bakedproject.com Blog Not just another WordPress weblog

8Mar/110

Building Facebook application with Kohana 3.0.9

After hearing a lot of good things about Kohana I started to look into it. I did a little history reading and realized it used to be an active fork of CodeIgniter but has changed entirely since version 3, or KO3. At the time of writing this blog, I have spent about 12 hours studying the HMVC framework, so I might be wrong but like always am not in doubt.

As this is my very first encounter with this framework, I decided to follow a series of very helpful tutorials. Currently version 3.1.1.1 is the stable release, but I used the older 3.0.9. I do not see much difference other than how to handle view from the controller. Certainly I have to do more research on this!

Coming from using CodeIgniter for a long time my obvious interest was in the configuration side of things and I am very impressed with Kohana! The configuration was simple and less "variables" to configure.

As I was working with Facebook, my first concern was nice URLs! I had some serious trouble with this and wrote about my experience here. Kohana needed no configuration. Not only that, seems like the SEO friendly URL structure works very nicely with the GET!

Database configuration was ok, nothing special. Maybe it was a little confusing when I had to copy the config files from another location, “database.php” from “modules/database/config/” to “application/config/”.

For PHP syntax errors Kohana is giving me a 324 error and it is a little hard to debug. There might be some ways to enable proper error console.

The naming convention for controllers and models is very interesting, I can't tell if it is any better, but I had no issue so far. Using _ for finding proper location for classes is an old trick but it is done nicely here. Separating the class folder  from the views is a good point.

The before and after methods of the controller is amazing! My approach was using the constructor, but before method provides a good way of initializing my variables. I briefly looked into the template controller which seems to be very efficient. I am not using that controller however.

The most amazing thing about Kohana I think is the ease of  including 3rd party libraries! I created the "vendor/Facebook" folder under the application folder and just dropped the facebook.php file from the Facebook PHP SDK.  Here is the call to include the class

1
2
3
4
5
6
7
include Kohana::find_file('vendor/Facebook', 'facebook');
 
$this->facebook = new Facebook(array(
	'appId'  => $this->app_id,
	'secret' => $this->secret,
	'cookie' => true,
));

This sample application is good as fullwidth (720px) application and a smaller(520px) tab application. The difference is actually not on the CSS, but the way I am handling the permission dialog. From the application, I am redirecting the user to the Graph API authorization page. I could use the JavaScript API but the latter actually fires a browser pop-up window! I am using the JavaScript SDK for permission on the application installed in the tab however. Using this on application installed on a page tab gives a much smoother user experience.

Some interesting Facebook (new)issues I have discovered:

  1. If I am the admin to the page or developer for the application the permission mechanism doesnt work at all sometimes. Even after "liking" the page it is still showing that I have yet to "like" it.
  2. Almost the same thing happens with the permission. When I am the developer I have to keep providing the permission every time I am visiting the app.
  3. If I do not allow the application authorization, it keeps it to that state for a bit and do not let me fire the authorization window again. It does after a few minutes however!

Here is the zip file. The database file(fbkohana.sql) is also included here. I am using jQuery 1.4.4, which is also included in the "assets" folder. Please comment! Find my mistakes and do let me know.

Happy coding!

5Aug/100

CodeIgniter – organizing controllers into sub-folders a wild card _remap function

For a "hello world" project it is really not important, but building a CMS using the most amazing framework requires an organized "controllers" set. Implementing sub-folder for organizing controllers is probably the most efficient way to do this.

Here is an example...

I am writing a new "users" controller. The controller has following methods
login
logout
register
profile

So, instead of writing all these methods in the "users.php" controller file, I am going to create a "users" folder and create corresponding php files those methods. So my "users" folder directory tree going to look something like this
users
->login.php
->logout.php
->register.php
->profile.php

My controllers usually have "index" method, which is the default method for the controller. The URL 'http://yourdomain.com/users/profile' will reach the 'index' method. By default that is how the most amazing framework works. But, the URL 'http://yourdomain.com/users/profile/' will cause a 404 error! If we have a method called "view", 'http://yourdomain.com/users/profile/view/' is going to work, but for some reason, we may absolutely need the URL to be 'http://yourdomain.com/users/profile/'.

This is doable via the awesome "_remap" function!

For 'wild card' function matching,

function _remap($method) {
 if(method_exists ($this, $method)) {
  $this->$method();
  } else {
  $this->index();
 }
}

6Jul/100

BUILDING FACEBOOK AND FACEBOOK CONNECT APPLICATION WITH CODEIGNITER – Mixing segment-based URL with query strings (GET)

After Facebook user "allows" the application, Facebook redirects users to the application canvas (or the calling controller) URL with Facebook generated authentication code.

For example, controller "invite", requires (Facebook) user authentication. The controller probably going to have something like this

$CI->load->library('Facebook'); // Facebook API library
$CI->facebook = new Facebook($this->fb_api_key, $this->fb_secret);//initialize facebook class
$this->fb_client = $CI->facebook->api_client;
$this->fb_user_id = $CI->facebook->require_login(); // get the FB user id

After the "require_login" call, Facebook will ask for the user to provide permission, and if the user allows the app to access user's personal data, facebook will redirect the user to

http://apps.facebook.com/facebook-application-name/invite/?installed=1&session={%22session_key%22:%222.besQb6tf33wpIJ7hQTnx_Q__.3600.1278370800-
1678407106%22,%22uid%22:1678407106,%22expires%22:1278370800,%22se
cret%22:%22KxSIVxKfjafJeJRdRa40aA__%22,%22sig%22:%2238a96471694e9c63
6192f93bfb2333cb%22}

By default, CodeIgniter would throw a 404 cause it is designed to work only with segmented URI. But it is absolutely impossible to build a Facebook application with such setup. Well, saying absolutely impossible is quite the thing,in fact it is. Application with regular setup may work but chances are, would break very frequently as Facebook keeps sending session variable(I saw entire file binary data once) over GET.

So we need to customize CodeIgniter to make sure the (most amazing) framework can accept such mixed input.

Step 1: Open application/config.php file, and search for $config['uri_protocol'] and change the value to "PATH_INFO". So that line would look like
$config['uri_protocol'] = "PATH_INFO";

Step 2: In same application/config.php file, search for $config['enable_query_strings'] and change the value to "TRUE". So that line would look like
$config['enable_query_strings'] = "TRUE";

Step 3: Now, in thesame application/config.php file, search for $config['permitted_uri_chars'] and change the value to a suitable combination.

"a-z 0-9~%.:_\-+?=!,${}"\'[]&" works really great. The session variable is technically a JSON dump from Facebook, so this combination has a few unusual characters.

So now you can access both the segmented URI variables and GET variables via "$this->uri->uri_to_assoc(n)" and "$_GET" respectively.

VERY IMPORTANT: Above mod(I could say "customization" or something else!!!) would make the (most amazing) framework vulnerable to SQL injection and many other unethical injections, so take necessary steps to secure it!