Thing is, it’s just not all that complicated. 90% of what you need to do to talk to Facebook is in three functions.
sfc_cookie_parse() will parse the cookie of the connected Facebook user and give you their information. Example:
$user = sfc_cookie_parse();
if (!isset($user['user_id'])) {
// $user contains their FB info, including ID
}
sfc_is_fan() will tell you if the connected user is a fan of the page or not. Returns true/false, takes an optional input of the FB user ID, but doesn’t need it if the cookie exists for it to parse. This is just a shortcut helper function for people who want to hide content behind a fan-wall.
sfc_remote() is a generic Graph API communication mechanism. It works like this:
function sfc_remote($obj, $connection='', $args=array(), $type ='GET')
The $obj is the object in the Graph you want to query for. It can be the ID number of the object or its name. An “object” in the Graph API is anything: user, page, application, event, whatever.
The $connection is the secondary part of the Graph API, and it defines what information you want to get. For example, if my $obj was a user ID, then I could use ‘feed’ here to get their Facebook wall feed (assuming they’d given me permission to read it).
The $args is an array of arguments. Usually you don’t need these. But you can optionally pass in an access_token, or a code if you have one (sometimes the cookie gives a code which can be exchanged for an access token). You can set a timeout in seconds if you need one longer than normal.
The $args itself is passed down to wp_remote_get and wp_remote_post, so if you need to modify the way HTTP works there, you can do so. Note that sfc_remote *saves* the access token it gets from either the code or a manually passed token, so if you access the same object multiple times in the same page load, you don’t need to pass it a code or access token any time after the first call.
The $args is also passed down to Facebook, in case you need to define fields or something (which you have to do for some Graph API requests, such as getting the email address).
The $type is either GET or POST. You use POST when sending something to Facebook instead of retrieving data from it. I do not currently support the DELETE method.
Helps to read this too, to understand the Graph API:
https://developers.facebook.com/docs/reference/api/
There’s nothing special for permission gathering, because SFC automatically includes the javascript everywhere. So all the XFBML just works. If you need permissions from a user, for example, you can just pop an fb:login-button on the screen.
<fb:login-button v="2" scope="email,publish_stream" onlogin="do_whatever();">Grant extra permissions</fb:login-button>
The do_whatever() is a javascript call that you write to do, well, whatever you want. Sometimes this isn’t needed, since you just needed to get their permission to do something on the back end. Once they’ve granted the proper permission, then your calls to the Graph API will work and give you the info you need.
If the user is doing automatic Publishing, then it does matter what access token you use, since the user access token is different from the Page access token which is different from the application access token. These are all stored in the sfc_options, which you can access like this:
$options = get_option('sfc_options');
echo $options['app_access_token'];
echo $options['page_access_token'];
echo $options['access_token']; // access token of the admin user who set up the autopublish in the first place
The Fan Page object ID (if they have one) is in $options['fanpage']. The application object ID (which they have to have) is in $options["appid"].
The current user “code” (which gets exchanged for an access token the first time it’s used) can be gotten from the sfc_cookie_parse function.
Example: Getting somebody’s email address from Facebook.
1. Get them to click a login button with the “email” permission.
2.
$cookie = sfc_cookie_parse();
$data = sfc_remote($cookie['user_id'], '', array(
'fields'=>'email',
'code'=>$cookie['code'],
));
if (!empty($data['email'])) {
echo $data['email'];
}
Other than that, there’s really not a whole lot of extra stuff you need. Getting stuff from FB and sending stuff to FB can all be done with sfc_remote(). The only tricky business is getting the right access tokens to have FB allow you to do whatever it is that you want to do.
To get a person’s events for example:
1. Get them to click a login button with the “user_events” permission.
2.
$cookie = sfc_cookie_parse();
$data = sfc_remote($cookie['user_id'], '', array(
'code'=>$cookie['code'],
));
if (!empty($data)) {
var_dump($data);
}
The $data will be an array of the events for the user.
Try the Graph API explorer. It shows you what data is available and such: https://developers.facebook.com/tools/explorer/
To use it, start by clicking the Get Access Token button and grant permissions to the explorer app itself. Then you can put in “me” as the object. Me is a shortcut to your user ID. Then hit submit to see your information. Various connections are displayed on the right and you can see what various info looks like. If the data you get comes back empty, click the access token button again and grant it new permissions to allow that data to be accessed, then resubmit to see the data.
