For some odd reason, i do not receive a "signed_request" when using IE. If i use the same application in firefox/chrome i get the signed request! has anyone had this problem and is there a solution.
I tried to search it up, but i can never get anything close to what i am asking (signed_request usually just takes over search and i get a bunch of documentation on how to parse it).
So i decided, well this is strange!
<?php print_r($_POST) // or request ?>
I made this as a page. In FF and Chrome, both give me the post information, but IE does not give me anything... just
Array( )
Thanks!
signed request is the included for case where user access your content via facebook. That should be signed to the server... and therefore it should not depends on the client browser. check you code to see if you have done something like redirecting the request when the session / user is invalid.
A solution that worked for me was to put this header in my tab page:
<?php
header('P3P: CP="CAO PSA OUR"');
header('P3P: CP="HONK"');
?>
I've found this solution here: http://hasin.me/2011/09/30/story-about-blue-e-iframed-web-application-wastage-of-6-hours-and/
Related
This self answer is the result of agonizing over the deprecated facebook sharer url based api, which kept refusing to post the URL I had setup through the sharer URL format. The resultant response was the following no matter what privacy setting I set:
{
"__ar":1,
"error":1367001,
"errorSummary":"Could not post to Wall",
"errorDescription":"The message could not be posted to this Wall.",
"payload":null,
"bootloadable":{},
"ixData":[]
}
My mess of code. (Yes it breaks every convention known to web development and yes I inherited this code.)
<?php
$url = urlencode(Domain::getDomain()."/".$details['urlname']);
$title=urlencode($details['name']);
$summary=$details['name'];
$image=urlencode(constant('BASE_IMAGES').'/'.$details['gallery']['listing'][0]['thumb']['src']);
?>
<a onClick="window.open('http://www.facebook.com/sharer.php?s=100&p[title]=<?php echo $title;?>&p[summary]=<?php echo $summary;?>&p[url]=<?php echo $url; ?>&p[images][0]=<?php echo $image;?>','sharer','toolbar=0,status=0,width=548,height=325'); return false" href="javascript: void(0)"><img src="/site/images/icon-facebook.png" alt="Facebook" border="0"></a>
The official question is as follows: Why does the sharer method of sharing links in facebook result in this error?
For my case, this was because I had not included the fully qualified URL including the protocol. My PHP generated URL was a mess of concatenation and did not include the protocol. After adding it, the post went through.
I had to change the second line listed above to
$url = urlencode('http://'.Domain::getDomain()."/".$details['urlname']);
There could be more reasons why Facebook throws this 1367001 Error, but this is at least one thing to check.
Yes, Please start your Url with http://
eg : http://www.google.com
May be there might be Url validations been performed at their (FB's)end hence start with Protocol name and end with domain name (com,co.in, ie)
This fixed my issue :)
I am trying to access Soundcloud from a local HTML page on my laptop. I am stuck at the part of hosting "callback.html" as a redirect_uri. The script I am trying to run is the basic Authenication JavaScript from the Soundcloud documentation page:
<script src="http://connect.soundcloud.com/sdk.js"></script>
<script>
// initialize client with app credentials
SC.initialize({
client_id: 'my_client_id',
redirect_uri: 'http://127.0.0.1/Users/Maria/Documents/SoundcloudClient/callback.html'
});
// initiate auth popup
SC.connect(function() {
SC.get('/me', function(me) {
alert('Hello, ' + me.username);
});
});
</script>
This script gets me to the connect pop-up when I launch the page in Chrome and Firefox.
But, once I have logged in as a Soundcloud user, I get the following error:
Oops! Google Chrome could not connect to 127.0.0.1
If I change my redirect_uri to localhost I get the same error.
If I try:
files:///C:/Users/Maria/Documents/SoundcloudThinClient/callback.html
I get a similar error.
I also tried:
ocalhost:3000
and:
localhost:8080
even though I'm not sure what would be listening on those ports.
So, basically, I'm asking what path do I put for callback.html in order for this to work?
I confess I don't know how the redirct_uri actually functions. I looked at the Oauth pages for it, but I don't understand them. I am beginning to think that I can't simply create an HTML page, paste the JavaScript, create a callback.html file and have this work, even though the SC documentation seems to say that this is possible. If so, what steps am I missing?
I am beginning to attempt this. I believe you have to go to the developer site and sign up as having an app. The redirect uri is asked for and the form gives you an API key you can use in your app.
I'm using drupal so, perhaps adding the oath module and using Php to add the api key might work well.
I had the same problem and I think I solved it.
Morning-after-edit: I posted this dead-tired after working towards a solution through the night. Now, the day after, I realize that you were speaking about the general problem, whereof I face a very particular instance. The following only applies directly to registering soundcloudlabs' soundcloud-group-recorder: https://github.com/soundcloudlabs/soundcloud-group-recorder. There is probably a more general principle lurking behind there, though:
First: yes, you do have to register the app as your own at Soundcloud. At least I presumed so. And doing that, you must register correctly where on your server you will place the callback.html file. Take the ClientID assigned to your app and use that in the API intialize procedure.
Now, I'm a novice and know very little coding. But I started looking around in the main file, application.js.
At the top of the file there are two instances of client_id and redirect_uri each. I'm not sure if that serves a purpose or if one is technically superfluous. Through trial and error I found out that replacing the second instance of each with my own data worked.
Then there is groupId and groupUrl, both of which should contain your info, within quotation marks.
After a lot of trial and error, still having trouble getting the thing to run, I looked around and saw that, whereas early in the file, client_id was hooked within SC.initialize, redirect_uri was not. Under the line:
client_id: CLIENT_ID
I added:
redirect_uri: REDIRECT_URI
– with a customary comma in between. And that's it. It runs.
I need some help troubleshooting.
I've just upgraded my 1.3 site to 2.0 (with the intent of going on to 2.1). I get the actual page running, content is read from DB etc, but I cannot log in to the admin panel!
Just to make sure I didn't forget the password I did
<?php echo sha1('password' . 'salt'); ?>
Taking the salt from the DB, and the output is the same as is stored in the DB. But still I cannot log in. The log in prompt just reloads, no error message or anything. Any ideas?
I've also tried clearing cache/sessions/etc, and even a different browser to no affect.
Crossposted from the PyroCMS forum: https://www.pyrocms.com/forums/topics/view/19323
OK, since there doesn't seem to be any good suggestions found either here or on the PyroCMS forums and my site is very small content wise I decided to just wipe everything and do a clean install of the latest build instead.
Not a very good solution for future reference, but it will have to do.
From my checklist (it's been a while since I had this happen to me):
If you didn't get an incorrect password error, it may well be you were just being redirected back to the login page before the details were even checked. You can run into issues with enabling the 'Remove index.php from URL' in .htaccess - in /system/cms/config/config.php try changing
$config['index_page'] = 'index.php';
to $config['index_page'] = '';
or (as you've hinted):
clear the contents of default_ci_sessions table
clear the cookies for the domain (a quicker way is to just open a new Google Incognito window which won't have any cookies).
Also - you can initiate a password reset for the admin password using the ordinary user login form if you or someone else does ever forget it (don't though).
When sharing one of my pages on FB, I want to display something different. Problem is, I prefer not to use the og: elements, but to recognize FB user-agent.
What is it? I can't find it.
For list of user-agent strings, look up here. The most used, as of September 2015, are facebookexternalhit/* and Facebot. As you haven't stated what language you're trying to recognize the user-agent in, I can't tell you more information. If you do want to recognize Facebook bot in PHP, use
if (
strpos($_SERVER["HTTP_USER_AGENT"], "facebookexternalhit/") !== false ||
strpos($_SERVER["HTTP_USER_AGENT"], "Facebot") !== false
) {
// it is probably Facebook's bot
}
else {
// that is not Facebook
}
UPDATE: Facebook has added Facebot to list of their possible user-agent strings, so I've updated my code to reflect the change. Also, code is now more predictible to possible future changes.
"Facebook's user-agent string is facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)..."
Hi
Small, yet important, correction -> Facebook external hit uses 2 different user agents:
facebookexternalhit/1.0 (+http://www.facebook.com/externalhit_uatext.php)
facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Setting you fitler to 1.1 only may cause filtering issues with 1.0 version.
For more information about Facebook Bot (and other bots) please refer to Botopedia.org - a Comunity-Sourced bot directory, powered by Incapsula.
Besides user-agent data, the directory also offers an IP verification option, allowing you to cross-verify an IP/User-Agent, thus helping to prevent impersonation attempts.
Here are the Facebook crawlers User Agent:
FacebookExternalHit/1.1
FacebookExternalHit/1.0
or
facebookexternalhit/1.0 (+http://www.facebook.com/externalhit_uatext.php)
facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Note that the version numbers might change. So use a regular expression to find the crawler name and then display your content.
Update:
You can use this code in PHP to check for Facebook User Agent
if(preg_match('/^FacebookExternalHit\/.*?/i',$agent)){
print "Facebook User-Agent";
// process here for Facebook
}
Here is ASP.NET code. You can use this function to check if the userAgent is Facebook's useragent.
public static bool IsFacebook(string userAgent)
{
userAgent = userAgent.ToLower();
return userAgent.Contains("facebookexternalhit");
}
Note:
Why would you need to do that? When you share a link to your site on Facebook, facebook crawls it and parses it to get some data to display the thumbnail, title and some content from your page, but it would link back to your site.
Also, I think this would lead to cloaking of the site, i.e. displaying different data to user and the crawlers. Cloaking is not considered a good practice and may search engines and site take note of it.
Update: Facebook also added a new useragent as of May 28th, 2014
Facebot
You can read more about the facebook crawler on https://developers.facebook.com/docs/sharing/webmasters/crawler
Please do note that sometimes the agent is visionutils/0.2 . You should check for it too.
Facebook User-Agents are:
FacebookExternalHit/1.1
FacebookExternalHit/1.0
facebookexternalhit/1.0 (+http://www.facebook.com/externalhit_uatext.php)
facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
facebookexternalhit/1.0 (+https://www.facebook.com/externalhit_uatext.php)
facebookexternalhit/1.1 (+https://www.facebook.com/externalhit_uatext.php)
I'm using the code below to detect FB User-Agent in PHP and it works as intended:
$agent = $_SERVER['HTTP_USER_AGENT'];
if(stristr($agent, 'FacebookExternalHit')){
//Facebook User-Agent
}else{
//Other User-Agent
}
Short solution is to check pattern, and not to load all the mess to user each time
<?php
# Facebook optimized stuff
if(strstr($_SERVER['HTTP_USER_AGENT'],'facebookexternalhit')) {
$buffer.='<link rel="image_src" href="images/site_thumbnail.png" />';
}
?>
In the perspective of user-agent modifications on FB side, it is maybe safer to use a regex like that :
<?php
if (preg_match("/facebook|facebot/i", $_SERVER['HTTP_USER_AGENT'])){
do_something();
}
?>
You can find more information about Facebook crawler on their doc: https://developers.facebook.com/docs/sharing/webmasters/crawler
And if you want to block facebook bot from accessing your website (assuming you're using Apache) add this to your .htaccess file:
<Limit GET POST>
BrowserMatchNoCase "Feedfetcher-Google" feedfetcher
BrowserMatchNoCase "facebookexternalhit" facebook
order deny,allow
deny from env=feedfetcher
deny from env=facebook
</Limit>
It also blocks google's feedfetcher that also can be used for cheap DDoSing.
Firstly you should not use in_array as you will need to have the full user agent and not just a subset, thus will quickly break with changes (i.e. version 1.2 from facebook will not work if you follow the current preferred answer). It is also slower to iterate through an array rather than use a regex pattern.
As no doubt you will want to look for more bot's later so I've given the example below with 2 bot names split in a pattern with the pipe | symbol. the /i at the end makes it case insensitive.
Also you should not use $_SERVER['HTTP_USER_AGENT']; but you should filter it first incase someone has been a little nasty things exist in there.
$pattern = '/(FacebookExternalHit|GoogleBot)/i';
$agent = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT', FILTER_SANITIZE_ENCODED);
if(preg_match($pattern,$agent)){
echo "found one of the patters";
}
A bit safer and faster code.
You already have the answer for Facebook above, but one way to get any user agent is to place a script on your site that will mail you when there is a visit to it. For example, create this file on your domain at, say, https://example.com/user-agent.php :
<?php
mail('you#youremail.com', 'User Agent', $_SERVER['HTTP_USER_AGENT']);
Then, visit Facebook, and type the link to the script there, and hit space bar. You don't actually have to share anything, just typing the link in and a space will cause Facebook to fetch a preview. You should then get an email with Facebook's user agent.
Another generic approach in PHP
$agent = $_SERVER['HTTP_USER_AGENT'];
$agent = trim($agent);
$agent = strtolower($agent);
if (
strpos($agent,'facebookexternalhit/1.1')===0
|| strpos($agent,'facebookexternalhit/1.0')===0
){
//probably facebook
}else{
//probably not facebook
}
I have a toy facebook app I'm playing with so I can understand how it all works. It's fine if you go the the app like this: http://apps.facebook.com/pushup-challenge/ (and connect it). But if you then go to it from your facebook page, FB uses the URL http://apps.facebook.com/pushup-challenge/?ref=bookmarks.
In my log file, I see that FB is POSTing the data and including the /?ref=bookmarks to it's call to my codeigniter system. This is causing it to either say "invalid URI parameters" or give me a 404, depending on if I've edited the system/core/URI.php file to add rawurlencode() to a particular call.
I've tried using mod_rewrite to get rid of the query_string, too, but since it's POSTing, it doesn't appear to be working (though I'm not exactly sure why).
Has anyone else run into this? How did you fix it?
Thanks in advance,
Hans
try $config['uri_protocol'] = “PATH_INFO”; and set enable_query_strings = TRUE
or
set
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-?=';
in config.php
Because it isn't calling your file by name (just ?ref=bookmarks) the server runs thru the standard default files: index.htm, index.html, index.asp. Because you need to accept a POST, you need a server that allows POSTs to htm & html if you choose to use those. Index.asp will accept POSTs on most servers, and that works for me.
SOLUTION: Add a file (index.asp), that calls the real app that you named in the App settings.