Cara membuat callback facebook di yii

Question

Goal: Create a facebook app Deauthorization callback with the Yii Framework and Facebook PHP SDK

Prerequisites: A Good Understanding of the Yii Framework is Helpful, A good understanding of the Facebook PHP SDK

One of the most important things when setting up a web application with Facebook is setting up a deauthorization callback so that when someone remove's your application via the Facebook Application interface you can deal with that appropriately for your application. This is extremely useful for marking a user inactive when they remove your application from their facebook profile.

In this example I will be demonstating how to set up a callback URL on http://test.exchangecore.com/facebook/deauthorize. This example is written using Yii 1.1 which can be downloaded at from github. I have also added and configured the Yii Facebook PHP SDK to my environment to make use of the Facebook PHP SDK, downloadable from http://www.yiiframework.com/extension/facebook-opengraph/.

Firstly we need to create a base64_url_decode function to decode the data. To do this I've added the following function to my FacebookController.php file. This could just as easily be added to a helper file if you plan to utilize this for other things.

private static function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}

Next we'll create a static function in the FacebookController.php file (also could be moved into a helper class), that does all of the request processing sent by Facebook. This will return false if there is an error parsing the data and log the error to the yii application log.

private static function parseSignedRequest() {
    if (isset($_REQUEST['signed_request'])) {
        $signed_request = $_REQUEST['signed_request'];
        list($encoded_sig, $payload) = explode('.', $signed_request, 2);

        // decode the data
        $sig = self::base64_url_decode($encoded_sig);
        $data = json_decode(self::base64_url_decode($payload), true);

        if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
            Yii::log('Unknown algorithm. Expected HMAC-SHA256', 'error');
            return false;
        }

        // Adding the verification of the signed_request below
        $expected_sig = hash_hmac('sha256', $payload, Yii::app()->facebook->secret, $raw = true);
        if ($sig !== $expected_sig) {
            Yii::log('Bad Signed JSON signature!', 'error');
            return false;
        }

        return $data;
    } else {
        return false;
    }
}

Finally, we add our deauthorization code. in my example I simply use my users model to get the application user ID and then run my deauthorize command. Note that the parseSignedRequest() returns an array of information about the deauthorization from php.

public function actionDeauthorize(){
    $data = self::parseSignedRequest();
    if($data === false){
        //there was an error
        throw new CHttpException('500', 'There was a problem with the request format.');
    }else{
        //build your deauthroization stuff here
        $userID = Users::getIdByFbUserID($data['user_id']);
        Users::deauthhorize($userID);
    }
}

And that's it. Just make sure that you set up your URL callback in your facebook app like below:

Facebook Deauthorize callback is used to getting notification to the app owner when a user uninstall our app from their fan page or profile.

We have an option in Facebook’s advanced section of app settings named “Deauthorize Callback“.Here we can specify a URL in ourserver.If we are setting a URL in this section facebook will send a signed request to the specified URL when a user uninstall our app from their fanpage or profile.Facebook providing 2 functions to decode the signed Request and get the encoded data using our app secret key.

Here is what i have done in my callback URL to get the singned request details,

<?php

if(isset($_REQUEST[‘signed_request’]))
  {    $data=$this->parse_signed_request($_REQUEST[‘signed_request’],’YOUR_FB_SECRET_KEY’);

}

?>

But whats the problem here is that we cannot identify the structure of decoded array $data.because this process is a hidden call so that we cannot print this using print_r();

so what i have done is that stored it to a file by serializing after that i restored this object by unserialize from that file in my server.

here is the code for that:

$s=serialize($data);
 file_put_contents(‘yourfilename’,$s);

The above 2 process is happening at the time of uninstall callback.after this 2 processes i executed one more code to get this from that file and print it out.

if(file_exists(‘yourfilename’))
  {
    $s=file_get_contents(‘yourfilename’);
    $data=unserialize($s);

    echo “<pre>”;
    print_r($data);
    echo “</pre>”;
  }

Then i got a result like below:

Array
    {
     [algorithm]=>HMAC-SHA256
     [issued_at]=>134534232 
     [profile_id]=>324556365474
     [user]=>Array(
                        [country]=>in
                        [locale]=>en_US

                        )
    [user_id]=>0

    }

Here i got the fan page id as profile_id from this array .that is the fan page id which is uninstalled my app if it is a user profile the we will get the user facebook id in “user_id” from this array.

here is that 2 functions from facebook:

function parse_signed_request($signed_request, $secret) {
  list($encoded_sig, $payload) = explode(‘.’, $signed_request, 2); 

  // decode the data
  $sig = $this->base64_url_decode($encoded_sig);
  $data = json_decode($this->base64_url_decode($payload), true);

  if (strtoupper($data[‘algorithm’]) !== ‘HMAC-SHA256’) {
    error_log(‘Unknown algorithm. Expected HMAC-SHA256’);
    return null;
  }

  // check sig
  $expected_sig = hash_hmac(‘sha256’, $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log(‘Bad Signed JSON signature!’);
    return null;
  }

  return $data;
}

public function base64_url_decode($input)
{
  return base64_decode(strtr($input, ‘-_’, ‘+/’));
}