I am developing a facebook application. I am not sure about getting extended permission from the user. I have seen a code related to this but it is not working well. The code has the problem that if there is a new user and comes to application,, he will be asked for all extended permissions to authorize. But one he authorize and i again add some extra extended permission and want to get that data, the pop window will not be displayed and i cannot access the user data of that newly added permission. I am using the following code for this
$facebook = new Facebook(array(
'appId' => 'xxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxx',
'cookie' => true,
));
session = $facebook->getSession();
$loginUrl = $facebook->getLoginUrl(
array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'email,publish_stream,offline_access,sms,user_location,friends_birthday'
)
);
$fbme=null;
if (!$session) {
echo "top.location.href = '$loginUrl';";
exit;
}
else {
try {
$uid = $facebook->getUser();
$fbme = $facebook->api('/me');
} catch (FacebookApiException $e) {
echo "top.location.href = '$loginUrl';";
exit;
}
}
Now if any user comes on this point he will be asked for all permission and I can get data for all those permission. But if i add new extended permission, the user that has already authorized my application will not be asked for new permission and I cannot get the data for newly added permission.
I think if you got the extended permission then facebook will not ask for the same again when that user login to your application after some time.You can see the application that you authorized in the application page.
So to ask the permission again from same user he/she must remove the permission or remove the application from his/her account.
And if the user already give permission to your application then you can use that access token.Check this
Related
Do you have an example of how to confirm that the person trying to access the content of your app is a member of a specific facebook group, using php? I've read through the developer docs and all it managed to do was confuse me even more. I've seen posts similar to this one but they only show me how to print a list of members...
I need to know how to get the list and see if the user trying to access the app is a member of the group so that I can either a: allow access or b: deny access and re-direct the user to the group page so they can request membership...
Yes its pretty simple, you just need to know the ID of the group you want to do that and ask for the scope user_groups permission, so you can query the groups the user have.
With the PHP SDK you can do this:
<?php
// Remember to copy files from the SDK's src/ directory to a
// directory in your application on the server, such as php-sdk/
require_once('php-sdk/facebook.php');
$config = array(
'appId' => 'YOUR_APP_ID',
'secret' => 'YOUR_APP_SECRET',
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
if($user_id) {
// We have a user ID, so probably a logged in user.
// If not, we'll get an exception, which we handle below.
try {
$user_profile = $facebook->api('/me?fields=id,name,groups','GET');
$user_belongs_to_group= FALSE;
foreach($user_profile['groups']['data'] as $group){
if($group['id']==YOUR_GROUP_ID)
$user_belongs_to_group=TRUE;
}
if($user_belongs_to_group){
//Alright! the user belongs to the group
}
else{
//Oh snap you don't belong here, but you can if want to
}
} catch(FacebookApiException $e) {
// If the user is logged out, you can have a
// user ID even though the access token is invalid.
// In this case, we'll get an exception, so we'll
// just ask the user to login again here.
$login_url = $facebook->getLoginUrl();
echo 'Please login.';
error_log($e->getType());
error_log($e->getMessage());
}
} else {
// No user, print a link for the user to login
$login_url = $facebook->getLoginUrl();
echo 'Please login.';
}
?>
Some of this code I grabbed from the facebook, you can see the data that is returned when query for groups here: https://developers.facebook.com/tools/explorer
Press the plus sign after the name go to connections, choose groups and press send
You are in a catch-22, you will need the user to grant permission to his groups via the user_groups permission.
after get my posts in my web page , then if user login he can add like / comment to that post problem is am getting an error if any user try add like or comment
200 Permissions error
if i login in with my username and password i can make like or add comment !!
am sending like via :
jQuery.post('https://graph.facebook.com/'+comm_id+'/likes/',{
access_token : "<?php echo $access_token ?>"
});
CODE :
$facebook = new Facebook(array(
'appId' => '',
'secret' => '',
'cookie' => true,
));
$user = $facebook->getUser();
if ($user) {
if (session_id()) {
} else {
session_start();
}
$access_token = $facebook->getAccessToken();
//check permissions list
$permissions_list = $facebook->api(
'/me/permissions', 'GET', array(
'access_token' => $access_token
)
);
//check if the permissions we need have been allowed by the user
//if not then redirect them again to facebook's permissions page
$permissions_needed = array('publish_stream', 'read_stream', 'manage_pages');
foreach ($permissions_needed as $perm) {
if (!isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1) {
$login_url_params = array(
'scope' => 'publish_stream,read_stream,manage_pages',
'fbconnect' => 1,
'display' => "page",
'redirect_uri' => 'http://localhost/fb/index.php',
);
$login_url = $facebook->getLoginUrl($login_url_params);
header("Location: {$login_url}");
exit();
}
}
}else {
//if not, let's redirect to the ALLOW page so we can get access
//Create a login URL using the Facebook library's getLoginUrl() method
$login_url_params = array(
'scope' => 'publish_stream,read_stream,manage_pages',
'fbconnect' => 1,
'display' => "page",
'redirect_uri'=>'http://localhost/fb/index.php',
);
$login_url = $facebook->getLoginUrl($login_url_params);
//redirect to the login URL on facebook
header("Location: {$login_url}");
exit();
}
$logoutUrl = $facebook->getLogoutUrl();
which access token is for the user is loged in
Make sure you have the publish_stream permission for any user you want to be able to create posts for. Remember, creating a comment is still creating content.
Checkout the publish_stream permission on Facebook's permissions documentation
Enables your app to post content, comments, and likes to a user's
stream and to the streams of the user's friends. This is a superset
publishing permission which also includes publish_actions. However,
please note that Facebook recommends a user-initiated sharing model.
Please read the Platform Policies to ensure you understand how to
properly use this permission. Note, you do not need to request the
publish_stream permission in order to use the Feed Dialog, the
Requests Dialog or the Send Dialog.
I've read a lot of tutorials/articles/questions here about this, as well as trying to find something useful in the fb documentation.
So far I've made no progress at all myself so any input would be greatly appreciated, I'm simply trying to access a list of my photos but all I get is an empty array.
I know I've added more req_perms than I need probably, I just copied the ones from a "working tutorial" that didnt work for me, and after reading a thread here I also added user_photo_video_tags because that had worked for the thread poster (again, not me).
I've gotten the dialog to allow photos sharing my photos with my app, login works without any problems, the access token I get seem to be correct, after logging in I have visited:
https://graph.facebook.com/me/photos?access_token= and the token, and gotten an empty array, if I wasnt logged in or the access_token wasnt linked to my app there would be some error, but all I get is an empty array.
Thanks in advance for any input.
Thanks to Chaney Blu I was able to validate my permissions:
{
"data": [
{
"installed": 1,
"status_update": 1,
"photo_upload": 1,
"video_upload": 1,
"create_note": 1,
"share_item": 1,
"publish_stream": 1
}
]
}
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
require_once 'library/facebook.php';
$app_id = "xxxxxxxxxxxxxxxx";
$app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
'cookie' => true
));
$loginLink = $facebook->getLoginUrl(array(
'scope' => 'user_status,publish_stream,user_photos,user_photo_video_tags'
));
$logOutLink = $facebook->getLogoutUrl();
$user = $facebook->getUser();
if ($user) {
try {
// User logged in, get token
$token = $facebook->getAccessToken();
//var_dump($token); dumped successfully
// Get public profile info
$user_profile = $facebook->api('/me');
//var_dump($user_profile); dumped successfully
$photos = $facebook->api('/me/photos?access_token=' . $token);
var_dump($photos); // Empty array, BAH!
} catch (FacebookApiException $e) {
$user = null;
}
}
?>
Click here to login if you aren't autoredirected<br /><br /><br />
Click here to logout
Not sure if this is the problem, but try this. It appears you're using the latest PHP SDK. In your getLoginUrl(); calls, try changing 'req_perms' to 'scope'.
Like this:
$loginLink = $facebook->getLoginUrl(array(
'scope' => 'user_status,publish_stream,user_photos,user_photo_video_tags'
));
You can verify that you've authorized the correct permissions by visiting https://graph.facebook.com/me/permissions/?access_token=XXXX
After testing some other permissions I noticed facebook weren't updating the permissions to my token, even when logging out of the app, logging in again and accepting new permissions nothing changed when I looked at the Graph permissions link I got from Chaney Blu.
I used that link to verify the token from facebooks graph api page http://developers.facebook.com/docs/reference/api/ and noticed that token had access to user_photos but not my token.
Going into my facebook settings and removing the app made facebook update my permissions the next time I signed into the app.
Thanks to Chaney Blu for putting me on the right track. Would vote you up if I had the reputation.
I am using Facebook PHP SDK 3.0
I would like to know how could I store the session of the user in the database so that once the user provides access and logs in, I could store the access tokens in the database and use it next time so that the user doesn't require to log in again. Right now I am using the following code
$facebook = new Facebook(array(
'appId' => APP_ID,
'secret' => SECRET,
'cookie' => true
));
$user = $facebook->getUser();
if(!$user)
{
$loginUrl = $facebook->getLoginUrl();
echo anchor($loginUrl,"login");
}
//print_r($_SESSION);
$user = $facebook->getUser();
if($user)
{
try
{
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
//print_r($user_profile);
}
catch (FacebookApiException $e)
{
error_log($e);
$user = null;
}
}
Any help appreciated thanks
Facebook access keys expire after a while. Even if you do store them, and they have not expired yet, they will not work if the user is not logged in. If you want to access the users Facebook account while the user is offline, you need the 'offline_access' permmission.
with the old (2.x) SDK I used this to log someone with offline_access:
$session = array
(
'uid' => $userdata['fb_uid'],
'sig' => $userdata['fb_sig'],
'access_token' => $userdata['fb_access_token']
);
$facebook->setSession($session);
In the new SDK this function doesnt exist anymore. I think I need to login using:
setPersistentData($key, $value)
but this function is protected and I dont know what 'code' is? Do I need this to log the user in or not? And what's going on with 'sig'? Don't I need this anymore?
Hope someone already figured this out because the documentation really doesn't help!
With the Facebook PHP SDK v3 (see on github), it is pretty simple. To log someone with the offline_access permission, you ask it when your generate the login URL. Here is how you do that.
Get the offline access token
First you check if the user is logged in or not :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
// The access token we have is not valid
$user = null;
}
}
If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :
if (!$user) {
$args['scope'] = 'offline_access';
$loginUrl = $facebook->getLoginUrl($args);
}
And then display the link in your template :
<?php if (!$user): ?>
Login with Facebook
<?php endif ?>
Then you can retrieve the offline access token and store it. To get it, call :
$facebook->getAccessToken()
Use the offline access token
To use the offline access token when the user is not logged in :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$facebook->setAccessToken("...");
And now you can make API calls for this user :
$user_profile = $facebook->api('/me');
Hope that helps !
With PHP SDK 2.0 (I guess), I just use it like
$data = $facebook->api( '/me', 'GET', array( 'access_token' => $userdata['fb_access_token'] ) );
This should work with the newer one to as it seems to be more of a clean approach than rather setting up sessions by ourself. Can you try?
Quentin's answer is pretty nice but incomplete, I think. It works nice, but I for example getUser() isn't working in that time because userId (which is getUser() returning) is cached.
I have created a new method to clear all caches and save it persistently.
public function setPersistentAccessToken($access_token) {
$this->setAccessToken($access_token);
$this->user = $this->getUserFromAccessToken();
$this->setPersistentData('user_id', $this->user);
$this->setPersistentData('access_token', $access_token);
return $this;
}