Home/ Questions/Q 7753237
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T12:00:27+00:00

I am currently making a facebook app and am having some problems with permissions.

  • 0

I am currently making a facebook app and am having some problems with permissions. I need permission from each user to use there location and there friends locations. The code I have has worked in the past but recently seems to have stopped working. Assume my app_id and app_namespace are declared. All that happens is I am redirected to the dialog_url in the if(empty($code)) block, but to my knowledge $code should not be empty. Any help would be greatly appreciated. Thanks.

require_once('sdk/src/facebook.php');
 require_once('AppInfo.php');
 require_once('utils.php');
 require_once('connection.php');

 $facebook = new Facebook(array(
'appId' => AppInfo::appID(),
'secret' => AppInfo::appSecret(),
 ));

 $user_id = $facebook->getUser();
       if(user has ran the app before)
    {


        mysql_close($connection);

        session_start();

        $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
        $dialog_url = "http://www.facebook.com/dialog/oauth?client_id"
        . $app_id . "&redirect_uri=" . urlencode($my_url2) . "&state="
        . $_SESSION['state'];

        echo("<script> top.location.href='" . $dialog_url . "'</script>");

    }
    else
    {

        mysql_close($connection);

        session_start();
        $code = $_REQUEST["code"];

        if(empty($code)) {
            $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
            $dialog_url = "http://www.facebook.com/dialog/oauth?client_id"
            . $app_id . "&redirect_uri=" . urlencode($my_url) . "&scope= user_location, friends_location, offline_access" . "&state="
            . $_SESSION['state'];

            echo("<script> top.location.href='" . $dialog_url . "'</script>");
        }

        if($_REQUEST['state'] == $_SESSION['state']) {
            $token_url = "https://graph.facebook.com/oauth/access_token?"
            . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
            . "&client_secret=" . $app_secret . "&code=" . $code;

            $response = @file_get_contents($token_url);
            $params = null;
            parse_str($response, $params);

            $graph_url = "https://graph.facebook.com/me?access_token"
            . $params['access_token'];

            $user = json_decode(file_get_contents($graph_url));
            echo("Hello " . $user->name);
        }
        else
        {
            echo("The state does not match. You may be a victim of CSRF.");
        }
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Seems too simple, but you have spaces in your oauth url that you’ve assigned to $dialog_url?

    • 0