StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHowTo: send app request, and get data from request (to redirec to to a specific link) without user accepting the app?
text
Body
copied!<p>let's say user send app requests to his friends, this request will be targeting something /my_app/catalog.php?ID=25</p> <p>(not the index page) the only way to store specific link in app request is to use "data" field of the request.</p> <p>when user follow app request it will end up on index.php (not catalog.php?ID=25)</p> <p>how could i extract data field from request without knowing user id? (and without him accepting the app ?)</p> <p>i can get request_ids and also app_token (not user_access_tocken) by using <a href="https://graph.facebook.com/oauth/access_token?client_id=" rel="nofollow">https://graph.facebook.com/oauth/access_token?client_id=</a>".$GLOBALS['app_id']."&client_secret=".$GLOBALS['app_secret']."&grant_type=client_credentials</p> <p>but without the user id and him accepting the app it is impossible to get "data" field so instead of user been able to see a product in my app that his friend recommended him , he sees auth forms and accept the app dialogs whiout knoing what is this app about.</p> <p>this is not a right behavor and to my undestanding first user had to see a link on my page and later on if he want to do actions or my app need permissions for user's info - only when should the "accept dialog" be used.</p> <p>UPDATE: I guess Juicy right and where is no other way to get app request url but to either store it in your own database or require user to accept the app</p> <p>in case if someone else looking for this workaround here is some usefull stuff:</p> <pre><code>//to deal with app requests: (this is part of overall page output preparation) $rqlink=""; if((strlen($_REQUEST['request_ids'])>0)&&(strlen($user->id)>0))//user is logged no need for database { if(($rq=getfbres("https://graph.facebook.com/?ids=".$_REQUEST['request_ids']."&access_token=".$_SESSION['access_token'] ))!==false) { $rqj = json_decode($rq); $request_ids = explode(',', $_REQUEST['request_ids']); foreach ($request_ids as $request_id) { $full_request_id=$request_id.'_'.$user->id; if(isset($rqj->$request_id->data)) $rqlink=$rqj->$request_id->data; //if(getfbres("https://graph.facebook.com/$full_request_id?method=delete&access_token=".$_SESSION['access_token'])===false) //{ echo "delete request error:". $GLOBALS['err']; exit;} break; } } } elseif(strlen($_REQUEST['request_ids'])>0) //user is not logged, try to extract url from database { $request_ids = explode(',', urldecode($_REQUEST['request_ids'])); foreach ($request_ids as $request_id) { if(!isset($conn)){include_once "conn.php"; $conn=init_conn();} if(!($rez=mysql_query("select * from ff_app_rq where rq='".str_replace("'","''",$request_id)."'",$conn))) die ("Database error"); if(mysql_num_rows($rez)>0) { $row=mysql_fetch_assoc($rez); $rqlink=$row['url']; mysql_free_result($rez); break; } else //request not found for some reason and user is not authorized { //force pop-up authorization in order not to loose req_ids mysql_free_result($rez); echo("<script LANGUAGE='javascript'>window.open('/fblogin.php','_blank','width=900,height=450');</script>"); break; } } } if(strlen($rqlink)>0) { session_write_close(); echo("<script LANGUAGE='javascript'>document.location.href='".$rqlink."';</script>"); // echo("<script LANGUAGE='javascript'>top.location.href='http".(getenv("HTTPS") == 'on'?"s":"")."://apps.facebook.com/".$GLOBALS['app_namespace']."/".$rqlink."';</script>"); exit; } </code></pre> <p>this is how you promote:</p> <pre><code> function fire_promo() { FB.init({appId:'<?php echo $GLOBALS['app_id'];?>',status:true,cookie:true,frictionlessRequests:true,oauth:true}); //(this will display popup with list of fb friends) getpage('ajforms.php?ID=<?php echo $id;?>&stage=promote_app','subcontent,-100,10,560,500,2,zzz'); return false; } function sendRequestToManyRecipients() { var f=document.send_inv; //(this form lists all checked users) var ids=""; for(var z=0;z<f.length;z++) if(f[z].name=='p') if(f[z].checked) {if(ids.length>0) ids+=',';ids+=f[z].value;} FB.ui({method:'apprequests',data:'catalog.php?ID=<?php echo $id;?>',message:'You have been invited to bla-bla',to:"'"+ids+"'"}, requestCallback); } </code></pre> <p>here is app request javascript callback:</p> <pre><code> function requestCallback(response) { if(response === undefined) return; //if(response.request===undefined) return; var req = getconn(); if(req) {req.open("HEAD",'fb_req.php?rq='+response.request+'&url='+encodeURIComponent('catalog.php?ID=<?php echo $id;?>',true));req.send(null);} //console.log(response.request); if(response.to.length === undefined) {} else if(response.to.length>0) alert('You have successfully promoted to '+response.to.length+' friends.\nThank You!'); } </code></pre> <p>(getconn is a standart ajax function to initialize ajax communications)</p> <p>here is fb_req.php to log app requests:</p> <pre><code><?php if((strlen($_REQUEST['rq'])>0)&&(strlen($_REQUEST['url'])>0)) { include_once "conn.php"; $conn=init_conn(); $rez=mysql_query("insert into my_app_rq_table (rq,url,rq_date) VALUES('".str_replace("'","''",$_REQUEST['rq'])."','".str_replace("'","''",urldecode($_REQUEST['url']))."',now())",$conn); //if(!$rez) die ("Database error".mysql_error()); } exit; ?> </code></pre> <p>and finnaly here is fblogin.php for pop-up authorization and when refreshing opener window:</p> <pre><code><?php session_start(); include_once "params.php"; $code = $_REQUEST["code"]; if(strlen($code)>2) { $my_url = "http".(getenv("HTTPS")=='on'?"s":"")."://".getdom().((($_SERVER['SERVER_PORT']=="80")||($_SERVER['SERVER_PORT']=="443"))?(""):(":".$_SERVER['SERVER_PORT']))."/fblogin.php?fb_redirect_url=".urlencode($_REQUEST['fb_redirect_url']); $token_url = "https://graph.facebook.com/oauth/access_token?client_id=".$GLOBALS['app_id']."&redirect_uri=".urlencode($my_url)."&client_secret=".$GLOBALS['app_secret']."&code=".$code; $access_token = getfbres($token_url); $graph_url = "https://graph.facebook.com/me?".$access_token; $rr=strpos($access_token,"&"); if($rr>0) $access_token=substr($access_token,0,$rr); $access_token=str_replace("access_token=","",$access_token); $user = json_decode(getfbres($graph_url)); if(strlen($user->id)>0) { $_SESSION['access_token']=$access_token; if(strlen($_REQUEST['fb_redirect_url'])>0) echo "<SCRIPT LANGUAGE='javascript'>\nwindow.opener.location.href='".urldecode($_REQUEST['fb_redirect_url'])."';\nwindow.close();</script>"; else echo "<SCRIPT LANGUAGE='javascript'>\nwindow.opener.location.reload(true);\nwindow.close();</script>"; exit; } } if(strlen($_SESSION['access_token'])>2) { $graph_url = "https://graph.facebook.com/me?access_token=".$_SESSION['access_token']; $user = json_decode(getfbres($graph_url)); if(strlen($user->id)>0) { if(strlen($_REQUEST['fb_redirect_url'])>0) echo "<SCRIPT LANGUAGE='javascript'>\nwindow.opener.location.href='".urldecode($_REQUEST['fb_redirect_url'])."';\nwindow.close();</script>"; else echo "<SCRIPT LANGUAGE='javascript'>\nwindow.opener.location.reload(true);\nwindow.close();</script>"; exit; } } $my_url = "http".(getenv("HTTPS")=='on'?"s":"")."://".getdom().((($_SERVER['SERVER_PORT']=="80")||($_SERVER['SERVER_PORT']=="443"))?(""):(":".$_SERVER['SERVER_PORT']))."/fblogin.php?fb_redirect_url=".urlencode($_REQUEST['fb_redirect_url']); $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=".$GLOBALS['app_id']."&redirect_uri=".urlencode($my_url).$GLOBALS['app_scope']; //echo "<h1>".$_SESSION['log_attempts']."</h1>"; $_SESSION['log_attempts']=intval("0".$_SESSION['log_attempts'])+1; if(intval("0".$_SESSION['log_attempts'])<5) echo("<script>document.location.href='".$dialog_url."';</script>"); else echo "<center><br><br><br><h1>Facebook Login failed</h1><br>Please refresh web page and try again.</center>"; exit; function getdom() { return strtolower(str_replace("www.","",$_SERVER['SERVER_NAME'])); } function getfbres($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $output = curl_exec($ch); $info = curl_getinfo($ch); if(curl_error($ch)) $err=curl_error($ch); else $err=""; curl_close($ch); //echo "<pre>info:<br>"; var_dump($info); echo "<br>output:<br>"; echo $output; if (strlen($err)>0) echo "<br>error:<br>$err"; echo "</pre><br>"; if ($output === false || $info['http_code'] != 200) { // $GLOBALS['err']=$output."\nhttp code:".$info['http_code']."\n".$err; // echo "<pre>info:<br>"; var_dump($info); echo "<br>output:<br>"; echo $output; if (strlen($err)>0) echo "<br>error:<br>$err"; echo "</pre><br>"; // exit; return false; } return $output; } ?> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload