Facebook PHP app, how to detect it's in Canvas or Page mode?_问答_开发者

Facebook PHP app, how to detect it's in Canvas or Page mode?

开发者 https://www.devze.com 2023-02-25 04:02 出处：网络

In an iframe .php app, how to d开发者_JAVA技巧etect itself is in a Page mode or in the Canvas mode? Thanks!Reading the documentation:

相关专题：facebook php

In an iframe .php app, how to d开发者_JAVA技巧etect itself is in a Page mode or in the Canvas mode? Thanks!

Reading the documentation:

Facebook will always send a signed_request (for canvas and page urls)
If it's a page, Facebook will add an extra parameter called page

so based on this, you could do something like:

<?php
if( isset($_REQUEST['signed_request']) ) {
    // We are in Canvas or Page now

    // Let's extract the data from the signed_request 
    // to check if we are inside a Facebook Page
    $app_secret = "APP_SECRET";
    $data = parse_signed_request($_REQUEST["signed_request"], $app_secret);

    if( isset($data["page"]) ) {
        echo "Page";
    } else {
        echo "Canvas";
    }
} else {
    echo "None, or something went wrong!";
}

function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }

    return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}

?>

I also had to add website in the criteria. This is my Yii code

    if(empty($_POST['signed_request']) === false)
        $signedRequest  =   Yii::app()->fb->getSignedRequest(); 

    if(isset($signedRequest['page']))
            $this->layout   =   'tab';          

    else if(isset($signedRequest['user']) && ! isset($signedRequest['page']))
        $this->layout   =   'canvas';
    else
        $this->layout   =   'website';

Thanks to @ifaour solution; I had to modify it to get it work;

This what worked for me; I noticed that signed request is only sent when site is loaded under canvas; but when direct access then no signed request is sent.

So I ended using this code:

if( !isset($_SESSION['signed_request']) && empty($_SESSION['signed_request']) ) {
    exit("direct access not allowed.");

} 
else
{
    // echo 'Canvas';
    // continue script
}