Facebook Ultimate X Hack V5.0 In
Marylee Guffy
Wait - what happened to version 4.1? Before the decision to adopt Semantic Versioning, the official Facebook PHP SDK was going to be released as v4.1. But now v4.1 is just an alias to v5.0.0. So any references to 4.1 can be safely aliased to v5.0.0.
Each major version of the PHP SDK at Facebook have notoriously been poorly documented. With version 5, the official docs have been much improved... or at least I think they have since I was the primary author. But I know they can still be improved even more! You can contribute to them on the official GitHub repo.
Version 5 of the SDK runs on PHP 5.4 or greater with the mbstring extension installed. If you're still on PHP 5.3, you really need to upgrade since 5.3 reached EOL and is no longer getting security updates. While you're at it, why not just install PHP 5.6!
Version 4.0 of the PHP SDK, focused a lot of attention on the FacebookSession class. Contrary to what you might assume at first glance, this class has nothing to do with a native PHP session and everything to do with a user access token and the app configuration.
In v4.0 of the PHP SDK, there were a number of methods that allowed you to define the Graph API version. Unfortunately this functionality was inconsistent across all the methods and forced developers to rely on the default Graph API version fallback in some cases.
Since the Graph API is subject to a versioning schedule with breaking changes in each version, every time the default Graph API version was updated, apps broke when the developer updated their version of the SDK with the latest minor/patch version. Doh!
Important! You should always set the default_graph_version option! Don't rely on the fallback version unless you want your app to break when the version of Graph API gets updated in the SDK.
Access tokens could be obtained using the "helpers" in v4.0. You would instantiate the helpers directly in v4.0 but in v5 we have factories on the Facebook\Facebook service class to generate new helpers as we will see in a bit.
You can implement Facebook Login (OAuth 2.0) with the PHP SDK by using the FacebookRedirectLoginHelper. An instance of this helper can be obtained from the Facebook super service by using the getRedirectLoginHelper() method.
When you have an app that runs in app canvas or a Page tab, an access token can be obtained from the signed request that is POSTed to your app. If an access token exists in the signed request, it can be obtained using the FacebookCanvasHelper (note the name change).
If you're using the JavaScript SDK for Facebook Login, make sure in your FB.init() method, you enable the cookie option with cookie:true. This tells the JavaScript SDK to set a cookie on your domain that contains a signed request with information about the authenticated user.
Version 4.0 stored the access token in the FacebookSession object (which had nothing to do with PHP sessions). The primary way of sending authenticated requests to the Graph API was by injecting an instance of FacebookSession into a FacebookRequest. The access tokens were stored as AccessToken entities within FacebookSession.
Version 5 of the SDK got a major API overhaul when it comes to making requests to the Graph API. The primary way of making requests to the Graph API in v4.0 was via the FacebookRequest class directly.
One of the biggest pitfalls people would run into when using v4.0 for the first time surrounded the FacebookRedirectLoginHelper. The helper would try to make use of native PHP sessions behind the scenes to store the CSRF token generated during the Facebook Login process. Since the PHP session stuff wasn't documented, people got errors and didn't know why.
Version 5 of the SDK will still try to store a CSRF token in native PHP session, but there's a better way to overwrite the session-storing functionality; you code to the Facebook\PersistentData\PersistentDataInterface and inject the implementation into the Facebook\Facebook service constructor with the persistent_data_handler option.
In version 5 you can also inject a custom HTTP client, but you'll need to code your implementation to the Facebook\HttpClients\FacebookHttpClientInterface and then inject it with the http_client_handler option in the Facebook\Facebook service constructor.
The Facebook PHP SDK has come a very long way since its inception but there's still a ton of room for improvement. There's plenty of discussion going on about what can be improved in version 6.0. And the project is alive and well!
This script just stores the Access Token and redirects to login.php. We can use an App Access Token as default, because if the user gets to this script he most likely will not have an active Token. After initialization its just about getting the Access Token with the Helper (getAccessToken), storing it in the session and redirecting to index.php.
Im not entirely sure if thats the correct way because the official docs are still a bit shaky with the latest PHP SDK, but it works ? You dont need all those error checking routines, but i suggest using them for logging errors in your system.
In many scenarios you would want to extend the User Token, and its quite easy with the PHP SDK. Just add two lines right before storing the Token in a session in your login-callback.php file:
I have a problem on the landingpage after login. When making the first request to the API I receive the error Graph returned an error: Error validating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons.. The weird things is that this does not happen when I navigate to the page via typing the url in the address bar. Only when I access the site via a hyperlink
that error is too unspecific to help you in a serious way, im afraid. you need to activate error logging for your server, and you need to debug where it is happening. Btw, i wrote another article about the Access Tokens: -heaven.com/facebook-access-tokens/
my code is always tested and worked when i wrote the article, all code put together should be a working example. but i should put a working example online where people can test and login, will do that asap.
Hello sir,
Can you please show us a complete source code of a little FB app ?
For example after the user authorizes the app, the app generate some very basic image [applying some basic image filter or effects on the profile photo] and shows a share dialog to the user to post the image on his own timeline.
Thanks in advance.
Regards
hi! i am not sure what to tell you, to be honest. the error message is very clear, you can only delete comments made by your app. you cant delete comments made in the browser, it is just not possible.
blank screen usually means that there is something wrong on the server. make sure to look at the error logs. also, you are definitely not logged in if it is not listed. hard to say more without looking at the code, you should create a question on stackoverflow.
I am able to fetch relevant user information using this. But plugin doesn't provide information on how to logout of Facebook successfully.
I have placed the Facebook login button in my application and clicking on which I am redirecting the user to the following link.
After successful authentication it will get redirected to the redirect_uri specified. The redirect_uri will be one screen in my application. I will get the code as input parameter to that page from Facebook. Once I have code, I will hit the rest api to get access_token with the code. When I get the access_token I am hitting the rest of the graph api to get relevant information.
My requirement is that after I logout of Facebook, again when I tap on 'Login with Facebook' button, it should ask me again for Facebook username and password to login. Now it is not happening. I am directly getting redirected to the home page with the code.
Actually the login flow is working as expected. I have a "Login with Facebook" button which allows me to login to FB. And, once I receive the Facebook information I am saving those details in local database. After sometime, if I want to logout from the application, I have a logout button in the application. When I click the logout button it should log me out of the application and it will redirect me again to the screen where I have the "Login with Facebook" button. When I click on the button again it should show me the Facebook login page. But now it is allowing me in with out showing the Facebook login page.
So when you click on login with facebook again it will redirect you to facebook and because you are already login and given concent to the application to access your data so facebook will automatically send you back to the redirect url without asking to login again.
This is same as if you login to facebook in another browser tab and then click login with facebook in your application, you will be redirected back to your application without showing facebook login screen.
This is working fine as well. I have a "Login with Facebook" button. First time up on tapping that it will take me to Facebook login page and I can enter my credentials to login and fetches all the data needed. Again when I relaunch the application and tap on the "Login with Facebook" button, it will not ask for Facebook credentials and directly logs in and fetches all the required data. This is fine.
What I need is to have a button in the application to logout of Facebook. Up on tapping that, it should log me out of Facebook(Should clear the Facebook related session in the app). So that next time when I relaunch the app and tap on Login with Facebook button, it should show me Facebook login screen to logout
Is there a way to do this?
You can add functionality to your native application to allow your users to authenticate using Facebook natively, within the application. This does not require redirection via a web browser and will let mobile applications comply with the Facebook Developer Policy, which requires that mobile applications use the Facebook SDK for Android or iOS to authenticate.
b37509886e