I've been a Facebook developer for a while now, but I'm starting fresh with the new Facebook App layout and stuck one of the first steps. So apparently my old method of authentication doesn't work anymore.
To solve this, I tried the one given as an example at http://developers.facebook.com/docs/authentication/ . However, it doesn't seem to work at all on internet explorer.
Here's my code right below:
<?php
$app_id = "-----";
$app_secret = "------";
$my_url = "http://apps.facebook.com/myapp/";
require('facebook-php-sdk-2343fca/src/facebook.php');
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
'cookie' => true,));
$session = $facebook->getSession();
session_start();
$code = $_REQUEST["code"];
echo $_REQUEST['state']." == ".$_SESSION['state'];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'] . '&scope=publish_stream,read_stream,user_photos,friends_photos,user_events,friends_events';
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
//echo("Hello " . $user->name);
//My app goes here!
} else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
So far, all I know is the problem has to do with $_SESSION['state'];
Any help would be much obliged!
