Reputation: 1317
Requesting facebook permissions on tab page in PHP
I am having one facebook pagetab application and I am stuck in following situation
I need to check if user login or not
if not then redirect to login url with
user_likes,publish_actions,emailpermissions
and also user has liked page or not.
if not liked then show the like gate
Now in above I am stuck following error which I am getting in FB pagetab (iFRAM)
Refused to display 'https://www.facebook.com/v2.0/dialog/oauth?client_id=839424369402407&redire…c8682d9a9fb5b&sdk=php-sdk-4.0.9&scope=email%2Cuser_likes%2Cpublish_actions' in a frame because it set 'X-Frame-Options' to 'DENY'.
Now I am think to implement the flow with JS sdk, get the access token and then pass it to php code using ajax call
Is there any better way to solve this situation??
here is the code
try {
$session = $helper->getSessionFromRedirect();
} catch(FacebookRequestException $ex) {
error_log($ex->getCode());
error_log($ex->getMessage());
} catch(\Exception $ex) {
error_log($ex->getCode());
error_log($ex->getMessage());
}
if($_GET['error']=="access_denied"){
header("location:/login/");
exit;
}else if (isset($session) || (isset($_SESSION['fb_user_session_access_token'])) && !empty($_SESSION['fb_user_session_access_token'])) {
if(isset($session))
$_SESSION['fb_user_session_access_token'] = $session->getToken();
else{
$access_token = $_SESSION['fb_user_session_access_token'];
$session = new FacebookSession($access_token);
}
try {
$user_profile = (new FacebookRequest(
$session, 'GET', '/me'
))->execute()->getGraphObject(GraphUser::className());
$email = $user_profile->getProperty('email');
$name = $user_profile->getProperty('name');
$fb_id = $user_profile->getProperty('id');
$query = mysql_query("select id, email from ntuc_users where email = '$email'");
$user_found = mysql_num_rows($query);
if(!$user_found){
//code deleted
exit;
} catch(FacebookRequestException $e) {
error_log($e->getCode());
error_log($e->getMessage());
//if token get expired
$loginUrl = $helper->getLoginUrl(array('req_perms' => 'email'));
header("location:".$loginUrl);
exit;
}
}
else
{
$loginUrl = $helper->getLoginUrl(array('req_perms' => 'email'));
header("location:".$loginUrl);
exit;
}
thanks in advanced
Upvotes: 1
Views: 469
Answers (1)
Reputation: 1317
After 2 days research, I got this.. here is the flow which I have implemented for my app
@BjörnKaiser mentioned Facebook policy doesn't support LIKEGATE anymore.. and its true ..
So I have go through FB policy and got the following ans
Only incentivize a person to log into your app, like your app’s Page, enter a promotion on your app’s Page, or check-in at a place. Don’t incentivize other actions. Effective November 5th, 2014, you may no longer incentivize people to like your app's Page
FB POLICY
However as ref. to above information, i tried to implement likegate flow but FB hardluck with FB APP review team
But I got one more ref. from the review team
Please note that using "user_likes" to check if someone has liked your Facebook use case is not approvable. User_likes provides information to all of a person's likes, and the entirety of this data should be used to enhance the app experience. If you need to determine who has already liked your page, please use signed requests for Page Tab apps.
Using signed requests, at least for pagetab it works like a charm :).. but for mobile website, I have removed the it
Here is the code:
if( isset($_REQUEST['signed_request']) )
{
$user_data = $this->parse_signed_request($_REQUEST['signed_request']);
$access_token = $_SESSION['fb_user_session_access_token'];
}
if( (isset($user_data['page']["liked"]) && !empty($user_data['page']["liked"]) && $user_data['page']["liked"]) || $this->deviceType != "computer")//no like gate for mobile
{
//my code ...
}
private function parse_signed_request($signed_request) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$secret = FB_APP_SECRET; // Use your app secret here
// decode the data
$sig = $this->base64_url_decode($encoded_sig);
$data = json_decode($this->base64_url_decode($payload), true);
// confirm the signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
$this->log->write('Bad Signed JSON signature!');
return null;
}
return $data;
}
private function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
I hope it helps someone else...
Upvotes: 1
Related Questions
- Get Facebook UID in page tab without asking for permission
- How should I correctly request permission for my Facebook app?
- Request facebook permissions each and every time
- How do I ask for facebook permissions in PHP?
- Facebook Graph API - Page Tab Extra Permissions
- facebook check users permissions from application
- Request Facebook permissions without user leaving my website
- How to force Facebook app to ask for permissions?
- Ask permissions for facebook app
- facebook API extended permissions