when the user "denies permissions" of my application, they are redirected back to the screen with "requests for permission", thus creating an infinite loop, which is prohibited by facebook privacy policies. Can anyone help me fix this problem?
My used php code is this:
<?php
// appsource
require_once 'facebook.php';
require_once 'appinclude.php';
if (isset($_GET['code'])){
header("Location: " . $canvasPage);
exit;
}
$fb = new Facebook(array(
'appId' => $appid,
'secret' => $appsecret,
'cookie' => true
));
$me = null;
$user = $fb->getUser();
if($user) {
try {
$me = $fb->api('/me');
} catch(FacebookApiException $e) {
error_log($e);
}
}
if($me) {}
else {
$loginUrl = $fb->getLoginUrl(array(
'scope' => ''
));
echo "
<script type='text/javascript'>
window.top.location.href = '$loginUrl';
</script>
";
exit;
}
if(isset($_GET['signed_request'])) {
$fb_args = "signed_request=" . $_REQUEST['signed_request'];
}
include 'spinc.php';
function ae_detect_ie(){
if (isset($_SERVER['HTTP_USER_AGENT']) &&
(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false))
return true;
else
return false;}
?>
You can have 2 different endpoints or add special parameters in url - that will allow you understand - did user click login button already or no.
See - Facebook give possibility to setup callback url after user login actions: https://developers.facebook.com/docs/php/howto/example_facebook_login/5.0.0
So - you can modify you code to:
$loginUrl = $fb->getLoginUrl(
'https://example.com/fb-callback.php',
array('scope' => '')
);
And in "fb-callback.php" script test if user logged or no. And if user not logged - just inform (show message) user that only logged users can process or something like that. So - those actions will remove infinity loop.
I edited the code, and now he seems to be more redirecting the user to the same place after denying permissions. The code looks like this:
<?php
// appsource
require_once 'facebook.php';
require_once 'appinclude.php';
if( isset($_GET['code']) ){ header("Location: " . $canvasPage); exit; } elseif( isset($_REQUEST['error']) && isset($_REQUEST['error_reason']) ){ $gamePage = 'https://www.facebook.com/games/APPNAME'/?fbs=502'; header("Location: " . $gamePage);
exit; }
$fb = new Facebook(array(
'appId' => $appid,
'secret' => $appsecret,
'cookie' => true
));
$me = null;
$user = $fb->getUser();
if($user) {
try {
$me = $fb->api('/me');
} catch(FacebookApiException $e) {
error_log($e);
}
}
if($me) {}
else {
$loginUrl = $fb->getLoginUrl(array(
'scope' => ''
));
echo "
<script type='text/javascript'>
window.top.location.href = '$loginUrl';
</script>
";
exit;
}
if(isset($_GET['signed_request'])) {
$fb_args = "signed_request=" . $_REQUEST['signed_request'];
}
include 'spinc.php';
function ae_detect_ie(){
if (isset($_SERVER['HTTP_USER_AGENT']) &&
(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false))
return true;
else
return false;}
?>
But is that I can use the code this way? or you can be at odds with the platform's privacy policy?