1

I have created a Page Tab Facebook App where I want to display different content depending on the user being a fan or not. (Also called fan gate, landing page or reveal page)

For this I'm using the PHP SDK, in specific the following code:

<?php
require 'src/facebook.php';

$facebook = new Facebook(array(
'appId' => 'APP_ID',
'secret' => 'APP_SECRET',
'cookie' => true,
));
?>

And in the content:

<?php   
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

if (empty($data["page"]["liked"])) {?>
Thank you for liking our Page!
    <?php } else { ?>
You haven't liked our page yet..
<?php }; 

    // Debugging Code

echo "REQUEST:<br>";
print_r($_REQUEST);

echo "<br>GET:<br>";
print_r($_GET);

echo "<br>POST:<br>";
print_r($_POST);
?>

This works when I'm logged in with my Facebook User and when I use it on my own Page. Meaning the signed_request is present in both $_POST and $_REQUEST.

However, when I test it with another user, there is no signed_request value in those variables..

Notes: - I already took a look at my URL Settings in the App Configuration (300 Redirect and stuff) but this looks fine, and like I said with my User it's working.. - the signed_request is not just empty, it doesn't even exist.

Does anybody have similar issues?

I would not mind using the Javascript SDK instead of PHP if it works then, but I'm not very experienced in Javascript.

EDIT:

As i found out you always have to have a non-secure (http) and a secure (https) URL. Even if you enter a secure URL as the standard URL, facebook will contact it using http and will then get redirected (depends on server configuration) to the https, which makes you lose your signed_request.

platzhersh
  • 1,520
  • 20
  • 35

2 Answers2

5

I just had a similar problem. In my case the problem was that in the app config i had not put a slash at the end of the tab URL which was referencing a directory (with an index.php in it). So i got a redirect to the same URL with a slash at the end and lost the $_POST this way.

Alex
  • 51
  • 1
  • 2
2

signed_request is never passed via GET but POST. $_REQUEST contain data according to configuration in php.ini (request_order or variables_order)

Since you are using PHP-SDK it's better to use it for signed_request retrieval:

$signed_request = $facebook->getSignedRequest();
$liked = $signed_request['page']['liked'];

For applications running in Page Tab signed_request is always passed, so if you not get it ensure there is no redirections that omit POST data being passed.

Juicy Scripter
  • 25,778
  • 6
  • 72
  • 93
  • Thx for your quick reply. You're right about the POST vs GET, I confused those to in the description. – platzhersh Feb 08 '12 at 09:13
  • I changed the lines like you proposed to, still the same effect.. I am sure the URL doesn't get redirected because like I said, with my personal Account it works just fine, i don't get it.. – platzhersh Feb 08 '12 at 09:29
  • @platzhersh, you can use something like "Developler Tools" (Network Tab) in Chrome to see if `signed_request` is passed to you "tab canvas" to ensure this is something on your end or not... – Juicy Scripter Feb 08 '12 at 09:50
  • 1
    I analyzed the HTTP Actions happening in the background. Both tested in Firefox with WebDeveloper feature. Again I have different results for my Account and for the second (testing) account: MyAccount: 1 POST to Facebook App URL(https) - HTTP Response 200 other Account: 1 POST to Facebook App URL (http) - HTTP Response 302 2 GET to Facebook App URL (https) - HTTP Response 200 Seems like the second account first tries to load the unsecure, http site and then gets redirected to the https URL. I'll check all my configuration again.. I might have a clue. Thx again :) – platzhersh Feb 08 '12 at 10:38
  • I think I've found the problem, my personal Account is configured to use Facebook over https all the time, that's why it's loading the secure canvas directly, while the other user doesn't explore facebook over https. BUT: Actually in the app config there is only the https URL, so why does facebook even try loading the http URL? – platzhersh Feb 08 '12 at 10:52
  • You should either support http in your app or specify https scheme for Canvas URL in Application settings – Juicy Scripter Feb 08 '12 at 12:07
  • I have specified the https URL for Canvas URL already. I don't know why facebook even tries to connect via http – platzhersh Feb 08 '12 at 12:12
  • Are you sure you using https scheme for both Tab Canvas and Secure Tab Canvas? – Juicy Scripter Feb 08 '12 at 12:18
  • yes, I never even wrote the http scheme anywhere in the configuration. But seems like facebook chooses the protocol independently from the configuration entry – platzhersh Feb 08 '12 at 12:27