I have seen a few similar questions but I think this is new...
I am trying to add a popover on a blog that will contain a Facebook like button for a Facebook page and wil only show if the user does not already like the Facebook page.
Reading through the documentation this should be achievable with the Graph API pages.isFan method but does this require the user to give permissions? If so would it be possible to not have the app request permissions but rather fail gracefully?
Any help much appreciated.
You can tell if a user likes a page from the signed_request which is sent in the request from facebook. You don't have to query the graph api.
We use c# and get it like so:
protected void Page_Load(object sender, EventArgs e)
{
Result = DecodePayload(Request["signed_request"]);
}
public JObject DecodePayload(string payload)
{
var encoding = new UTF8Encoding();
var decodedJson = payload.Split('.')[1].Replace("=", string.Empty).Replace('-', '+').Replace('_', '/');
var base64JsonArray = Convert.FromBase64String(decodedJson.PadRight(decodedJson.Length + (4 - decodedJson.Length % 4) % 4, '='));
Json = encoding.GetString(base64JsonArray);
var result = JObject.Parse(Json);
return result;
}
Then in the page
<% if (Result["page"] == null || Result["page"]["liked"] == null || !(bool) Result["page"]["liked"])
{%>
Content if liked
<%}%>
One more important thing as of the 30th March the page layout is changing to timeline and you should be aware of a bug currently that does not refresh the page upon liking it see this:
Does anyone know a fix for the lack of page refresh on facebook timeline pages when liking?
UPDATE
The php for decoding the signed request is:
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
Related
How could i get the userid and name of a user who's visiting my facebook page or atleast after like my page? I've created a fan-gate i.e. one page for not fans and another page for those who liked my page. I wanted to display Thank you Mr. ABC
for fan gate mechanism I have used signed request.
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$liked=0;
if ($_REQUEST) {
$response = parse_signed_request($_REQUEST['signed_request'], FACEBOOK_SECRET);
$liked=$response[page][liked];
}
I can understand that Facebook disallows to access user information from page itself. But as I believe javascript and jquery are client side scripts and using this i could be able to fullfill my requirements. Eventhough I had no luck being success, the idea behind my concept is to access certain tag/selector and retrieve the content inside of parent window of facebook page frame container. i.e.
creating a jquery script to access parent window
Facebook's top menu contains small image thumbnail and Full Name of logged in user
using jquery's tag selector to retrieve the content of that html tag
This is not possible. You would have to create an application and prompt the user for permissions to access their account. Liking a page alone is not sufficient to figure out who the user is.
Finally I found an answer to my question and shared here. Make it useful for you also.
i am developing a Facebook iframe app with Facebook credit API. i am using FB JavaScript SDK for that. but i am unable to find out any sample code in java or JSP for FB credit callback URL. all i found is te PHP code and i dont know PHP much.. can anyone convert it for me in JSP or Java?
here is the php sample code
**
* Copyright 2004-Present Facebook. All Rights Reserved.
*
* You should reference https://developers.facebook.com/docs/credits/ as you
* familiarize yourself with callback.php. In particular, read all the steps
* under "Credits Tutorial" and "Credits Callback".
*
* Your application needs the following inputs and outputs
*
* #param int order_id
* #param string status
* #param string method
* #param array order_details (JSON-encoded)
*
* #return array A JSON-encoded array with order_id, next_state
* (optional: error code, comments)
*/
// Enter your app information below
$app_secret = '<app_secret>';
// Prepare the return data array
$data = array('content' => array());
// Parse the signed_request to verify it's from Facebook
$request = parse_signed_request($_REQUEST['signed_request'], $app_secret);
if ($request == null) {
// Handle an unauthenticated request here
}
// Grab the payload
$payload = $request['credits'];
// Retrieve all params passed in
$func = $_REQUEST['method'];
$order_id = $payload['order_id'];
if ($func == 'payments_status_update') {
// Grab the order status
$status = $payload['status'];
// Write your apps logic here for validating and recording a
// purchase here.
//
// Generally you will want to move states from `placed` -> `settled`
// here, then grant the purchasing user's in-game item to them.
if ($status == 'placed') {
$next_state = 'settled';
$data['content']['status'] = $next_state;
}
// Compose returning data array_change_key_case
$data['content']['order_id'] = $order_id;
} else if ($func == 'payments_get_items') {
// remove escape characters
$order_info = stripcslashes($payload['order_info']);
$item_info = json_decode($order_info, true);
if ($item_info == "abc123") {
// Per the credits api documentation, you should pass in an item
// reference and then query your internal DB for the proper
// information. Then set the item information here to be
// returned to facebook then shown to the user for confirmation.
$item['title'] = 'BFF Locket';
$item['price'] = 1;
$item['description'] = 'This is a BFF Locket...';
$item['image_url'] = 'https://www.facebook.com/images/gifts/21.png';
$item['product_url'] = 'https://www.facebook.com/images/gifts/21.png';
} else {
// For the sake of the sample, we will default to this item if
// the `order_info` reference passed from your JS call is not matched
// above.
$item['title'] = 'A Facebook Hat';
$item['price'] = 1;
$item['description'] = 'The coolest hat you\'ve ever seen.';
$item['image_url'] = 'https://www.facebook.com/images/gifts/740.png';
$item['product_url'] = 'https://www.facebook.com/images/gifts/740.png';
}
// Put the associate array of item details in an array, and return in the
// 'content' portion of the callback payload.
$data['content'] = array($item);
}
// Required by api_fetch_response()
$data['method'] = $func;
// Send data back
echo json_encode($data);
// You can find the following functions and more details
// on https://developers.facebook.com/docs/authentication/canvas.
function parse_signed_request($signed_request, $app_secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// Decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// Check signature
$expected_sig = hash_hmac('sha256', $payload, $app_secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
One sample, I will link more as I get.
https://github.com/facebook/facebook-android-sdk
http://code.google.com/p/facebook-java-sdk/
I have created a application and connected it to a fan page so that application content is loaded in that page.
To access user_id and name of user can only be accessed if user have authorized the application.
How application can be authorized at the same time as user have liked the page?
I mean that when user clicks on like page button application authorization dialog box should also appear. Or if i am wrong please suggest the right way.
--- EDIT ----
I am using php-sdk v3.1.1.
This isn't possible, the page like button is not connected in any way to your application.
What you can do is parse the signed_request parameter which is passed to your application to check if the user has liked the page, if he did you can then check if you can get the user object and redirect him to authorization if needed.
If you don't need the user id or any other extended features (such as posting to the wall) and just want to check if a user has liked the page you can just use the signed request and forget about the rest of the authorization.
You can decode the signed_request using your application secret key and the following function:
function parse_signed_request_outside($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode_outside($encoded_sig);
$data = json_decode(base64_url_decode_outside($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode_outside($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
In order to determine the like you need to do the following:
$secret = "SECRET KEY";
$decodedSignedRequest = parse_signed_request_outside($_REQUEST['signed_request'], $secret);
if ($decodedSignedRequest['page']['liked'] == 1){
{
// load content
}
How can U display different iframe app for fans and non-fans of a page without asking user about permissions like Static Iframe Tab app (http://www.facebook.com/iframehost) is doing?
Take a look at the data you get from facebook in the so called "signed request". There is a flag included that fits your needs (true if the user has liked the page, otherwise false).
here's the code for that signed request check:
$signed_request = $_REQUEST['signed_request'];
function parsePageSignedRequest(){
if (isset($_REQUEST['signed_request'])){
$encoded_sig = null;$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
return $data;
}
return false;
}
if($signed_request = parsePageSignedRequest()){
if($signed_request->page->liked) {
// put your "Liked Page Content Here"
} else {
// put your "Alternate" Page Content Here.
}
}
I was wondering how to access the custom fields people filled in after registering on your site with Facebook registration form.
I understand the usage of the PHP SDK environment a bit, and can access gender, name, etc. easily, but I have no idea how to do this with custom fields you yourself created.
I would prefer to receive an answer related to PHP SDK, but any is good.
thanks in advance!
Once the registration form is submitted, a signed_request holding ALL the data you need will be send back to your server on the URL you specify redirect_uri, how to "extract" these data is explained in the documentation (PHP Example reading signed_request section):
<?php
define('FACEBOOK_APP_ID', 'your_app_id');
define('FACEBOOK_SECRET', 'your_app_secret');
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
echo '<p>signed_request contents:</p>';
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
echo '<pre>';
print_r($response);
echo '</pre>';
} else {
echo '$_REQUEST is empty';
}
?>