I'm beginner who try to create Facebook App. Here is the code:
<?php
$app_id = "xxx";
$canvas_page = "https://apps.facebook.com/xxx/";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=user_birthday";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo ("<p>Welcome. Your Facebook ID is " . $data["user_id"] . "</p>");
if (isset($_POST['salary'])) {
echo "<p>You wrote salary: " . $_POST['salary'] . "</p>";
}
else {
echo "<p>You didn't wrote salary.</p>";
};
echo "<form method='post' action='$canvas_page'>";
echo "<input type='text' name='salary'>";
echo "<input type='submit'>";
echo "</form>";
}
?>
Why the result always show "You didn't wrote salary".
That code does actually work on my canvas, so the problem must be with the auth url. Briefly:
if this condition:
if (empty($data["user_id"]))
gets to be true, what you will have will be the user redirected to the auth url and after that back to your canvas page.
You can check if this happens looking at the url: if there is a code=something attached to the end of the url it means that the user has been redirected, doing this obviously you lose the while _POST content.
You could just in case have a print_r or var_dump of $data to be sure that it is actually filled with something.
Bye =)
EDIT 14.10.11: Actually your code is right, there's nothing wrong in it, so the sample code is your own code
Related
I tried this code to post wall
<?php
$app_id = "XXXXXXXX";
$canvas_page = "XXXXXXXX";
$message = "My story";
$feed_url = "http://www.facebook.com/dialog/feed?app_id="
. $app_id . "&redirect_uri=" .urlencode($canvas_page) . "&message=" . $message;
if (empty($_REQUEST["post_id"])) {
echo("<script> top.location.href='" . $feed_url . "'</script>");
} else {
echo ("Feed Post Id: " . $_REQUEST["post_id"]);
}
?>
But I really want to post wall like this:
Someone can give me an example?please!
That image shows a pop-up that looks like a Facebook dialog, but is actually designed by the app developers so it would something you would build yourself.
P.S: I suggest trying to use https://developers.facebook.com/docs/reference/dialogs/feed/ instead of your current method.
I have the scrips that redirect to the facebook's oauth dialog and need a user_checkins permission
<?php
session_start();
$app_id = "[APP_ID]";
$app_secret = "[APP_SECRET]";
$my_url = "(back to this page)";
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state']."&scope=user_checkins" ;
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = #file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?fields=checkins&access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo "<pre>";
print_r($user);
echo "</pre>";
} else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
dialog display only
THIS APP WILL RECEIVE:
■ Your basic info
but it should have one more line with checkins permission, isn't it?
so, i try to use the Graph API Explorer.
First i test with my APP, the result is the same,
still can't get user_checkins permission
But if i change the "Application:" section to Graph API Explorer and test again,
Everything seems to be OK..
So, I think it's cause of my APP settings.. or something..
Could you please suggest me how to fix this ?
By the looks of it, I would say Facebook has deprecated the user_checkins and friends_checkins permissions and rolled them into user_status and friends_status.
Anyway, request the user_status permission instead, and you will now be able to read the user's checkins.
there is an option to get the checkins. facebook have given other option to this.
http://developers.facebook.com/docs/reference/api/user/#posts
You can get the checkins with
https://graph.facebook.com/me/posts?with=location
I am new to the facebook graph API ,but I know the basics. Now I need help from you all about how to read user wall posts and others who posted on the wall of any user, with read_stream. But I don't know how to call it. I tried some way but I was able to read just the name and basic info. I need help in reading objects. Please help me!!!
<?php
define('FACEBOOK_APP_ID', 'xxxxxx');
define('FACEBOOK_SECRET', 'xxxxxx');
function get_facebook_cookie($app_id, $application_secret) {
$args = array();
parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
ksort($args);
$payload = '';
foreach ($args as $key => $value) {
if ($key != 'sig') {
$payload .= $key . '=' . $value;
}
}
if (md5($payload . $application_secret) != $args['sig']) {
return null;
}
return $args;
}
$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:fb="http://www.facebook.com/2008/fbml">
<body>
<?php
echo 'Your Facebook ID: '.$cookie;
if ($cookie) {
//cookie is set, user is logged in
$user = json_decode(file_get_contents('http://graph.facebook.com/'.$cookie['uid']));
//Display the facebook user ID, name, gender and Facebook URL in the web browser
echo '<br />';
echo 'Your Facebook ID: '.$user->{'id'};
echo '<br />';
echo 'Your name: '.$user->{'name'};
echo '<br />';
echo 'Your gender: '.$user->{'gender'};
echo '<br />';
echo 'Your Facebook URL: '.$user->{'link'};
echo '<br />';
echo '<img src="http://graph.facebook.com/'.$user->{'id.'/picture" alt="'.$user-> {'name'}.'"/>';
echo '<br />';
echo '<fb:login-button autologoutlink="true"></fb:login-button>';
}
else
{
//user is not logged in, display the Facebook login button
echo '<h2>Facebook Application Test page</h2>';
echo '<br />';
echo' message somethng';
</body>
</html>
First of all you must take permission from your users
$url = "https://graph.facebook.com/oauth/authorize?"
."client_id=".$app_id."&"
."redirect_uri=http://apps.facebook.com/".$app_name."/&scope=read_stream";
<script language="javascript">window.open('<?php echo $url ?>', '_parent', '');</script>
Then you can get user's wall. There is an example here.
if(isset($_GET["code"])){
if(isset($_REQUEST['state']) == isset($_SESSION['state'])) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . "http://apps.facebook.com/".$app_name."/"
. "&client_secret=" . $app_secret . "&code=" . $_GET["code"];
$response = #file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/".$user_id."/feed/?access_token=".$params['access_token'];
$user = json_decode(file_get_contents($graph_url));
foreach($user as $feeds)
{
foreach($feeds as $feed)
{
if(isset($feed->link))
{
echo $feed->link."<br>";
}
}
}
}
}
I followed the steps here
And my application doesn't redirect the user
$app_id = APP_ID;
$canvas_page = APP_LINK;
$auth_url = "http://www.facebook.com/dialog/oauth?client_id=". $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email,read_stream";
echo "<script> top.location.href='" . $auth_url . "'</script>";
PS: I was successful in redirecting the user with <fb:redirect> but since FBML will not be supported in some months, I want to find another way and "top.location.href" should be works :(
you probably need a semicolon to get the code to execute. Also, the equals sign is necessary. (Thanks David Barker)
$app_id = APP_ID;
$canvas_page = APP_LINK;
$auth_url = "http://www.facebook.com/dialog/oauth?client_id=". $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email,read_stream";
echo "<script> top.location.href='" . $auth_url . "';</script>";
What do you get when you do this:echo "<script> alert('".$auth_url."');</script>";?
Also, and easier way to do this in PHP is like this:
$app_id = APP_ID;
$canvas_page = APP_LINK;
$auth_url = "http://www.facebook.com/dialog/oauth?client_id". $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email,read_stream";
echo <<<EOT
<script>
top.location.href="$auth_url";
//checking the value of auth_url to see if that is the reason redirect is not happening.
if (window.console) {
console.log("$auth_url");
} else {
alert("$auth_url");
}
</script>
EOT;
Using heredoc syntax you will not have to escape anything, you can use single and doublequotes within, and variables are intrinsically replaced in your string. ;)
At the bottom is a working example of server side flow. It is a file fb_server_side_flow.php that I prepared from a template I found on developers.facebook.com. My first question is what exactly is $code = $_REQUEST["code"]; doing? Is it getting a Facebook cookie? If so how is $code = $_REQUEST["code"]; different from the code directly below? Is it really necessary to use session_start at towards the top of fb_server_side_flow.php?
Mainly I am trying to implement a system that gives my user an OPTION to login via Facebook but a login via Facebook is not a requirement. Is there any documentation available on implementing a login via Facebook OPTION as opposed to a required login via Facebook?
Thank you!
....
function get_facebook_cookie($app_id, $app_secret) {
$args = array();
parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
ksort($args);
$payload = '';
foreach ($args as $key => $value) {
if ($key != 'sig') {
$payload .= $key . '=' . $value;
}
}
if (md5($payload . $app_secret) != $args['sig']) {
return null;
}
return $args;
}
$cookie = get_facebook_cookie(YOUR_APP_ID, YOUR_APP_SECRET);
....
fb_server_side_flow.php
<?php
$app_id = "****";
$app_secret = "****";
$my_url = "http://www.sepserver.net/dsg/fb_server_side_flow.php";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
The first block of code is for retrieving Facebook cookie parameters for users who are already authorized and logged in.
The second block of code is for letting the user authorize your application (oauth) AND for retrieving an access_token your application can use to make API (FB Graph) calls on the user's behalf.
$_REQUEST relates to POST or GET parameters, not cookies. If you check the docs on authentication flow, you can see that Facebook redirects the user to http://your_redirect_uri?code=1234abcd after the user has approved your application. You're supposed to grab that code parameter and use it to make another call to graph.facebook.com to get the user's access_token.
The purpose of session_start() is to prepare the $_SESSION array, so that $_SESSION['state'] is preserved across page reload. If your framework already has session handling code, you can omit it. It's only used for the CSRF protection bit.
Optional login is pretty straightforward. If you're using the new PHP SDK, you can check the return value of $facebook->getUser(); -- if it's 0, the user is not logged in (and you can show content as normal, with perhaps an additional link to fb_server_side_flow.php to begin the authorization procedure.)