Codesnippets > Inline / 3rd party

Facebook connection

(1/8) > >>

1) Go to
2) Click "+ Create New App" in the top right
3) Name the App accordingly, tick the terms and click "Continue"
4) Fill in the captcha
5) Enter a relevant name in the Canvas Page (
6) Enter your canvas url (
7) Click "Save Changes"
8) Click "Web" on the left navigation
9) For site url use ""
10) For site domain use ""
11) Copy your App ID and App Secret
12) Click "Save Changes"

Now it's simply a matter of editing the config.php file with the appid and appsecret and then uploading the contents of the zip archive to the folder defined in step 6. Accessing will now do it's stuff.

It's very basic but it does work. Hope you can dabble and expand upon it :)

** Note **
To get your access token for your created app visit again and click on your app from the left-hand side. You will now see the full details of your app and a code will be displayed in the Access Token field. If there is no access token there click the given link to grant permissions, a code will now be shown. This access token is needed in the new updated code attached.

[attachment deleted by admin]

Thanks spicy, really helpful. After the so many things I tried yesterday this was one of them. And i get this error again with your info. "Facebook needs the CURL PHP extension". Is it that my webhost doesn't support cUrl?

Thanks for help spicy, your step by step was very well explained. Now about this error, no idea what to do.

Kitty Hello:
You must install the curl extension. I found this script to test the things you need.

--- Code: (glbasic) ---    $curlcontent="curl";
    $curlstatus="Curl is not installed  - This is a Problem";
    if (function_exists('curl_init')) {
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_URL, '');
       curl_setopt($ch, CURLOPT_HEADER, 0);
       curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
       curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0');
       $curlcontent = curl_exec($ch);
       $curlstatus="Curl is available but cannot access Facebook - This is a problem ";
       if (strlen($curlcontent)>6) {$curlstatus="Curl is available and can access Facebook - All is OK";}

--- End code ---

Would there be a safe way to host such a script on for _all_ users, but prevent it from being abused? I'd host it then for you all.

You could host the facebook.php script Gernot which would then be referenced in the config.php this should work. I've now amended the update_status.php script too.

--- Code: (glbasic) ---<?php
$msge = $_POST['mymsg'];
$msge = scrub($msge);

require_once 'fbconfig.php';

$attachment =  array(
         'access_token' => "mytokenhere",
          'message' => $msge,
                'name' => "BHPool Player Management System",
                'link' => "",
                'description' => 'Posted from the BHPool Facebook App',
$facebook->api('/me/feed', 'POST', $attachment);


// .----------------------------------------.
// | Prevent XSS Hacks & Mail Injection     |
// '----------------------------------------'
function scrub($EXPLOIT) {
         // Pre-Scrub with HTMLENTITIES
         $EXPLOIT = htmlentities($EXPLOIT,ENT_QUOTES);
         // Mail Check for exploit
         $scrubbed = preg_replace("(\n|\r)", "<br />", $scrubbed);
         // Return Value
         return $scrubbed;

--- End code ---

In the example above I'm using my own details (access token) for a website I made hence the header('Location:'); command which jumps back to my website when the status is updated. I've used _POST to grab the message from a form but I could easily have used _GET which is more appropriate from an app.


Kitty Hello:
ok. with the access token being an unique ID for the person/app that's posting, I can safely put this on my server?
Can you post your scrub function?


[0] Message Index

[#] Next page

Go to full version