I have created a Page Tab Facebook App where I want to display different content depending on the user being a fan or not. (Also called fan gate, landing page or reveal page)
For this I'm using the PHP SDK, in specific the following code:
<?php
require 'src/facebook.php';
$facebook = new Facebook(array(
'appId' => 'APP_ID',
'secret' => 'APP_SECRET',
'cookie' => true,
));
?>
And in the content:
<?php
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {?>
Thank you for liking our Page!
<?php } else { ?>
You haven't liked our page yet..
<?php };
// Debugging Code
echo "REQUEST:<br>";
print_r($_REQUEST);
echo "<br>GET:<br>";
print_r($_GET);
echo "<br>POST:<br>";
print_r($_POST);
?>
This works when I'm logged in with my Facebook User and when I use it on my own Page.
Meaning the signed_request is present in both $_POST and $_REQUEST.
However, when I test it with another user, there is no signed_request value in those variables..
Notes:
- I already took a look at my URL Settings in the App Configuration (300 Redirect and stuff) but this looks fine, and like I said with my User it's working..
- the signed_request is not just empty, it doesn't even exist.
Does anybody have similar issues?
I would not mind using the Javascript SDK instead of PHP if it works then, but I'm not very experienced in Javascript.
EDIT:
As i found out you always have to have a non-secure (http) and a secure (https) URL.
Even if you enter a secure URL as the standard URL, facebook will contact it using http and will then get redirected (depends on server configuration) to the https, which makes you lose your signed_request.
I just had a similar problem. In my case the problem was that in the app config i had not put a slash at the end of the tab URL which was referencing a directory (with an index.php in it). So i got a redirect to the same URL with a slash at the end and lost the $_POST this way.
signed_request is never passed via GET but POST. $_REQUEST contain data according to configuration in php.ini (request_order or variables_order)
Since you are using PHP-SDK it's better to use it for signed_request retrieval:
$signed_request = $facebook->getSignedRequest();
$liked = $signed_request['page']['liked'];
For applications running in Page Tab signed_request is always passed, so if you not get it ensure there is no redirections that omit POST data being passed.
Related
During the past few hours I've been working on a "web app" for our hostesses. Its purpose is to login a facebook user and send him to next page where are like boxes with sign out button. This part is done, however I would like to make the process faster by inserting a likejacking script, so the user doesn't have to do anything but to log in and log out.
But I have one problem - how to check if the user is Fan or not (because if he already liked the page he will unlike it)? I've tried a solution which I'm using on my FB pages to fan gate, but it is not working outside facebook.
Here is the code I was trying to use:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => '0000000',
'secret' => '1654adadadada',
'cookie' => true
));
?>
<div id="fb-root"></div>
<?php
$signed_request = $facebook->getSignedRequest();
if ($signed_request['page']['liked'])
{
echo header('Location: liked.html');
}
else
{
echo header('Location: notliked.html');
}
your can get the data from FB graph.
https://graph.facebook.com/me/likes/PAGE_ID_TO_CHECK?access_token=XYZ
you will not be able to get this data without the token.
I've been working on a way to determine if a user likes a particular page so a tab on that page can be fangated or not. I didn't want to prompt the user for authorization for user_likes, so I avoided the JS SDK and used the PHP SDK:
<?php
require 'src/facebook.php';
$app_id = "...";
$app_secret = "...";
$facebook = new Facebook(array('appId' => $app_id, 'secret' => $app_secret, 'cookie' => true));
$signed_request = $facebook->getSignedRequest();
$like_status = $signed_request["page"]["liked"];
/* testing response */
if ($like_status) {
/* liked content */
} else {
/* not liked content */
}
?>
My problem is signed_request is passed only when the code is on the FB tab--if I hit the PHP page outside of FB, I get nothing. I wondered if there's a way to get this user info outside of Facebook.com.
You can try saving the signed_request in a session or cookie so you can use it until it expires. After which, the user will have to come through the tab again to renew it. Naturally, if you are planning to use cookies, you should keep the signed_request decoded so no one can find and use the access_token from the cookie.
Sounds like this isn't really feasible outside of the Facebook tab. We've begun deploying our tabs in PHP in order to pull this data without an action on the user's part.
Thanks!
I'm trying to build an app that lets users vote in 4 different categories,
I want to save the User id so that I can make sure someone can only vote once.
I know you can get the user id when a user interacts with the tab, I've read something about fb_sig_profile_user but I don't know how to use this.
I've read a little about this on the facebook dev page but it isn't very clear.
If I understand correctly you can get the user id after a user clicks on something and the facebook tab does an ajax call.
Then at that moment you can grab the user id but I don't know how.
I have many Facebook page tabs that require the Facebook user id to ensure no duplicate entries are made for one user. What you have to do is step up a Facebook app. Configure it as a Page Tab app and put it on your Facebook page. Once it is there, then you do a Facebook login popup asking for user permissions. After that, you can use the SDK to query the current user to get their ID (or you can decode the signed_request form post parameter that facebook posts to your tab app). You can also do similar things in non-page tab apps wether it is a standalone website or a iFramed canvas app.
Facebook will make a POST request to your app with a signed_request parameter which, after you decode as described in the docs, will yield a hash of information such as the user's country.
If the user has authorized your app, then that same parameter will contain additional information such as the user's Facebook id.
//use this to get facebook user id
<?php session_start();?>
<?php require 'src/facebook.php';
$app_id = "your_app_id";
$app_secret = "your_secret_key";
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret
));
$canvas_page = "https://www.facebook.com/page_name/app_appid"; //this is you facebook app url
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page);
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo $data["user_id"];
$_SESSION['fbuser']=$data["user_id"];
}
?>
I am making an application and on the "front" page of the Tab I get the signed_request. But when I navigate to different pages on the app it stops providing the data.
So far this work:
$signed_request = $facebook->getSignedRequest();<br />
$user_profile = $facebook->api('/me');<br />
echo $user_profile['id'];<br />
echo $user_profile['name'];
echo $_SESSION['signed_request']; // Returns the data
But when I navigate to other pages, it doesn't give anything.
It looses everything. How can I keep the data from the signed_request? Do I need to use sessions in some way?
I've found that the signed request isn't always passed to each page, so I used the following to hold that myself in the session object. I set this on the login page before I redirect to other pages in my app:
if (!isset($_SESSION["SR"]))
$_SESSION["SR"] = $_REQUEST["signed_request"];
$signed_request = $_SESSION["SR"];
Hope that helps.
I've the following code in my iframe Facebook app
<?php
/* include the PHP Facebook Client Library to help
with the API calls and make life easy */
require_once 'facebook.php';
$appapikey = 'key here';
$appsecret = 'secret here';
$facebook = new Facebook($appapikey, $appsecret);
$facebook->require_frame();
$user_id = $facebook->require_login();
?>
The problem is that the app keeps loading and reloading.
Is my implementation wrong?
You haven't added any check there. Everytime its just doing login. You have to check that user is logged or not if user is not logged then you have to run this code else do the action. I guess you must be having fb php sdk,check its demo example. If you dont got it download from here.