Reputation: 9138
Facebook iFrame app, is this code correct?
I've just thrown together a quick Facebook iFrame "fangate" app, where you must "like" to reveal a page.
I've seen a number of ways of doing things online so I just wanted to check that my method was safe to use before I publish the app.
..and the code..:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => "__CODE_HERE__",
'secret' => "__CODE_HERE__",
'cookie' => true
));
$signed_request = $facebook->getSignedRequest();
if($signed_request != false){
if($signed_request["page"]["liked"]) {
echo "you LIKE this page now!!";
} else {
// User likes the fan page.. display restricted data.
include 'index.php';
}
}
else
{
header('LOCATION: http://www.facebook.com/');
}
?>
What do you guys think? This seems pretty secure and the is the most common method i've come across. Would you include anything else?
All feedback welcome.. :)
--Conor
Upvotes: 0
Views: 1044
Answers (2)
Reputation: 38115
I won't load the whole PHP-SDK only for this, instead I use the approach from the documentation:
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {
echo "You are not a fan!";
} else {
echo "Welcome back fan!";
}
I've written a tutorial about this and provided a real world examples of the importance of this.
Upvotes: 1
Reputation: 54884
I can't see any problem with this. I have seen similar solutions working like this.
Upvotes: 1
Related Questions
- Facebook social features on iframe app
- Displaying Facebook in an Iframe on my website
- Facebook iframe like issue
- Facebook PHP API/App: iFrame
- Facebook application iframe php
- Facebook login within an iframe (but outside FB)
- Facebook Iframe Issue
- Facebook Authentication, IFrame and Variable Passing Help
- PHP Facebook App Help!
- facebook iframe php api