Reputation: 22926
How to pass data from a facebook app to my server (via Ajax)?
(Since FBML and FBJS are deprecated by Facebook, I cannot use those approaches to pass data to my server).
I have an IFRAME facebook application, mainly built to be used by pages.
When the page admin visits my application tab in their page, they see a settings page where they will be add information about their page. I have a submit button as well. Once the page admin submits information about his page, it will be sent to my server and it will be stored along with the page ID. Once this setup is done, when other users visits this application tab in the page, they will see the information posted by the page admin.
I am using Facebook's PHP SDK in the server side to decode the signed request and get the page ID.
The following is the code in my application's index.php to send data to my server (along with the user input, page ID will also be passed, not shown here)
function sendData() {
$.post('ajax.php', {
data : $("#userdata").val()
}, function(data) {
alert(data);
});
}
</script>
The following is the simple ajax.php script. This is just a test script as of now.
<?php
echo "<pre>" . print_r($_POST) . "</pre>";
?>
The problem is only the user data is being sent to the server. There is a security problem in this approach. I want to send 'signed_request' (that facebook sends initially to my index.php, using which I validate the request) along with the user data, so I can validate the request from the server side and update the information for the right page. Else, anyone can post a request like this and update the information for any page.
Upvotes: 0
Views: 727
Answers (1)
Reputation: 325
All you need to do is use the Facebook PHP SDK in your server side ajax script as well, then you can check that the request was sent by someone with a valid Facebook session who has authorized your app.
If you are concerned that multiple people using your application will try and send fake requests to alter each others page settings, then you just need to store some information about which Facebook Ids are associated with the Facebook pages they administer.
For example, while sending the request to the server, send the page ID along with a encrypted key derived from the page ID (keep this encrypted key in a hidden field while displaying itself). In the server, decrypt this key to match with the page ID. By this way, you can be sure that the page admins are modifying the information for 'their' pages only.
Upvotes: 1
Related Questions
- Facebook js SDK send with ajax variabiles to PHP
- Facebook apprequest using PHP SDK v4
- using facebook js sdk and php sdk
- How to pass facebook login response from javascript to php page?
- How to send the app request using php in facebook
- How to send a Facebook application request to retrieve data on accepting?
- How can I send facebook app generated requests using php?
- Facebook SDK Javascript and PHP
- Using Facebook PHP SDK with Javascript SDK
- Get JSON data as PHP with Javascript SDK ONLY