Is it possible to build facebook login function just using facebook php sdk, without using javascript sdk?

Question

Javascript SDK provides FB.login function to easily login other users. I just wonder whether there exists a way through PHP SDK that realize the same function --- that is click the login button and then allow the user to login and also allow the app to use the user's info?

The reason I ask the question is that someone told me that it's possible to be hacked if implemented by javascript and it's somewhat securer by the use of server-side PHP. Can anybody tell me the exact idea of this?

Answer 1

You can defiantly use the PHP SDK to log users into your application. There exists within the SDK a method called getLoginUrl() which receives parameters such as what permissions you want to request from your users. Once you have received the url, you can use the php header function to redirect the user to the login screen or use an anchor tag and let the user login by clicking on it.

Answer 2

Using an instance of the Facebook Object in PHP SDK and getUser method is what you need to be sure of the authenticity of your users.

I suggest you to implement JSDK and PHP SDK to get the best login & register experience possible and also take full advantage of the features of both SDKs.

I usually use Javascript SDK to detect session status and login users, and PHP SDK to integrate the Facebook experience with my CMS (Drupal).

In the signed request travels information as your Facebook user ID and other stuff. Remember that the signed request is encrypted in base64 with you secret key, so it's not an easy thing to manipulate.

Tip: You can use the Facebook register plugin to provide an alternative & fast registration using Facebook data. See https://developers.facebook.com/docs/plugins/registration/