how to keep fb app inside a page tab while authentication (oauth 2)?
https://stackoverflow.com/questions/7804500
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Small problem here I want to make a small fb app which show different views for page admin and users, page admin can add html to the app and include the app in their page (somewhat like the old fbml app).
but the problem is when i'm authenticating the app it is jumping from page tab to its app page.
i need to acces the following things
[page] => stdClass Object
(
[id] => FAN_PAGE_ID
[liked] => 1
[admin] =>
)
for this i need to be in fb page tab while authenticating. How ? :(
i am posting my current code here.
please help me.
ob_start();
$app_id = "----------";
$app_secret = "-----------------";
include_once 'src/facebook.php';
$my_url = "http://apps.facebook.com/-----beta/index.php";
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
));
session_start();
$code = $_REQUEST["code"];
//echo $code . "</br>";
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&display=popup&scope=manage_pages,email&redirect_uri=" . urlencode($my_url) . "&state=" . $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?" . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=" . $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
//echo $_REQUEST['signed_request'];echo "<hr>";
//var_dump($user);
$signedRequest = $facebook->getSignedRequest();
$appData = array();
if (!empty($signedRequest) && !empty($signedRequest['page'])) {
$appData = json_decode($signedRequest['page'], true);
}
var_dump($appData); echo "<hr>";
var_dump(parse_signed_request($_REQUEST['signed_request'] , $app_secret));
echo("<hr>Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
Solution
I am using this script in the tab:
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
return null;
}
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
$signed_request = $_REQUEST['signed_request'];
$secret = $app_secret;
$getdata = parse_signed_request($signed_request, $secret);
$fanpage = $getdata['page'];
$page_id = $fanpage['id']; // GET THE PAGE ID
$is_fan = $fanpage['liked']; // 0 if its not fan, 1 if its fan
$is_admin = $fanpage['admin']; //1 if user is admin of page. 0 if not
if($page_id){
//if app is tab
if($is_admin){
//if user is admin
}
if($is_fan){
//I am fan
}else{
// I am not a fan
}
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
