10 off, 300 word articles as specified – thanks (Budget: $30-250, Jobs: Academic Writing, Article Rewriting, Articles, Copywriting, Reviews)
How to Authenticate Users With Facebook Connect
Lately, there’s been quite a fuzz about lazy registration. It turns out that the less the user has to think, the higher the conversion rates are! What a thought! If everybody seems to have a Facebook profile, why not add a one-click user registration? I’ll show you how to do that today.
Step 1. The Setup
MySQL Table
Let’s begin by creating a database table.
CREATE TABLE `users` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `oauth_provider` varchar(10), `oauth_uid` text, `username` text, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
Quite simple: we will be setting up a table for user information with id, username, first and last name, the URL to the user’s picture, and registered date. Also, we’re adding both an oauth_provider
and oauth_uid
fields, to distinguish between different third party open authentication protocols and their identifiers. For example, let’s say that, next week, you decide that it’s a good idea to also let Twitter users in. Easy; you just set another value to the oauthprovider, and avoid duplicating oauthuid values.
The Facebook App
Let’s begin by creating a new application. Give it a name and agree to the terms and conditions. Next, grab both the API Key and Secret in the basic tab as shown below.
On the canvas tab, set both the Canvas URL and Post-Authorize Redirect URL to your localhost and path that the script will process — something like http://localhost.com/login_facebook.php?
. Note the question mark at the end and the domain; both are required by Facebook. Simply set your hosts
file to a valid domain name.
On the connect tab, set the Connect URL to the same value and set localhost.com
(or the one you are using) as the Base Domain.
Now save, download the client library, and unzip facebook.php
in the src
dir to a new directory created in the root.
Step 2. The Callback
The authentication flow has three steps:
- The local script generates a URL asking the user for permission
- Facebook returns to the Canvas URL specified with a GET parameter
- The GET parameter authenticates the session
Let’s make a quick test before registering and login.
# We require the library require("facebook.php"); # Creating the facebook object $facebook = new Facebook(array( 'appId' => 'YOUR_APP_ID', 'secret' => 'YOUR_APP_SECRET', 'cookie' => true )); # Let's see if we have an active session $session = $facebook->getSession(); if(!empty($session)) { # Active session, let's try getting the user id (getUser()) and user info (api->('/me')) try{ $uid = $facebook->getUser(); $user = $facebook->api('/me'); } catch (Exception $e){} if(!empty($user)){ # User info ok? Let's print it (Here we will be adding the login and registering routines) print_r($user); } else { # For testing purposes, if there was an error, let's kill the script die("There was an error."); } } else { # There's no active session, let's generate one $login_url = $facebook->getLoginUrl(); header("Location: ".$login_url); }
Now, go to http://localhost.com/login_facebook.php
, and let’s see what happens. If you are redirected to Facebook and requested for permission, we are on the right track.
However, there might be two issues. The first one: if you’re redirected to Facebook, but it shows an error, there might be a missing value in the configuration. Go back to your application settings and check both the Connect and Canvas tabs and make sure the fields are ok as described above.
There might be another issue, where you see an error, like “Uncaught CurlException: 60: SSL certificate problem, verify that the CA cert is OK.” This happens because of the CURL settings. You’ll have to open facebook.php
, find the makeRequest() method, and, inside the function, find this line:
$opts = self::$CURL_OPTS;
Immediately following it, add:
$opts[CURLOPT_SSL_VERIFYPEER] = false;
I hate hacking libraries, but I haven’t found another way. Well, let’s continue with user registration. I’ve also added a try/catch statement, because, if there’s an old session keys in the GET params in the URL, the script will die with a horrible error.
Step 3. Registration and Authentication
We’ll next be working with MySQL. Please note that I will not implement a data sanitizer, since I want to keep the code as short and on task as possible. Please keep this in mind: always sanitize your data.
First, let’s connect to the database.
mysql_connect('localhost', 'YOUR_USERNAME', 'YOUR_PASSWORD'); mysql_select_db('YOUR_DATABASE');
Now, let’s work on the $session
conditional, in case we have a session.
# We have an active session; let's check if we've already registered the user $query = mysql_query("SELECT * FROM users WHERE oauth_provider = 'facebook' AND oauth_uid = ". $user['id']); $result = mysql_fetch_array($query); # If not, let's add it to the database if(empty($result)){ $query = mysql_query("INSERT INTO users (oauth_provider, oauth_uid, username) VALUES ('facebook', {$user['id']}, '{$user['name']}')"); $query = msyql_query("SELECT * FROM users WHERE id = " . mysql_insert_id()); $result = mysql_fetch_array($query); }
Note that I’m querying the database, looking for facebook
as a oauth_provider
; it’s generally a good idea, if you want to accept other OAuth providers (as twitter, Google Accounts, Open ID, etc.) and a oauth_uid
, since it’s the identifier the provider gives to its user accounts.
The oauth_provider
field could potentially lead to bad performance if we leave it as a text
field type. As such, the best option is setting it to an ENUM type.
We have now a $result
var with the values queried from the database. Let’s next add some sessions. Add this line at the beginning of your script.
session_start();
After the empty($result)
conditional, append the following:
if(!empty($user)){ # ... if(empty($result)){ # ... } # let's set session values $_SESSION['id'] = $result['id']; $_SESSION['oauth_uid'] = $result['oauth_uid']; $_SESSION['oauth_provider'] = $result['oauth_provider']; $_SESSION['username'] = $result['username']; }
As it makes little sense to authenticate a user who is already logged in, just below the session_start()
line, add:
if(!empty($_SESSION)){ header("Location: home.php"); }
And in the scripts which require authentication, just add:
session_start(); if(!empty($_SESSION)){ header("Location: login_facebook.php"); }
And if you want to display the username, access it as an array.
echo 'Welcome ' . $_SESSION['username']; # or.. echo 'Welcome ' . !empty($_SESSION) ? $_SESSION['username'] : 'guest';
Step 4. Additional Methods
Facebook has a ton of connect features, but here are four that I’ve found to be the most useful.
Legacy Methods
I might be missing something, but the FQL seems more flexible and easy than the Graph API. Fortunately, Facebook still lets developers use it, altough with the new library, it has changed a bit.
If you want the user id, first name, last name, squared thumbnail for the user picture, the biggest user picture available, and his or her gender, you can use the users.getInfo
method.
$uid = $facebook->getUser(); $api_call = array( 'method' => 'users.getinfo', 'uids' => $uid, 'fields' => 'uid, first_name, last_name, pic_square, pic_big, sex' ); $users_getinfo = $facebook->api($api_call);
You can check the full list of fields available for Users.getInfo.
It is possible to achieve the same result, using FQL.
$uid = $facebook->getUser(); $fql_query = array( 'method' => 'fql.query', 'query' => 'SELECT uid, first_name, last_name, pic_square, pic_big, sex FROM user WHERE uid = ' . $uid ); $fql_info = $facebook->api($fql_query);
Here’s the list of tables which can be accessed with FQL, as well as the fields available for the table users.
Extended Permissions
Facebook provides applications with some interaction with the user’s data – just as long as it’s authorized. With the old API, the authorization for additional permissions was exclusively available for the Javascript SDK (altough I’m not quite sure). With the new API, we can easily redirect the user to an authorization dialog in Facebook, and return to our site after the access is either granted or denied.
In the following example, we will be redirecting a user to authorize posts status updates, photos, videos and notes, the user’s real email address, birthday and access to photos and videos.
$uid = $facebook->getUser(); # req_perms is a comma separated list of the permissions needed $url = $facebook->getLoginUrl(array( 'req_perms' => 'email,user_birthday,status_update,publish_stream,user_photos,user_videos' )); header("Location: {$url} ");
Here’s a full list of permissions. Note that you can specify both the url to direct to if the user accepts and the url to be redirected to if the user denies. The key for these array elements are next
and cancel_url
, respectively. Here’s a quick example:
$url = $facebook->getLoginUrl(array( 'req_perms' => 'email', 'next' => 'http://localhost.com/thanks.php', 'cancel_url' => 'http://localhost.com/sorry.php' ));
If not specified, the default is the requesting script’s location.
Checking for Extended Permissions
Since the user can easily revoke permissions, the application should always check if a given permission is granted before using it, specially if it’s about publishing something. We will have to use the legacy API, as it seems it’s not fully implemented with the new one yet.
$uid = $facebook->getUser(); # users.hasAppPermission $api_call = array( 'method' => 'users.hasAppPermission', 'uid' => $uid, 'ext_perm' => 'publish_stream' ); $users_hasapppermission = $facebook->api($api_call); print_r($users_hasapppermission);
The ext_perm
will only support the old list of available permissions.
Publishing to the Wall
Let’s post something to the wall after verifying the user has the publish_stream
permission.
# let's check if the user has granted access to posting in the wall $api_call = array( 'method' => 'users.hasAppPermission', 'uid' => $uid, 'ext_perm' => 'publish_stream' ); $can_post = $facebook->api($api_call); if($can_post){ # post it! $facebook->api('/'.$uid.'/feed', 'post', array('message' => 'Saying hello from my Facebook app!')); echo 'Posted!'; } else { die('Permissions required!'); }
Essentially, we are making an API call to /<user_id>/feed
, using the POST method (second argument) and an array as a third argument for the data to be sent. In this case, this third argument supports message
, link
, picture
, caption
, name
and description
. Here’s the code:
$facebook->api('/'.$uid.'/feed', 'post', array( 'message' => 'The message', 'name' => 'The name', 'description' => 'The description', 'caption' => 'The caption', 'picture' => 'http://i.imgur.com/yx3q2.png', 'link' => 'http://net.tutsplus.com/' ));
Here’s how it is posted.
Some Additional Information you Should Know:
The user can easily revoke permissions with two clicks in his or her wall. You should heavily test what might happen if a user revoked one or more permissions that are vital for the proper functioning of your website, or even if the application is fully removed. This is important.
- In Application Settings you can remove the application entirely by clicking the x at the right side.
- You can remove permissions individually in the Granted Additional Permissions section.
5. Conclusion
While Facebook’s authentication capabilities are indeed useful, since so many people are on Facebook these days, using it as the only method of authentication in a site is not recommended. What about those who don’t have Facebook accounts? Are they not allowed to access your application? Thanks for reading!
Articles rewrite for penis enlargement #2 by sashii87
4 pages text in English to be re-written in pure and correct english. Text should be changed that it wont be the same as the one i will provide. I pay only 30$ for the pages due to the fact that you shouldnt create it… (Budget: $30-250, Jobs: Article Rewriting, Articles, Translation)
1000 Article Submissions by naturlse0
Hi.. I need 1000 Article submissions urgently I would like to see article sites list first where you are going to submit Plz bid only when you have 1000 working article site lists. and should… (Budget: $30-250, Jobs: Data Entry, Internet Marketing, SEO)
Logo , Flash and Graphic Redesign by briden01
I would like to redesign my logo at the top of the page, the flash at the top of the homepage and the graphic at the very bottom of all of my pages (this is the same graphic and there would only be a need to replace it once)… (Budget: $30-250, Jobs: Flash, Graphic Design, Illustrator, Logo Design, PHP)
Logo Design – Top Quality Design by aig
Hello All, we want to design the top class logo , as big brand for my company . please bid only if you are good in logo design . also send your details resume on PM with you past logo work only … (Budget: $30-250, Jobs: Logo Design)
Need Magento Products Uploaded – XLS to Site Upload by hitesh93
Hi there, I need someone to take the excel sheets for different products, along with the images, and upload it all to my site. I have multiple ecommerce stores and if you do a good job and are reliable, I’ll extend the project to cover all the other sites as well… (Budget: $30-250, Jobs: eCommerce, Magento)
Minor PHP work – See Description by briden01
I have some minor changes to my PHP website that I was wondering if you were able to do that type of work? Im looking to have a 301 redirect so that all of my links go to www.internetpositions.com instead… (Budget: $30-250, Jobs: PHP)
Add facebook to oscommerce by sanchezrodriguez
Need a feature on a oscommerce store where user be able to share on facebook any article. Same store has a bug when adding an article, if user is not registered, after registration item is not added in the basket, and when adding that article there are two in the basket… (Budget: $30-250, Jobs: eCommerce, Facebook, OSCommerce)
For – brc60 – RELIABLE STEADY ENGLISH Writter by goebusiness
Hello Freelance Writers, —————— i got a good post/bid from brc60 and would like him to re-bid his post was: “Bid is for 15 articles at $ 2.00 per 400+ word article. Please see attached sample per your instructions… (Budget: $30-250, Jobs: Article Rewriting, Copywriting, Ghostwriting, Technical Writing)
backlink building project for skilled expert by antondb1
Building of links and following my explicit instructions. Provide full reports as required. (Budget: $250-750, Jobs: Link Building)
Flash animation by freelancer96
Hello, I need a flash animation. Size: 600 x 300. Basically, the idea is that 4 pictures, each one containing the logo of an automobile producer ( Dacia, Renault, Citroen, Peugeot ), to gather finally… (Budget: $30-250, Jobs: Flash)
Expert Craigslist Poster Need Long term by makemoney1
-Need daily 100 post diffrent section -Community section 80 post _legal service 20 post Thanks for reading (Budget: $250-750, Jobs: Craigslist)
simple website required by ayjamweb
hi, i need a simple php website within a week with a recommended logo if you can provide. bid with previous work history and low price will be accepted. Please bid with your expertise. happy bidding (Budget: $30-250, Jobs: C++ Programming, PHP, SEO)
UK Adult Dating Signups With Commission by chrisuk73
I’am seeking an experienced affiliate/email marketeer or lead provider that can provide UK adult dating signups and paid members to our adult dating website. I require real genuine signups and paid members… (Budget: $250-750, Jobs: Bulk Marketing, Internet Marketing, Leads)