I have created a Page Tab Facebook App where I want to display different content depending on the user being a fan or not. (Also called fan gate, landing page or reveal page)
For this I'm using the PHP SDK, in specific the following code:
<?php
require 'src/facebook.php';
$facebook = new Facebook(array(
'appId' => 'APP_ID',
'secret' => 'APP_SECRET',
'cookie' => true,
));
?>
And in the content:
<?php
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {?>
Thank you for liking our Page!
<?php } else { ?>
You haven't liked our page yet..
<?php };
// Debugging Code
echo "REQUEST:<br>";
print_r($_REQUEST);
echo "<br>GET:<br>";
print_r($_GET);
echo "<br>POST:<br>";
print_r($_POST);
?>
This works when I'm logged in with my Facebook User and when I use it on my own Page.
Meaning the signed_request is present in both $_POST and $_REQUEST.
However, when I test it with another user, there is no signed_request value in those variables..
Notes:
– I already took a look at my URL Settings in the App Configuration (300 Redirect and stuff) but this looks fine, and like I said with my User it's working..
– the signed_request is not just empty, it doesn't even exist.
Does anybody have similar issues?
I would not mind using the Javascript SDK instead of PHP if it works then, but I'm not very experienced in Javascript.
EDIT:
As i found out you always have to have a non-secure (http) and a secure (https) URL.
Even if you enter a secure URL as the standard URL, facebook will contact it using http and will then get redirected (depends on server configuration) to the https, which makes you lose your signed_request.
Best Answer
I just had a similar problem. In my case the problem was that in the app config i had not put a slash at the end of the tab URL which was referencing a directory (with an index.php in it). So i got a redirect to the same URL with a slash at the end and lost the $_POST this way.