I'm trying to build an app that lets users vote in 4 different categories,
I want to save the User id so that I can make sure someone can only vote once.
I know you can get the user id when a user interacts with the tab, I've read something about fb_sig_profile_user but I don't know how to use this.
I've read a little about this on the facebook dev page but it isn't very clear.
If I understand correctly you can get the user id after a user clicks on something and the facebook tab does an ajax call.
Then at that moment you can grab the user id but I don't know how.
I have many Facebook page tabs that require the Facebook user id to ensure no duplicate entries are made for one user. What you have to do is step up a Facebook app. Configure it as a Page Tab app and put it on your Facebook page. Once it is there, then you do a Facebook login popup asking for user permissions. After that, you can use the SDK to query the current user to get their ID (or you can decode the signed_request form post parameter that facebook posts to your tab app). You can also do similar things in non-page tab apps wether it is a standalone website or a iFramed canvas app.
Facebook will make a POST request to your app with a signed_request parameter which, after you decode as described in the docs, will yield a hash of information such as the user's country.
If the user has authorized your app, then that same parameter will contain additional information such as the user's Facebook id.
//use this to get facebook user id
<?php session_start();?>
<?php require 'src/facebook.php';
$app_id = "your_app_id";
$app_secret = "your_secret_key";
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret
));
$canvas_page = "https://www.facebook.com/page_name/app_appid"; //this is you facebook app url
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page);
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo $data["user_id"];
$_SESSION['fbuser']=$data["user_id"];
}
?>
Related
I've been working on a way to determine if a user likes a particular page so a tab on that page can be fangated or not. I didn't want to prompt the user for authorization for user_likes, so I avoided the JS SDK and used the PHP SDK:
<?php
require 'src/facebook.php';
$app_id = "...";
$app_secret = "...";
$facebook = new Facebook(array('appId' => $app_id, 'secret' => $app_secret, 'cookie' => true));
$signed_request = $facebook->getSignedRequest();
$like_status = $signed_request["page"]["liked"];
/* testing response */
if ($like_status) {
/* liked content */
} else {
/* not liked content */
}
?>
My problem is signed_request is passed only when the code is on the FB tab--if I hit the PHP page outside of FB, I get nothing. I wondered if there's a way to get this user info outside of Facebook.com.
You can try saving the signed_request in a session or cookie so you can use it until it expires. After which, the user will have to come through the tab again to renew it. Naturally, if you are planning to use cookies, you should keep the signed_request decoded so no one can find and use the access_token from the cookie.
Sounds like this isn't really feasible outside of the Facebook tab. We've begun deploying our tabs in PHP in order to pull this data without an action on the user's part.
Thanks!
I have created a Page Tab Facebook App where I want to display different content depending on the user being a fan or not. (Also called fan gate, landing page or reveal page)
For this I'm using the PHP SDK, in specific the following code:
<?php
require 'src/facebook.php';
$facebook = new Facebook(array(
'appId' => 'APP_ID',
'secret' => 'APP_SECRET',
'cookie' => true,
));
?>
And in the content:
<?php
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {?>
Thank you for liking our Page!
<?php } else { ?>
You haven't liked our page yet..
<?php };
// Debugging Code
echo "REQUEST:<br>";
print_r($_REQUEST);
echo "<br>GET:<br>";
print_r($_GET);
echo "<br>POST:<br>";
print_r($_POST);
?>
This works when I'm logged in with my Facebook User and when I use it on my own Page.
Meaning the signed_request is present in both $_POST and $_REQUEST.
However, when I test it with another user, there is no signed_request value in those variables..
Notes:
- I already took a look at my URL Settings in the App Configuration (300 Redirect and stuff) but this looks fine, and like I said with my User it's working..
- the signed_request is not just empty, it doesn't even exist.
Does anybody have similar issues?
I would not mind using the Javascript SDK instead of PHP if it works then, but I'm not very experienced in Javascript.
EDIT:
As i found out you always have to have a non-secure (http) and a secure (https) URL.
Even if you enter a secure URL as the standard URL, facebook will contact it using http and will then get redirected (depends on server configuration) to the https, which makes you lose your signed_request.
I just had a similar problem. In my case the problem was that in the app config i had not put a slash at the end of the tab URL which was referencing a directory (with an index.php in it). So i got a redirect to the same URL with a slash at the end and lost the $_POST this way.
signed_request is never passed via GET but POST. $_REQUEST contain data according to configuration in php.ini (request_order or variables_order)
Since you are using PHP-SDK it's better to use it for signed_request retrieval:
$signed_request = $facebook->getSignedRequest();
$liked = $signed_request['page']['liked'];
For applications running in Page Tab signed_request is always passed, so if you not get it ensure there is no redirections that omit POST data being passed.
I'm trying to replicate the same functionality as someone else has already achieved on this page here:
http://www.facebook.com/PowerPhotoUploader?sk=app_152884604799537
am not bothered about the forced like fangate part, can do that no probs.
I need to achieve this without requesting any user perms the same way they have
I've got close, but not quite right yet.
Have created a test album on this page: http://www.facebook.com/pages/Demo-Album-Upload/227979503931257?sk=app_153866511376478
The code I have is uploading my specified image, however it is ignoring the album id I input and instead, uploading to an album on my own profile.
Code so far is:
<?php
$app_id = "XXXXXXXXXXX";
$app_secret = "XXXXXXXXXXXX";
require 'facebook.php';
$facebook = new Facebook(array( 'appId' => $app_id, 'secret' => $app_secret, 'cookie' => true, 'fileUpload' => true,));
$signed_request = $facebook->getSignedRequest();
//print_r ($signed_request);
$page_id = $signed_request["page"]["id"];
//Upload To Page Album
$facebook->setFileUploadSupport(true);
$album_id ='59125';
$file_path ='image2.gif';
$args = array('message' => 'Photo Caption');
$args['image'] = '#' . realpath($file_path);
$data = $facebook->api('/'.$album_id.'/photos', 'post', $args);
print_r($data);
?>
Have already read through a lot of forum material, have set the filuploadsupport, set file upload to true, but most of the info I can find so far reuires perms & access token, however sample above has managed to achieve with neither - any thoughts?
Regards Tony
Tony the trick here is that you only need one access token, not a new one for each user. The idea is that the user is not posting to the page, you are posting to the page, so you do not need an access token from the user. However since this is a secure call to Facebook you still need to provide an access token that has the ability to publish to the page.
The simplest route to get an access token that you can use would be to manually give the application the manage_pages and offline_access permissions for your account. Then just grab the access token for for your account and use it for all calls.
I am attempting a test app to learn on facebook. I am using this code from the facebook developer page:
<?php
$app_id = "YOUR_APP_ID";
$canvas_page = "YOUR_CANVAS_PAGE_URL";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page);
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo ("Welcome User: " . $data["user_id"]);
}
?>
When I run this I get:
Message: Undefined index: signed_request
I am using this in Codeigniter. I have no idea if that matters.. When I run this it uses the $auth_url and return:
http://mydomain.com/responsepage?code=biglongstring
so I know I am getting to facebook and getting something...
In that string url returned is a variable named "code." I tried to change the $_REQUEST object to look for "code" but it gives the same error.
It does redirect me back to my response page after it briefly displays the error because the "user_id" element is empty. It is empty because signed_request is not present in the url sent back.
What am I doing wrong? It should go to facebook, ask for me to allow the app, display the user_id. For some reason the signed_request just isn't there.
Thank you.
EDIT: I'm looking at this again. Where does it ever actually go out and use that URL?
EDIT: If I use the $auth_url manually, pasting it in the address of the browser it redirects back to my response page with no problem. Of course, I did not see a variable named signed_request, just "code" so I don't know what's going on.
Okay it seems that you are using your Canvas URL in the $canvas_page variable which is wrong. You need to use the Canvas Page which is something like: http://apps.facebook.com/appnamespace
This way, your app will open inside the iframe and Facebook will be able to send you the signed_request
Make sure that you have "signed_request for Canvas" enabled in settings->advanced->migrations
Then you should get the signed_request via $_POST.
I've the following code in my iframe Facebook app
<?php
/* include the PHP Facebook Client Library to help
with the API calls and make life easy */
require_once 'facebook.php';
$appapikey = 'key here';
$appsecret = 'secret here';
$facebook = new Facebook($appapikey, $appsecret);
$facebook->require_frame();
$user_id = $facebook->require_login();
?>
The problem is that the app keeps loading and reloading.
Is my implementation wrong?
You haven't added any check there. Everytime its just doing login. You have to check that user is logged or not if user is not logged then you have to run this code else do the action. I guess you must be having fb php sdk,check its demo example. If you dont got it download from here.