How can U display different iframe app for fans and non-fans of a page without asking user about permissions like Static Iframe Tab app (http://www.facebook.com/iframehost) is doing?
Take a look at the data you get from facebook in the so called "signed request". There is a flag included that fits your needs (true if the user has liked the page, otherwise false).
here's the code for that signed request check:
$signed_request = $_REQUEST['signed_request'];
function parsePageSignedRequest(){
if (isset($_REQUEST['signed_request'])){
$encoded_sig = null;$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
return $data;
}
return false;
}
if($signed_request = parsePageSignedRequest()){
if($signed_request->page->liked) {
// put your "Liked Page Content Here"
} else {
// put your "Alternate" Page Content Here.
}
}
Related
I have seen a few similar questions but I think this is new...
I am trying to add a popover on a blog that will contain a Facebook like button for a Facebook page and wil only show if the user does not already like the Facebook page.
Reading through the documentation this should be achievable with the Graph API pages.isFan method but does this require the user to give permissions? If so would it be possible to not have the app request permissions but rather fail gracefully?
Any help much appreciated.
You can tell if a user likes a page from the signed_request which is sent in the request from facebook. You don't have to query the graph api.
We use c# and get it like so:
protected void Page_Load(object sender, EventArgs e)
{
Result = DecodePayload(Request["signed_request"]);
}
public JObject DecodePayload(string payload)
{
var encoding = new UTF8Encoding();
var decodedJson = payload.Split('.')[1].Replace("=", string.Empty).Replace('-', '+').Replace('_', '/');
var base64JsonArray = Convert.FromBase64String(decodedJson.PadRight(decodedJson.Length + (4 - decodedJson.Length % 4) % 4, '='));
Json = encoding.GetString(base64JsonArray);
var result = JObject.Parse(Json);
return result;
}
Then in the page
<% if (Result["page"] == null || Result["page"]["liked"] == null || !(bool) Result["page"]["liked"])
{%>
Content if liked
<%}%>
One more important thing as of the 30th March the page layout is changing to timeline and you should be aware of a bug currently that does not refresh the page upon liking it see this:
Does anyone know a fix for the lack of page refresh on facebook timeline pages when liking?
UPDATE
The php for decoding the signed request is:
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
How could i get the userid and name of a user who's visiting my facebook page or atleast after like my page? I've created a fan-gate i.e. one page for not fans and another page for those who liked my page. I wanted to display Thank you Mr. ABC
for fan gate mechanism I have used signed request.
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$liked=0;
if ($_REQUEST) {
$response = parse_signed_request($_REQUEST['signed_request'], FACEBOOK_SECRET);
$liked=$response[page][liked];
}
I can understand that Facebook disallows to access user information from page itself. But as I believe javascript and jquery are client side scripts and using this i could be able to fullfill my requirements. Eventhough I had no luck being success, the idea behind my concept is to access certain tag/selector and retrieve the content inside of parent window of facebook page frame container. i.e.
creating a jquery script to access parent window
Facebook's top menu contains small image thumbnail and Full Name of logged in user
using jquery's tag selector to retrieve the content of that html tag
This is not possible. You would have to create an application and prompt the user for permissions to access their account. Liking a page alone is not sufficient to figure out who the user is.
Finally I found an answer to my question and shared here. Make it useful for you also.
I have created a application and connected it to a fan page so that application content is loaded in that page.
To access user_id and name of user can only be accessed if user have authorized the application.
How application can be authorized at the same time as user have liked the page?
I mean that when user clicks on like page button application authorization dialog box should also appear. Or if i am wrong please suggest the right way.
--- EDIT ----
I am using php-sdk v3.1.1.
This isn't possible, the page like button is not connected in any way to your application.
What you can do is parse the signed_request parameter which is passed to your application to check if the user has liked the page, if he did you can then check if you can get the user object and redirect him to authorization if needed.
If you don't need the user id or any other extended features (such as posting to the wall) and just want to check if a user has liked the page you can just use the signed request and forget about the rest of the authorization.
You can decode the signed_request using your application secret key and the following function:
function parse_signed_request_outside($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode_outside($encoded_sig);
$data = json_decode(base64_url_decode_outside($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode_outside($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
In order to determine the like you need to do the following:
$secret = "SECRET KEY";
$decodedSignedRequest = parse_signed_request_outside($_REQUEST['signed_request'], $secret);
if ($decodedSignedRequest['page']['liked'] == 1){
{
// load content
}
Many Facebook app ask you "like" it before use it. How to implement it? Is there special API for it?
FBML pages have been deprecated and you can now only create iframe fan pages. When the user navigates to your page, Facebook sends a signed_request parameter that you will need to decode. This article has a walkthrough on how to do it.
function parsePageSignedRequest() {
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$data = json_decode(base64_decode(strtr($payload, '-_', '+/'), true));
return $data;
}
return false;
}
if($signed_request = parsePageSignedRequest()) {
if($signed_request->page->liked) {
echo "This content is for Fans only!";
} else {
echo "Please click on the Like button to view this tab!";
}
}
If your app is an iframe loaded in a Page tab signed_request can be used.
http://developers.facebook.com/docs/authentication/signed_request/
I was wondering how to access the custom fields people filled in after registering on your site with Facebook registration form.
I understand the usage of the PHP SDK environment a bit, and can access gender, name, etc. easily, but I have no idea how to do this with custom fields you yourself created.
I would prefer to receive an answer related to PHP SDK, but any is good.
thanks in advance!
Once the registration form is submitted, a signed_request holding ALL the data you need will be send back to your server on the URL you specify redirect_uri, how to "extract" these data is explained in the documentation (PHP Example reading signed_request section):
<?php
define('FACEBOOK_APP_ID', 'your_app_id');
define('FACEBOOK_SECRET', 'your_app_secret');
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
if ($_REQUEST) {
echo '<p>signed_request contents:</p>';
$response = parse_signed_request($_REQUEST['signed_request'],
FACEBOOK_SECRET);
echo '<pre>';
print_r($response);
echo '</pre>';
} else {
echo '$_REQUEST is empty';
}
?>