6

Unfortunately I've reached a bit of a dead end. Due to various legacy and other reasons, I can't upgrade a system to PHP 5.4. And according to Facebook, I need 5.4 to run the latest SDK.

I'm willing to settle for a lower SDK, but:

  1. Will I be okay if I use an older SDK?
  2. Which SDK should I use?

Bonus Question:

  1. What should the composer path be changed to to use the old SDK? Currently I have:

    "facebook/php-sdk-v4" : "4.0.*"

rockstardev
  • 13,479
  • 39
  • 164
  • 296
  • PHP 5.3 has not received security patches in [eight months](http://php.net/eol.php) and is dangerous to run in production as a result. – ceejayoz May 01 '15 at 20:58
  • This is not true: I am using CentOS 6 Linux and PHP 5.3 packages are being patched there on regular basis. This must be the case for most Linux distributions. – Alexander Farber May 08 '16 at 08:41

4 Answers4

2

You can still use the old one: https://github.com/facebookarchive/facebook-php-sdk

The api calls are the same. The new one is just the recommended one. You can even use your own CURL calls without any SDK.

You should use the latest one though, it may be a good idea to change your provider. PHP 5.4 should be an absolute minimum every serious provider supports.

For the old PHP, you don´t really need composer. Just download it and put in your server.

andyrandy
  • 72,880
  • 8
  • 113
  • 130
  • Am I risking anything by using it? – rockstardev Feb 18 '15 at 08:03
  • Hi Luschn, is this still applicable in 2017 since there is this server that has PHP 5.3.29 and unable to update, and they are wanting to see if there is a way to have Facebook Login on their site. – Luis Alvarado Jun 08 '17 at 13:51
  • i believe it´s not applicable anymore since 2.9 of the graph api. but you should really use a newer php version. if the provider does not upgrade, switch to a different one. – andyrandy Jun 08 '17 at 18:50
2

A year 2020 update to my answer -

I am sick of Facebook first deprecating the PHP version, then its complete PHP SDK and I have also noticed, that with Facebook Javascript SDK it is possible to pass a fake Facebook user id to my Facebook Canvas web app.

So I have written a pure PHP solution for fetching basic user information - on the server side and without using any external libraries.

My script is based on the fact that Facebook POSTs a signed_request parameter to all Canvas web apps.

You can see it if you add the following line at the top of the PHP script:

error_log(print_r($_POST, TRUE));

By parsing the "signed_request" parameter you get an "oauth_token", which can be used to fetch the "/me" GRAPH API page.

Here is my script and remember to replace the APP_ID and APP_SECRET by the values from the Facebook dashboard:

const APP_ID     = '1234567890';
const APP_SECRET = 'abcdefghijk';

$data            = parse_signed_request($_POST['signed_request']);
$oauth_token     = $data['oauth_token'];
$user_id         = $data['user_id'];
$photo           = "https://graph.facebook.com/$user_id/picture?type=large";

$me = json_decode(file_get_contents("https://graph.facebook.com/me?access_token=$oauth_token"), true);
list($given_name, $family_name) = explode(' ', $me['name'], 2);

# TODO use the $user_id, $given_name, $family_name, $photo in your web app!

function parse_signed_request($signed_request) {
    list($encoded_sig, $payload) = explode('.', strtr($signed_request, '-_,', '+/='), 2);

    $sig  = base64_decode($encoded_sig);
    $data = json_decode(base64_decode($payload), true);

    $expected_sig = hash_hmac('sha256', $payload, APP_SECRET, true);
    if ($sig !== $expected_sig) {
        exit('Wrong sig');
    }

    return $data;
}
Alexander Farber
  • 21,519
  • 75
  • 241
  • 416
  • that is some very bad code. html uppercase tags? why? php, html and javascript in one file? that´s just a side note, but what´s very important is that you should NEVER call FB.login right after initalizing the JS SDK. you should ONLY call it on user interaction. of course it darkens the page when you open the login dialog, but that´s much better than the redirection you need with the php sdk. last but not least, he did not even mention canvas apps...just saying... – andyrandy May 08 '16 at 14:27
  • "html uppercase tags why" LOL – Alexander Farber May 08 '16 at 14:32
  • why you should not call FB.login on page load: it´s bad usability to hit the user with login right when he hits your app and before he even knows what the app is about, and some browsers will block the login. – andyrandy May 08 '16 at 14:33
  • When the user hits my Facebook OAuth page, he surely wants to login. And when the user hits my Facebook Canvas page he is already logged in. – Alexander Farber May 08 '16 at 14:34
  • that is completely wrong. not all apps have/need login. – andyrandy May 08 '16 at 14:34
  • either way, that´s completely off topic. i am not sure why you added all that stuff here. and again: browsers will block the login if you call it without user interaction. that´s the main reason why you should never do that. not sure why people still try this... – andyrandy May 08 '16 at 14:35
  • ...i mean, he only asked if he could still use the old sdk...lol – andyrandy May 08 '16 at 14:41
  • The *main reason* not to use Facebook Javascript SDK is because it already POSTs needed information to the Canvas callback or puts that information in the HTTP redirect header. Plus the pesky login popup you keep talking about. So better use [facebook-php-sdk-v4](https://github.com/facebook/facebook-php-sdk-v4) or (if your are stuck with PHP version below 5.4) use [facebook-php-sdk](https://github.com/facebookarchive/facebook-php-sdk) – Alexander Farber May 08 '16 at 14:43
  • again, this is not even about canvas or the difference between the sdk sdk or the php sdk, it is ONLY about the version of the php sdk...you should read the question again. – andyrandy May 08 '16 at 14:44
  • And I have replied YES and shown a working example (tested with PHP 5.3) on how to use the [old SDK](https://github.com/facebookarchive/facebook-php-sdk). – Alexander Farber May 08 '16 at 14:56
  • any reason why you would downvote my answer? i just assume it was you. please comment to an answer with a valid reason for downvoting. – andyrandy May 08 '16 at 15:51
  • 1
    Is this still applicable in June 2017? I mean there is this server that has PHP 5.3.29, they are unable to update PHP and wanted to see if there is a way to use this to have Facebook Login on their site. – Luis Alvarado Jun 08 '17 at 13:49
  • 1
    Luis, yes this still works for me in my [card game](https://www.facebook.com/games/video-preferans/) hosted at CentOS 6.9 Linux server with PHP 5.3.3 – Alexander Farber Jun 08 '17 at 14:09
  • @AlexanderFarber Thank you friend. +1 – Luis Alvarado Jun 08 '17 at 14:14
1

No, you are not risking anything by using the older version of php-sdk. As was noted, you can write your own curl and not use the SDK. That is how my App was written until 2013.

elixenide
  • 44,308
  • 16
  • 74
  • 100
-1

Here's the old version:

{
    "require": {
        "facebook/php-sdk" : "3.2.3"
    }
}

Then:

php composer.phar require facebook/php-sdk:3.2.3
bloxx
  • 84
  • 1
  • 6