Facebook PHP API Applications: Working with User Data

This is the third part of a tutorial series on Facebook PHP API implementation. In this part, you will learn four important aspects of this API application: how to grab profile photos from the API; how to request user permission from the Facebook login to access sensitive profile information; the importance of “Access token” in accessing sensitive profile information; and how to grab sensitive information using Access token verification (for example, the person’s birthday, email address, bio, etc.) in PHP.

Grabbing profile photos from the Facebook Graph API

Sometimes if you integrate Facebook into your website, you need to display the main user’s profile photo.

The URL you need to grab photos in Facebook graph API uses this format:

http://graph.facebook.com/UID/picture

Where: UID is the Facebook user ID number.  

In PHP, once the user is logged in and the cookie is set, the script will get contents from the API (file_get_contents):

<?php if ($cookie) {

//###cookie is set, user is logged in

$user = json_decode(file_get_contents(‘https://graph.facebook.com/’.$cookie['uid']));

And then display the user’s main profile photo as in this code:

echo ‘<img src="http://graph.facebook.com/’.$user->{‘id’}.’/picture" alt="’.$user->{‘name’}.’"/>';

Below is the complete script, which is similar to the one shown at the following url: http://bit.ly/cLZuIh. It will display the user’s Facebook id, name and the profile photo:

<?php
define(‘FACEBOOK_APP_ID’, ‘YOUR FACEBOOK APPLICATION ID HERE’);
define(‘FACEBOOK_SECRET’, ‘YOUR FACEBOOK SECRET HERE’);
function get_facebook_cookie($app_id, $application_secret) {
  $args = array();
  parse_str(trim($_COOKIE['fbs_' . $app_id], ‘"’), $args);
  ksort($args);
  $payload = ”;
  foreach ($args as $key => $value) {
    if ($key != ‘sig’) {
      $payload .= $key . ‘=’ . $value;
    }
  }
  if (md5($payload . $application_secret) != $args['sig']) {
    return null;
  }
  return $args;
}
$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:fb="http://www.facebook.com/2008/fbml">
<body>
<?php if ($cookie) {
//###cookie is set, user is logged in
$user = json_decode(file_get_contents(‘https://graph.facebook.com/’.$cookie['uid']));
echo ‘Your Facebook ID: ‘.$user->{‘id’};
echo ‘<br />';
echo ‘Your name: ‘.$user->{‘name’};
echo ‘<br />';
//###display the user profile photo
echo ‘<img src="http://graph.facebook.com/’.$user->{‘id’}.’/picture" alt="’.$user->{‘name’}.’"/>';
echo ‘<fb:login-button perms="email,user_birthday" onlogin="window.location.reload(true);" autologoutlink="true"></fb:login-button>';
}
else
{
//###user is not logged in, display the Facebook login button
echo ‘<fb:login-button perms="email,user_birthday" autologoutlink="true"></fb:login-button>';
}
?>
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({appId: ‘<?= FACEBOOK_APP_ID ?>’, status: true,
cookie: true, xfbml: true});
FB.Event.subscribe(‘auth.login’, function(response) {
window.location.reload();
});
</script>
</body>
</html>


Understand the importance of the “Access token” in Facebook Graph

So far our examples are limited to publicly accessing user profile information, such as the main user profile photo, name and id. There are times when your application requires the user’s email address and birthday (or even the user’s bio or his/her list of friends).

This is where the access token property will be used. But first, as you might have already observed, it asks for user permission before your Facebook application in PHP can retrieve sensitive user information, such as email address and birthday.

The access token URL is in the form of: https://graph.facebook.com/me?access_token=[accesstokenoftheuser]

Where [accesstokenoftheuser] varies for each login user. The value of [accesstokenoftheuser] is equal to the value of:

$cookie['access_token']

You can get that value by echoing the access token in PHP:

echo $cookie['access_token']

In PHP, the file get contents/json_decode statement is changed from $cookie['uid'] to $cookie['access_token']. So the script below will echo the value of $cookie['access_token'] in the browser:

<?php
define(‘FACEBOOK_APP_ID’, ‘Your facebook application id’);
define(‘FACEBOOK_SECRET’, ‘Your facebook secret’);
function get_facebook_cookie($app_id, $application_secret) {
  $args = array();
  parse_str(trim($_COOKIE['fbs_' . $app_id], ‘"’), $args);
  ksort($args);
  $payload = ”;
  foreach ($args as $key => $value) {
    if ($key != ‘sig’) {
      $payload .= $key . ‘=’ . $value;
    }
  }
  if (md5($payload . $application_secret) != $args['sig']) {
    return null;
  }
  return $args;
}
$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:fb="http://www.facebook.com/2008/fbml">
<body>
<?php if ($cookie) {
//###user is logged in, echo the access token in the browser
$user = json_decode(file_get_contents(‘https://graph.facebook.com/me?access_token=’.$cookie['access_token']));
echo $cookie['access_token'];
die;
}
else
{
//###user is not logged in, display the Facebook login button
echo ‘<fb:login-button perms="email,user_birthday" autologoutlink="true"></fb:login-button>';
}
?>
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({appId: ‘<?= FACEBOOK_APP_ID ?>’, status: true,
cookie: true, xfbml: true});
FB.Event.subscribe(‘auth.login’, function(response) {
window.location.reload();
});
</script>
</body>
</html>

So for example, this is the value:
1453286532125478|2.dfwererdfjk878_n43dfsYPzw__.2400.dfsdfs2000-529dfss582|dfs4sdeBe-fdsfd6D8dfsfsdd

You can view a Facebook user’s information using a web browser (including the sensitive information, such as birthdate) if you know the access token key by using the syntax: https://graph.facebook.com/me?access_token=[accesstokenoftheuser]

So it will be:
https://graph.facebook.com/me?access_token=1453286532125478|2.
dfwererdfjk878_n43dfsYPzw__.3600.dfsdfs2000-529dfss582|dfs4sdeBe-fdsfd6D8dfsfsdd

If that URL is opened in the browser, it will look like the screen shot below:

 

{mospagebreak title=Access Token Application: Retrieving Email Address and Birthday}

Suppose you wish to create a PHP application using the Facebook API that will display the following information on the browser after logging in:

  1. photo
  2. id
  3. name
  4. Facebook URL
  5. about
  6. birthday
  7. bio
  8. gender
  9. email

The following is the complete working script:

<?php
//###Define Facebook Application ID and Secret; then get cookie
define(‘FACEBOOK_APP_ID’, ‘Your website facebook application ID’);
define(‘FACEBOOK_SECRET’, ‘Your website facebook secret’);
function get_facebook_cookie($app_id, $application_secret) {
  $args = array();
  parse_str(trim($_COOKIE['fbs_' . $app_id], ‘"’), $args);
  ksort($args);
  $payload = ”;
  foreach ($args as $key => $value) {
    if ($key != ‘sig’) {
      $payload .= $key . ‘=’ . $value;
    }
  }
  if (md5($payload . $application_secret) != $args['sig']) {
    return null;
  }
  return $args;
}
$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:fb="http://www.facebook.com/2008/fbml">
<body>
<?php if ($cookie) {
//###cookie is set, user is logged in
$user = json_decode(file_get_contents(‘https://graph.facebook.com/me?access_token=’.$cookie['access_token']));
//###display the user profile photo
echo ‘<img src="http://graph.facebook.com/’.$user->{‘id’}.’/picture" alt="’.$user->{‘name’}.’"/>';
echo ‘<br />';
//###display the user Facebook ID
echo ‘<b>Your Facebook ID:</b> ‘.$user->{‘id’};
echo ‘<br />';
//###display the user Facebook name
echo ‘<b>Your name:</b> ‘.$user->{‘name’};
echo ‘<br />';
//###display the user Facebook URL
echo ‘<b>Your Facebook URL:</b> ‘.$user->{‘link’};
echo ‘<br />';
//###display the user Facebook about information
echo ‘<b>Your Facebook about information:</b> ‘.$user->{‘about’};
echo ‘<br />';
//###display the user birthday
echo ‘<b>Your birthday:</b> ‘.$user->{‘about’};
echo ‘<br />';
//###display the user bio in Facebook
echo ‘<b>Your bio in Facebook:</b> ‘.$user->{‘bio’};
echo ‘<br />';
//###display the user gender
echo ‘<b>Your gender in Facebook:</b> ‘.$user->{‘gender’};
echo ‘<br />';
//###display the user email address used in Facebook
echo ‘<b>Your email address used in Facebook:</b> ‘.$user->{‘email’};
echo ‘<br />';
echo ‘<br />';
echo ‘<fb:login-button perms="email,user_birthday" onlogin="window.location.reload(true);" autologoutlink="true"></fb:login-button>';
}
else
{
//###user is not logged in, display the Facebook login button
echo ‘<h2>Facebook Application using Access token Key</h2>';
echo ‘<br />';
echo ‘This is a more important script that will be able to grab the user email address, birthday and other information, such as profile photos.';
echo ‘<br />This information will be displayed in the web browser once the user has successfully logged in';
echo ‘<br /><br />';
echo ‘<fb:login-button perms="email,user_birthday" autologoutlink="true"></fb:login-button>';
}
?>
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({appId: ‘<?= FACEBOOK_APP_ID ?>’, status: true,
cookie: true, xfbml: true});
FB.Event.subscribe(‘auth.login’, function(response) {
window.location.reload();
});
</script>
</body>
</html>

Code Discussion

First, the script checks whether the user is logged in. If not, the Facebook login button is shown:

echo ‘<fb:login-button perms="email,user_birthday" autologoutlink="true"></fb:login-button>';

The important property in the login button is the permission parameter:

perms="email,user_birthday"

This allows your PHP web application to ask for permission from the user who will be logging in to your website. This is required by Facebook for privacy reasons.

Once the user is logged in to your website, the cookie is set; the script will retrieve the information from the Facebook graph API using this line:

$user = json_decode(file_get_contents(‘https://graph.facebook.com/me?access_token=’.$cookie['access_token']));

The access token key is found in the $cookie variable, which will be used by your application to retrieve user-related information.

Once the variable is known in the JSON syntax shown in the screen shot previously, you can use those variables to retrieve information, and use the values in your application. For example, you can use them in retrieving the email address:

echo ‘<b>Your email address used in Facebook:</b> ‘.$user->{‘email’};

Another important feature in the script above occurs when a person logs out from your website. Of course, the ideal case is that, once the user logs out, the page will be reloaded to remove all the Facebook user-related information on the web page.

This is possible by adding a reloading option in the Facebook login/logout button:

echo ‘<fb:login-button perms="email,user_birthday" onlogin="window.location.reload(true);" autologoutlink="true"></fb:login-button>';

So when the user clicks the logout button, it will take the user to the original page (before logging in), as shown below:

 

[gp-comments width="770" linklove="off" ]

chat sex hikayeleri Ensest hikaye