bakedproject.com Blog Not just another WordPress weblog

6Jul/100

BUILDING FACEBOOK AND FACEBOOK CONNECT APPLICATION WITH CODEIGNITER – Mixing segment-based URL with query strings (GET)

After Facebook user "allows" the application, Facebook redirects users to the application canvas (or the calling controller) URL with Facebook generated authentication code.

For example, controller "invite", requires (Facebook) user authentication. The controller probably going to have something like this

$CI->load->library('Facebook'); // Facebook API library
$CI->facebook = new Facebook($this->fb_api_key, $this->fb_secret);//initialize facebook class
$this->fb_client = $CI->facebook->api_client;
$this->fb_user_id = $CI->facebook->require_login(); // get the FB user id

After the "require_login" call, Facebook will ask for the user to provide permission, and if the user allows the app to access user's personal data, facebook will redirect the user to

http://apps.facebook.com/facebook-application-name/invite/?installed=1&session={%22session_key%22:%222.besQb6tf33wpIJ7hQTnx_Q__.3600.1278370800-
1678407106%22,%22uid%22:1678407106,%22expires%22:1278370800,%22se
cret%22:%22KxSIVxKfjafJeJRdRa40aA__%22,%22sig%22:%2238a96471694e9c63
6192f93bfb2333cb%22}

By default, CodeIgniter would throw a 404 cause it is designed to work only with segmented URI. But it is absolutely impossible to build a Facebook application with such setup. Well, saying absolutely impossible is quite the thing,in fact it is. Application with regular setup may work but chances are, would break very frequently as Facebook keeps sending session variable(I saw entire file binary data once) over GET.

So we need to customize CodeIgniter to make sure the (most amazing) framework can accept such mixed input.

Step 1: Open application/config.php file, and search for $config['uri_protocol'] and change the value to "PATH_INFO". So that line would look like
$config['uri_protocol'] = "PATH_INFO";

Step 2: In same application/config.php file, search for $config['enable_query_strings'] and change the value to "TRUE". So that line would look like
$config['enable_query_strings'] = "TRUE";

Step 3: Now, in thesame application/config.php file, search for $config['permitted_uri_chars'] and change the value to a suitable combination.

"a-z 0-9~%.:_\-+?=!,${}"\'[]&" works really great. The session variable is technically a JSON dump from Facebook, so this combination has a few unusual characters.

So now you can access both the segmented URI variables and GET variables via "$this->uri->uri_to_assoc(n)" and "$_GET" respectively.

VERY IMPORTANT: Above mod(I could say "customization" or something else!!!) would make the (most amazing) framework vulnerable to SQL injection and many other unethical injections, so take necessary steps to secure it!