Wednesday, March 16, 2016

Login with Facebook using PHP with v5 SDK

It has been a long time since my last post about Facebook. Many things have changed since. This time I want to talk about the new version of Login PHP SDK for Facebook.

The latest version of SDK can be found here.

I think I can skip to codes directly as all the steps to install the SDK and obtain the app_id and app_secret can be easily found in the internet. But I need to point out the errors you may see if something goes wrong. If you see the following error:

Parse error: syntax error, unexpected '[', expecting ')' in ...

You need a PHP 5.4 or higher version to avoid this error.

Instead, if you see this:

Cross-site request forgery validation failed. The "state" param from the URL and session do not match.

It means your app_id and app_secret are not registered to run in the current domain.

Facebook required us to run the login authorization process in two parts: the login link page and the call-back page. The login page will produce a link with new access token to comply with OAuth 2.0 flow. The next page is to process the call-back from Facebook with valid access token so as to do anything with the verified login such as accessing the ID or email address.

As my philosophy is always to make things short and simple as programmers will not like anything too windy, I combined the two parts into one PHP script. Here is the hybrid script:



require_once __DIR__ . '/facebookV5/autoload.php'; // Please point to your facebook SDK autoload.php

$fb = new Facebook\Facebook([
  'app_id' => 'Your App ID',
  'app_secret' => 'Your App Secret',
  'default_graph_version' => 'v2.5',

if (!isset($_GET['code'])) { // If it is a callback, you will get 'code' as query string.

  $helper = $fb->getRedirectLoginHelper();

  $myURL = '{Your Login URL}'; // The URL to this very script such as
  $permissions = ['email']; // Optional permissions
  $loginUrl = $helper->getLoginUrl($myURL, $permissions);

  //header( 'Location: ' . htmlspecialchars($loginUrl) ); PLEASE DO USE REDIRECT WITH PHP HEADER! Somehow it doesn't work well with Facebook OAuth 2.0 flow
  echo("<meta http-equiv='refresh' content=\"0;URL='". htmlspecialchars($loginUrl) ."'\" />");
else { // This is the call-back section:

  $helper = $fb->getRedirectLoginHelper();
  try {
    $accessToken = $helper->getAccessToken();
  } catch( Facebook\Exceptions\FacebookSDKException $e ) {
    echo $e->getMessage();

  if (isset($accessToken)) {
    $_SESSION['facebook_access_token'] = ( string ) $accessToken;


    try {
      $response = $fb->get('/me?fields=email');
      $userNode = $response->getGraphUser();
    } catch(Facebook\Exceptions\FacebookResponseException $e) {
      echo 'Graph returned an error: ' . $e->getMessage();
    } catch(Facebook\Exceptions\FacebookSDKException $e) {
      echo 'Facebook SDK returned an error: ' . $e->getMessage();

    $me = $response->getGraphUser();
    echo "Your Facebook Email: ".$me->getProperty('email');

    // You now can use the email for the rest of the login process

  else if ( $helper->getError() ) {

    // Facebook Login Error

    echo( $helper->getError()."<br>" );
    echo( $helper->getErrorCode()."<br>" );
    echo( $helper->getErrorReason()."<br>" );
    echo( $helper->getErrorDescription()."<br>" );

  echo("Access Token cannot be obtained.");
  // You need to debug if you see this as it shouldn't reach here.


This is a 2-in-1 script. I use the query string 'code' as a signal to decide where it is a call-back from Facebook or it is the first-run before linking to Facebook. If everything goes well and your browser has not run this PHP code before, you will encounter a page where Facebook will ask for your permission to run this PHP app. Here is an example of how it looks like:

After continuing this authorization process, you will not see this page again unless you change the app_id and app_secret. Enjoy logging in with Facebook!

Read More »

Monday, March 7, 2016

Limit a DIV to Certain Scroll Height with Javascript

This is very popular nowadays. You can see major websites around the internet are having this feature. Why? Important information will not get left out if the web page is scrolled down a lot. This can improve the navigation experience of the website substantially. So how is it done? You may need to know how to fix a DIV before you can fully understand this post. Here are some of my earlier posts related to this subject: div-on-top-of-page-only-after.html

Here are the codes for this post:

<style type="text/css">

#fixbot {
position: fixed;

#fixright {
position: absolute;

#fixtop {
position: fixed;



var offset;

window.onscroll = function() {

 if (typeof(window.pageYOffset) == 'number') {
  offset = window.pageYOffset;
 else if (document.documentElement) {
  offset = document.documentElement.scrollTop;
 else if (document.body) {
  offset = document.body.scrollTop;
 if (offset > 170) {
  document.getElementById('fixright').style.position = 'fixed';
  document.getElementById('fixright') = '170px';
 else {
  document.getElementById('fixright').style.position = 'absolute';
  document.getElementById('fixright') = '50%';
 document.getElementById('notice').innerHTML = offset;


<body bgcolor="#aabbcc" marginheight=0 marginwidth=0 leftmargin=0 topmargin=0 rightmargin=0 bottommargin=0 onload="window.scrollTo(0,0);">

<div id="fixbot" style="border:0px solid #333; width:100%; height:50px; background-color:#ddd; text-align:center; padding:0px; ">
<p>Hello I am at the bottom!</p>

<div id="fixright" style="border:0px; width:100px; height:200px; text-align:center; padding:0px; top: 50%; margin-top: -100px; background-color:#cba;">
<table width=100% height=100%><tr><td valign=middle><p>Right!</p></td></tr></table>

<div id="fixtop" style="border:0px solid #333; width:100%; height:70px; background-color:#ddd; text-align:center; padding:0px; "> <p>Hello I am at the top! <span id="notice"></span></p>

<table width="95%" align=center><tr><td>
<br>line 1<br>line 2<br>line 3<br>line 4<br>line 5<br>line 6<br>line 7<br>line 8<br>line 9<br>line 10 <br>line 11<br>line 12<br>line 13<br>line 14<br>line 15<br>line 16<br>line 17<br>line 18<br>line 19<br>line 20 <br>line 21<br>line 22<br>line 23<br>line 24<br>line 25<br>line 26<br>line 27<br>line 28<br>line 29<br>line 30 <br>line 31<br>line 32<br>line 33<br>line 34<br>line 35<br>line 36<br>line 37<br>line 38<br>line 39<br>line 40 <br>line 41<br>line 42<br>line 43<br>line 44<br>line 45<br>line 46<br>line 47<br>line 48<br>line 49<br>line 50 <br>line 51<br>line 52<br>line 53<br>line 54<br>line 55<br>line 56<br>line 57<br>line 58<br>line 59<br>line 60 <br>line 61<br>line 62<br>line 63<br>line 64<br>line 65<br>line 66<br>line 67<br>line 68<br>line 69<br>line 70 </td></tr></table>

setTimeout(function() {window.scrollTo(0, 0);},100); // To make sure when the page is reloaded, the scroll is back to 0
document.getElementById('fixright') = '50%';



In order to position a DIV on the middle of the right hand side, I prepare the DIV to be always 50% of the total height and the - 100px margin (derived from half of the total height of the DIV which is 200px in this case). In this example, I want to fix the right hand DIV to be exactly 70x from the top of the page. I need to let the Javascript to do the job for me by checking the mouse scroll offset. The magic 170px limit can be obtained from adding the half of the total height of the DIV with the target height limit.

The Javascript will detect the scroll offset if it crosses the 170px marking I set. If it is more than the 170px limit, fix the DIV. If it is less, let it scroll as it should be but maintain the 50% position relative to the viewable height of the website window.

One thing to pay attention is when the page is reloaded, the scroll has to go back to 0 or the calibration of the mechanism of these will be off. If this is not desired, one can consider resorting to cookie to track the relative position of the DIV and scroll offset. This is a head start to such new web feature. More complex feature can still be incorporated into these codes such as managing a very long (high) DIV. Enjoy!

Here is the animated demonstration of this example:

Read More »