pradeep1111New MemberRegistered: 2011-08-09Posts: 16
hello all,
what information we can get using signed_request parameter value???? anybody know?
Last edited by pradeep1111 (2011-08-19 23:18:10)takwing_Moderator_
From: Hong KongRegistered: 2010-05-05Posts: 4304Websitetakwing_Moderator_From: Hong KongRegistered: 2010-05-05Posts: 4304Websiteand in fact, you can try to dump the signed request and see what is inside 
Registered: 2010-05-27Posts: 156If we use signed_request on our app I noticed those things no longer works:
- checking if user is fan of some page
- form POST to app
Is there any known solution for that?
takwing_Moderator_From: Hong KongRegistered: 2010-05-05Posts: 4304WebsiteIf we use signed_request on our app I noticed those things no longer works:
- checking if user is fan of some page
- form POST to appIs there any known solution for that?
what is the relation between form post and signed_request? form post to your app can be handled as for other normal/standard web app (i.e. no facebook app).
TheSilencerMemberRegistered: 2010-05-27Posts: 156takwing, if I disable "signed_request for Canvas" in my app settings, then forms works, but if I enable "signed_request for Canvas" ,forms no longer works.
For example if I use this code in my index.php file of my convas app:
if (isset($_POST['Submit']))
{
echo $_POST['cap'];
}
?>
I should be able to write some message and after I post it app should write what I wrote - but with "signed_request for Canvas" and latest PHP SDK it doesn't, I receive no $_POST (REQUEST). I have no problem with forms in older apps but now on new ones I just can't receive data.
It works if I use some file in my server for action (for example www.mydomain.com/send.php) and then process $_POST data there, but the problem is that if I use that file then I don't know who posted - no UID (because in that file I shouldn't connect to FB API) and I can't show that data in app (well I could maybe pass it as session, cookie or something, but that's just to weird).
Mad RogNew Member
From: England in Asia (BKK and HK)Registered: 2010-09-17Posts: 52WebsiteI've been using jquery for my forms which works fine....
Anyway you said
no UID (because in that file I shouldn't connect to FB API).
Why should you not connect to the Fb API in send.php? And if you don't want to you could always post the UID as a hidden form variable.
When you say
Is this only is someone has to approve the application? Or all the time?
TheSilencerMemberRegistered: 2010-05-27Posts: 156I've been using jquery for my forms which works fine....
Even with "signed_request for Canvas" enabled in app settings and with latest PHP SDK? Can you post some sample of jquery form script which works for you on?
Why should you not connect to the Fb API in send.php? And if you don't want to you could always post the UID as a hidden form variable.
Because then POST values are not accepted if I use action URL from inside of app page. I don't know why, there was no problem before "signed_request for Canvas" was added. Posting UID as hidden value means anyone can post fake info as other user, which is to large security risk.
Is this only is someone has to approve the application? Or all the time?
All the time. Even if you just use form without any authorisation POST data will not be passed to app.
Mad RogNew MemberFrom: England in Asia (BKK and HK)Registered: 2010-09-17Posts: 52WebsiteBasically I post a form with jquery....
saveData("#div", '.test.php', 'form_ID');
function saveData(div, url, form) {
form = $("form#"+form).serialize();
ajaxStart = $.ajax({
type: "POST",
url: url,
data: form,
success: function(msg){
$(div).html(msg);
}
});
}
On test.php I would do this again at the before any other code...
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
));
$user = $facebook->getUser();
I'm about to sleep then get on a flight to HK, if you can put together a really simply example of your problem and send it to me I'd be happy to look during my flight for you.
Either post the code up here or if it is many files make them really basic showing your problem and email them to me - I'll msg you my email. Once we've solved it we can update this thread to help others.
Cheers,
Rog.
Mad RogNew MemberFrom: England in Asia (BKK and HK)Registered: 2010-09-17Posts: 52WebsiteAlso try running this in the php file you are submitting to:
if($_POST)
{
print('
');');
print('
_POST
');
print_r($_POST);
print('
}
if($_GET)
{
print('
');');
print('
_GET
');
print_r($_GET);
print('
}
if($_REQUEST)
{
print('
');');
print('
_REQUEST
');
print_r($_REQUEST);
print('
}
To see if that shows anything interesting, the results of this would be useful.
Cheers,
Rog.
Last edited by Mad Rog (2011-08-20 14:39:12)TheSilencerMember
Registered: 2010-05-27Posts: 156After using $_POST, $_GET, $_REQUEST I don't get any value of fields after submitting form. I get the same thing as if I come to page without submitting form:
_POST
Array
(
[signed_request] => ...)
_REQUEST
Array
(
[signed_request] => ...
[fbs_122935233333022] => "access_token=...
)
You can try to create new app and use this script here (only change URL, ID and secret in index.php) - http://bugs.developers.facebook.net/attachment.cgi?id=5366
Last edited by TheSilencer (2011-08-20 15:19:53)TheSilencerMember
Registered: 2010-05-27Posts: 156Oh finaly!!! After 4 days of struggling I found out the reason for this.
I am using this code to check if user is in app or outside my app:
If I remove this code then form POST works without a problem.
But along this now comes a question, how can I now replace that code so that both things works - form POST and check if user is in app or not?
Mad RogNew MemberFrom: England in Asia (BKK and HK)Registered: 2010-09-17Posts: 52WebsiteHi,
Good to hear you found the problem, I just arrived/was about to start checking.
You can either process your form before or send the variables along with the appurl...
$appurl."/var1=".$postedvar1."&var2=".$postedvar2."
Let me know if that works ;-)
Last edited by Mad Rog (Yesterday 04:08:08)takwing_Moderator_
From: Hong KongRegistered: 2010-05-05Posts: 4304Websitegood that u finally catch the cause of the problem
processing the form before the checking may be a good idea (as it should cause less code change).
Other method like redesigning how you do the checking should also work.
Registered: 2010-05-27Posts: 156I just tested app now with Opera and there seems to be the problem. Looks like data really is posted to server file directly without authorisation and not through Facebook, so when I post data the file IS NOT CONNECTED TO FB API, so UID is not taken and I can't identify user. It's hard to notice this since app automatically refreshes page because of this code:
if (!$user) {
echo "
";
exit;
}
If I remove "exit;" from this script then POST data can be shown in app, but the problem still is because when POST data is processed I can't get users UID (and so the code "!user" is executed and page refreshed).
It's strange that in Firefox this still works somehow (user can auth so I have users UID along with POST data), but with other browsers it doesn't work.
One way of "solving" this would be adding hidden field with UID (which is bad, because it is security problem) and then modify auth code to something like:
if (!$user) {
echo "
";
if (isset($_POST['hidenUID'])) $user_id = $_POST['hidenUID'];
}
Is there any other suggestion for this problem or at least how to transfer UID more securely?
alexlMemberRegistered: 2009-05-27Posts: 235u mean if u post to a php form, $facebook->getUser() doesn't work?
TheSilencerMemberRegistered: 2010-05-27Posts: 156Yes, at least in all other browsers except Firefox 6. But app automatically refreshes and then authorises, but at that post POST data is already gone.
Here is example where form SUBMIT is made and displays your message, which only works in Firrefox 6, other browsers (Opera, Chrome, IE, Safari) doesn't work - http://apps.facebook.com/testing-bugs/
Last edited by TheSilencer (Yesterday 23:09:32)Mad RogNew Member
From: England in Asia (BKK and HK)Registered: 2010-09-17Posts: 52WebsiteCan't you just do this again...
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
));
$user = $facebook->getUser();
Last edited by Mad Rog (Today 11:37:49)TheSilencerMember
Registered: 2010-05-27Posts: 156Mad Rog; this is done, but looks like POST doesn't auth again so UID is not available, and page is automatically refreshed instantly so all POST values are lost (at least for IE, Chrome, Safari, Opera) after that refresh after which user authorise again.
takwing; "the form action should be pointing to your own domain" - in this case you can't get UID (or any other user's information, like locale, name,...) and you have to POST UID (or any other information of user) with hidden field which is security risk, since user is able to intercept and change POST values with which he can change POSTED hidden UID value and so he makes POST in the name of other user, which is pointless.
takwing_Moderator_From: Hong KongRegistered: 2010-05-05Posts: 4304WebsiteI use the session that the php sdk maintained in tracking the fb related info and there is no need to pass any fb related info via hidden field in the form
TheSilencerMemberRegistered: 2010-05-27Posts: 156takwing; do you have any example or tutorial on that on your blog or website, or could you copy bacis frame here?
Mad RogNew MemberFrom: England in Asia (BKK and HK)Registered: 2010-09-17Posts: 52Website@TheSilencer
Are you sure you're not getting this issue...
https://github.com/facebook/php-sdk/issues/418
Anyway I'm back home/with access to my office so if you have an updated example please send it to me and I'll take a look.
Good luck,
Rog.