $dialog_url . "'</script>");
}
//get user access_token
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url)
. '&client_secret=' . $app_secret
. '&code=' . $code;
$access_token = file_get_contents($token_url);
$fql_query_url = 'https://graph.facebook.com/'.'fql?q=SELECT+pid,src_small+FROM+photo+WHERE+aid+IN+(SELECT+aid+FROM+album+WHERE+owner=+me())&'.$access_token;
$fql_query_result = file_get_contents($fql_query_url);
$fql_query_obj = json_decode($fql_query_result, true);
//display results of fql query
echo '<pre>';
print_r("query results:");
print_r($fql_query_obj);
echo '</pre>';
}
?>
One parameter needs to be add for $dialog_url variable which is 'scope' which defines permissions to be given for application
$dialog_url = 'https://www.facebook.com/dialog/oauth/?client_id='.$app_id.'&redirect_uri='.urlencode($my_url).'&scope=user_photos';
echo("<script>top.location.href='" . $dialog_url . "'</script>");
for reference,
http://developers.facebook.com/docs/reference/dialogs/oauth/
Thanks
Shreyas
Related
I need someone help.
When I open https://developers.facebook.com/docs/reference/api/ and clicked https://graph.facebook.com/me/likes?access_token=blablabla, I got all page that I've liked.
My questions was, from where I got the access_token value? can I get it by script?
Facebook developer site leverages an internal test console application that all developers can use to test calls within the documentation, site automatically appends the access_token.
A next place one can find the access token is https://developers.facebook.com/tools/explorer with the Graph API Explorer app.
You can also get it via script by following one of the authentication flows described at http://developers.facebook.com/docs/authentication/
You will need to create an application at https://developers.facebook.com/apps then,
For example via PHP using a server side flow,
Redirect the user to the OAuth Dialog ($dialog_url shown below)
A code will be given in response
Exchange the code for a user access token ($token_url shown below)
<?php
$app_id = "YOUR_APP_ID";
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_URL";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me/likes?access_token="
. $params['access_token'];
$likes = json_decode(file_get_contents($graph_url));
print_r($likes); // A dump of the likes data
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
See more of the reference information available at http://developers.facebook.com/docs/authentication/server-side/
since this article is not answering the question ( How to get user access token? ), I wanted to ask how to get the user access token.
I already have my app access token, easy. I also saw in the latest php sdk Base_facebook class there is an getUserAccesstoken function, but its useless because in the end you only get the app access token.
This is my authentification flow:
user gets into the fanpage app, and at some point, he has to authorize permissions:
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $secret,
'cookie' => true
));
$user = $facebook->getUser();
if($user == 0) {
$login_url = $facebook->getLoginUrl($params = array('scope' => "publish_stream", 'redirect_uri' => "https://www.facebook.com/pages/PAGENAME/PAGE-ID?sk=app_APP-ID0&app_data=af"));
echo ("<script> top.location.href='".$login_url."'</script>");
}
This works, fine, app_data "af" param is set to get back the page inside the fanpage app.
Because I realize, that when I remove the app, and get back to the auth page, the user cookie ($user) is still set and so the user wont be asked for permissions again.
For that reason I wanted to check permissions as well, and therefore I need the user access token
try{
$permissions = $facebook->api("/me/permissions", 'GET', array('access_token' => "$access_token" ));
}
catch (Exception $e) {echo ("<script> top.location.href='".$login_url."'</script>"); }
if( array_key_exists('publish_stream', $permissions['data'][0]) ) {
// Permission is granted!
} else {
echo ("<script> top.location.href='".$login_url."'</script>");
}
So I tried the server side auth example (https://developers.facebook.com/docs/authentication/server-side/), but of course this won't work here as you are not able to read the $_REQUEST from inside the app, so I am gonna stuck here. - How do you guys check for the permission inside an app?
$app_id = "YOUR_APP_ID";
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_URL";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
TIA & cheers,
daniel
See the section of the Facebook Developer Docs about Server-Side authentication: https://developers.facebook.com/docs/authentication/server-side/
Or you can use a hybrid client-server authentication:
http://developers.facebook.com/blog/post/534/
When a user is connected with Facebook and came on my page getUser() return 0.
I use this code:
include 'includes/php/facebook.php';
$app_id = "APP_ID";
$app_secret = "SECRET_KEY";
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
'cookie' => true
));
$user = $facebook->getUser();
if($user){
try {
$user_profile = $facebook->api('/me');
}catch(FacebookApiException $e) {
error_log($e);
}
}
When the page is loaded completely the FB.Event return "connected".
FB.Event.subscribe('auth.login', function(response) {
FB.api('/me', function(response) {
window.location.reload();
});
});
And then the page loaded twice. After this the User is connected with my page.
Is that correct, the page must loaded twice ? I think this is not user friendly. Knows someone another possibility ?
Why getUser() return 0 on the first page load ?
EDIT 2:
When I use the example from the Server-Side Authentication. And the User ist connected with Facebook, i get the user-details.
<?php
$app_id = "YOUR_APP_ID";
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_URL";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
When the user is not connected with Facebook, I get the dialog before i came back to my page. Can i also query the connection to facebook without the dialog ? Or can i on an other way genereate the CSRF ?
I'm not sure if you just did not post the code with which you authenticate the user, or you just don't do that part..
It's not enough to construct a Facebook object, you need to authenticate the user with facebook.
Have you read the authentication documentation?
There are two types of flows you can take, the Server-Side and Client-Side, from your code it seems like you need to use the server side flow in order to have an access token for the user on the php side, then the call for the getUser method should return the user object you want.
If I'm mistaken and you are authenticating the user, then please edit your question and add the code you use for that.
I have a simple task to do but i am unable to find a solution for my problem.
I have a facebook page tab. Now i want to get the email permission of a user accessing my app and then display his email address on the page tab directly.
I found a solution in the facebook documentation that gets the permission an then redirects to a given url. That works fine. But how can i redirect back to my page tab? if i try to enter the page tab url it just goes to an indefinite loop. (because the $code variable is not set it seems)
<?php
$app_id = "APP_ID";
$app_secret = "APP_SECRET";
$my_url = "REDIRECT_URL";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&scope=email" . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Mail: " . $user->email);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
Use the JavaScript SDK as it is all client-side and you will have easier control over where and when things happen. The login dialog can be a modal FB.login() and then call the FB.api() to get the user's email. See: http://developers.facebook.com/docs/reference/javascript/
If you want to do it server side I suggest you use the facebook php sdk at https://developers.facebook.com/docs/reference/php/
it makes things a lot easier. hth.
I have this facebook login code
$app_id = "xxxxxxxxxxxxxx";
$app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$my_url = "http://xxxxxxxxxxxxx";
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
print_r( $dialog_url);
die();
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name ." Create Event");
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
can I test if I am already connected to facebook website, consider it login to this page ? and no login link is being displayed ?
The question is pretty old but the answer might be helpful to others who finds similar situation. I guess, what you mean to say is to check if you code has successfully logged you to ur facebook account.
Security settings in facebook now has a feature to watch active sessions, gives you the information of when and from where have you logged in to your account. It is under:
Account Settings > Security > Active Sessions
What you can do is logout of all the sessions with end activity & finally logout of current session, then run the code. Now login via browser (or a different device, but login via browser or a different browser works fine) to see if you have got any more active sessions.