I've the following code in my iframe Facebook app
<?php
/* include the PHP Facebook Client Library to help
with the API calls and make life easy */
require_once 'facebook.php';
$appapikey = 'key here';
$appsecret = 'secret here';
$facebook = new Facebook($appapikey, $appsecret);
$facebook->require_frame();
$user_id = $facebook->require_login();
?>
The problem is that the app keeps loading and reloading.
Is my implementation wrong?
You haven't added any check there. Everytime its just doing login. You have to check that user is logged or not if user is not logged then you have to run this code else do the action. I guess you must be having fb php sdk,check its demo example. If you dont got it download from here.
Related
I've been working on a way to determine if a user likes a particular page so a tab on that page can be fangated or not. I didn't want to prompt the user for authorization for user_likes, so I avoided the JS SDK and used the PHP SDK:
<?php
require 'src/facebook.php';
$app_id = "...";
$app_secret = "...";
$facebook = new Facebook(array('appId' => $app_id, 'secret' => $app_secret, 'cookie' => true));
$signed_request = $facebook->getSignedRequest();
$like_status = $signed_request["page"]["liked"];
/* testing response */
if ($like_status) {
/* liked content */
} else {
/* not liked content */
}
?>
My problem is signed_request is passed only when the code is on the FB tab--if I hit the PHP page outside of FB, I get nothing. I wondered if there's a way to get this user info outside of Facebook.com.
You can try saving the signed_request in a session or cookie so you can use it until it expires. After which, the user will have to come through the tab again to renew it. Naturally, if you are planning to use cookies, you should keep the signed_request decoded so no one can find and use the access_token from the cookie.
Sounds like this isn't really feasible outside of the Facebook tab. We've begun deploying our tabs in PHP in order to pull this data without an action on the user's part.
Thanks!
I am trying to implement the Facebook Login and Logout in my website.
I am using the Facebook PHP SDK.
The code i am using is as follows :
Login
$facebook = new Facebook(array('appId' => APP_ID,
'secret' => APP_SECRET
));
$param = array();
$param["scope"] = array("email","offline_access","publish_stream");
$loginUrl = $facebook->getLoginUrl($param);
Logout
$logoutUrl = $facebook->getLogoutUrl();
The problem is logout url is not being able to logout the facebook user.
When i remove the "offline_access" from the scope parameters the logout Url is working fine.
I have also implemented the above scope in the example.php file in the PHP SDK and the result was the same.
Can anyone provide any help.
I found out my problem. After logging in from Facebook I called the function $facebook->destroySession(); and after that, called the function $facebook->getLogoutUrl();.
Because of the destroySession() function the access_token returned from Facebook got lost and my logout URL generated from the getLogoutUrl() function could not log out the user from Facebook.
After removing the destroySession() function my code is working fine.
I think the problem might be that you are not clearing the session cookie after you log the user out of FB.
1) download the latest php sdk.
2) Make sure you specify the 'domain' parameter when you create the $facebook object.
3) Before you redirect the user to FB logout, clear their session with
$facebook->setSession(null); - alternatively, you can use FB.logout() in the javascript SDK.
Update:
as you are specifying appId and key, also give 'domain' as your domain name.
Examples of setSession:
example1
I have created a Page Tab Facebook App where I want to display different content depending on the user being a fan or not. (Also called fan gate, landing page or reveal page)
For this I'm using the PHP SDK, in specific the following code:
<?php
require 'src/facebook.php';
$facebook = new Facebook(array(
'appId' => 'APP_ID',
'secret' => 'APP_SECRET',
'cookie' => true,
));
?>
And in the content:
<?php
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {?>
Thank you for liking our Page!
<?php } else { ?>
You haven't liked our page yet..
<?php };
// Debugging Code
echo "REQUEST:<br>";
print_r($_REQUEST);
echo "<br>GET:<br>";
print_r($_GET);
echo "<br>POST:<br>";
print_r($_POST);
?>
This works when I'm logged in with my Facebook User and when I use it on my own Page.
Meaning the signed_request is present in both $_POST and $_REQUEST.
However, when I test it with another user, there is no signed_request value in those variables..
Notes:
- I already took a look at my URL Settings in the App Configuration (300 Redirect and stuff) but this looks fine, and like I said with my User it's working..
- the signed_request is not just empty, it doesn't even exist.
Does anybody have similar issues?
I would not mind using the Javascript SDK instead of PHP if it works then, but I'm not very experienced in Javascript.
EDIT:
As i found out you always have to have a non-secure (http) and a secure (https) URL.
Even if you enter a secure URL as the standard URL, facebook will contact it using http and will then get redirected (depends on server configuration) to the https, which makes you lose your signed_request.
I just had a similar problem. In my case the problem was that in the app config i had not put a slash at the end of the tab URL which was referencing a directory (with an index.php in it). So i got a redirect to the same URL with a slash at the end and lost the $_POST this way.
signed_request is never passed via GET but POST. $_REQUEST contain data according to configuration in php.ini (request_order or variables_order)
Since you are using PHP-SDK it's better to use it for signed_request retrieval:
$signed_request = $facebook->getSignedRequest();
$liked = $signed_request['page']['liked'];
For applications running in Page Tab signed_request is always passed, so if you not get it ensure there is no redirections that omit POST data being passed.
How can I hide this "?state=...&code=..." in the address after logging in using php sdk 3.1.1
Check for
if(isset($_GET['code'])){
$user = $facebook->getUser();
$access_token = $facebook->getAccessToken();
}
Facebook returns userID only after the login and that code.
You can name a folder "facebook" and put the auth code and probably a session saver or cookie.
Then you can use the session to store the info and proceed on the other sites without getting the state and code parameters in the url.
I think that will work because a norwegian site use this, and it works pretty great.
Good luck :)
Molty
Facebook will send you code every time user sign up you app or login to your app. So what i do is redirect/reload again
if (isset($_Get['code']) and $_Get['code'] !='' ){
$uid = $facebook->getUser();
echo "<script type='text/javascript'>top.location.href = '".APP_URL."';</script>";
exit;
}
Here APP_URL is something like apps.facebook.com/greatapp/ or you can use Site URL which you set in developer.
I'm using Facebook OAuth interface but can't get immediate mode parameter working. Do you have any idea how that works with FB or any other url to use instead?!
(I don't/can't use FB JS libraries.)
A great way to make users login into your website with their Facebook account is to use the Facebook PHP SDK (see on github). So you will have something like :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$user = $facebook->getUser();
If the user is logged in, then $user is his Facebook ID. You then have to check if you have a valid access token by making an API call :
If it does not raise any exception, then you have a valid access token
If it does, then you have to re-authenticate the user.
Here you go :
if ($user) {
try {
$facebook->api('/me');
} catch (FacebookApiException $e) {
$user = null;
}
}
You need then to display the login or logout link :
<?php if ($user): ?>
Logout of Facebook
<?php else: ?>
Login with Facebook
<?php endif ?>
When the user is logged in and you have a valid access token, you can make API calls to get data from Facebook :
$user_profile = $facebook->api('/me');
You may want to check the example page of the Facebook PHP SDK which is well documented.
Hope that helps.
I have extracted following url from FB php-sdk (which Quentin reminds me):
https://www.facebook.com/extern/login_status.php
?api_key=<your app-id or api-key>
&no_user=<callback url>
&no_session=<callback url>
&ok_session=<callback url>
&session_version=3
When you redirects user to above url (or open it as an iframe or popup) Facebook silently/immediately redirects backs user/browser to:
no_user when user has NOT signed in.
no_session when user has signed in but has NOT authorized your app yet.
ok_session when user has signed in and already authorized your app. Additional parameters (user identification and required token) will be appended to this url by FB which you need to validate.
For example:
https://www.facebook.com/extern/login_status.php
?api_key=123456789012345
&no_user=http://example.com/signin/fb/no_user
&no_session=http://example.com/signin/fb/no_session
&ok_session=http://example.com/signin/fb/ok_session
&session_version=3
Put them in one line whit no spaces and don't forget to encode urls if needed.
See OpenID Immediate mode to find out why this is useful.
If you are developing java based application, in that case you can use SoicalAuth library.
http://code.google.com/p/socialauth/