Snipe.Net Geeky, sweary things.

%$#^%$* Facebook Application Tabs

%

So this is new. And by new I mean painfully similar to the types of major functionality bugs we see every time there is a large-scale functionality change in Facebook.

I don’t know if this is a bug, or just undocumented, but I am unable to get the FBID of a user (even one who has allowed and interacted with the app) if the application is on its own tab in a fan page. I can get it on the boxes tab (by way of a workaround below) or on its own canvas page, but nothing works for the application tab.

Part of one of the recent changes to the platform was that you could no longer use require_login() from a tab (boxes or application). You can still use it on the application’s canvas page, but when you try to use require_login() in a tab, you’ll get an error that tells you you cannot redirect, something like:

fb:redirect: redirect forbidden by flavor TabFBMLFlavor

A suggestion on the developer forums suggests using:
[source=’php’]$is_tab = isset($_POST[‘fb_sig_in_profile_tab’]);
if( !$is_tab ) $user = $fb->require_login();[/source]

This basically checks to see if the application is being accessed via a tab (versus the canvas page or profile box). If it is being accessed via a tab, use the $_POST[‘fb_sig_in_profile_tab’], and if not, go ahead with require_login() as usual.

The problem is, while this works on profile tabs, it does NOT work on fan page tabs. When you use $_POST[‘fb_sig_in_profile_tab’] in an application on a fan page tab (or any of the other non-require_login() methods of getting a user’s ID) you end up with the ID of the fan page, NOT the viewing user.

This is a major problem for me, as many of the applications I have to build are not meant for addition to the directory, but are instead meant to be used only on a corporation’s fan page. The inability to access the user’s FBID severely limits what that application can do. In fact, it more often than not renders it completely useless.

To work around this, you can use the following to get the FBID of a user when your application is appearing in the Boxes tab:

[source=’php’]function get_user() {
global $facebook;
global $authorized;
$authorized=true;

// this will fail if user hasn’t authorized:
try { return $facebook->api_client->users_getLoggedInUser(); }

$authorized=false;
return $facebook->get_canvas_user()
}[/source]

and then setting the $user FBID variable with:

[source=’php’]$user = get_user();[/source]

However, even this does not work on applications appear in their own tab on a fan page.

I downloaded Facebook’s sample application, “Smiley”, to attempt to see how they did it. I’m certainly not new to Facebook application development, but I figured using their own code would help me see how they handle this particular issue.

I, of course, made the gross assumption that their own sample application would be updated with the most recent API calls and best practices. Not only is the Smiley’s app not up to date with the most recent ApI changes, it is flat-out *broken*. Thanks to several files that are completely *missing*, Smiley’s doesn’t even run. The very first line of the index.php makes an include call to a file called constants.php that DOES NOT EXIST. Well done, as usual, Facebook. The new API changes have been out for weeks now – there is just no excuse foer the ongoing broken samples and stubbed or missing documentation.

I have spoken to Facebook and they insist that this was a policy decision to prevent applications from spamming users – however there are a few problems with this explanation:

  1. The FB user’s decide what applications can message them, email them, etc – and by blocking an app, they never hear from them again anyway. Application behavior is irrelevant.
  2. If they were concerned with spamming, why does this behavior only emerge when the app is on its own tab? Its okay to spam from Boxes and canvas then?
  3. If the user has allowed the application, they have voluntarily given the app their information.
  4. Disallowing applications from accessing the FBID of users who have allowed the application renders many applications completely useless. They’re basically statis HTML pages, and it seems unlikely that Facebook would so detrimentally cripple such an important part of the platform.

I suspect that I’m receiving inaccurate information from Facebook regarding this behavior, and I suspect this may be a bug. If this behavior was actually implemented to prevent applications from getting the FBID of users who have allowed it, the decision would have applied to Boxes as well.

I’m still going back and forth with Facebook on this, but I wanted to post it here in case other Facebook application developers are having the same trouble. When I discover the fix, I’ll post a followup here.

About the author

snipe

I’m a tech geek/dev/infosec-nerd/scuba diver/blacksmith/sword-fighter/crime fighter/ENTP/warcrafter/activist. I run Grokability, Inc, and run several open source projects, including Snipe-IT Asset Management. Tweet at me @snipeyhead or read more

  • Facebook User

    The UID of the tab owner is provided to your application with the fb_sig_profile_user parameter. A session key is sent with the fb_sig_profile_session_key parameter.

    If a viewing user interacts with the tab (like submits a form, takes an action that causes an AJAX load of new content, or follows a relative URL that loads on the tab), that user’s UID is sent to the application as the fb_sig_profile_user parameter, but that user’s session key is not.

  • The UID of the tab owner is provided to your application with the fb_sig_profile_user parameter. A session key is sent with the fb_sig_profile_session_key parameter.

    If a viewing user interacts with the tab (like submits a form, takes an action that causes an AJAX load of new content, or follows a relative URL that loads on the tab), that user’s UID is sent to the application as the fb_sig_profile_user parameter, but that user’s session key is not.

  • If the user has already allowed the app, it doesn’t make sense that I cannot get the FBID right off the bat, and cannot.

    In this app, I have allowed the application already:

    Array
    (
    [fb_sig_in_canvas] => 1
    [fb_sig_request_method] => GET
    [fb_sig_locale] => en_US
    [fb_sig_in_new_facebook] => 1
    [fb_sig_time] => 1241186552.3593
    [fb_sig_added] => 0
    [fb_sig_page_id] => 23723437969
    [fb_sig_page_added] => 1
    [fb_sig_profile_user] => 23723437969
    [fb_sig_profile_id] => 23723437969
    [fb_sig_in_profile_tab] => 1
    [fb_sig_api_key] => XXXXXXXXXXXXXXX
    [fb_sig_app_id] => 80733941547
    [fb_sig] => 96e4d17436b85ef71683b9e6df406b3a
    )

  • If the user has already allowed the app, it doesn’t make sense that I cannot get the FBID right off the bat, and cannot.

    In this app, I have allowed the application already:

    Array
    (
    [fb_sig_in_canvas] => 1
    [fb_sig_request_method] => GET
    [fb_sig_locale] => en_US
    [fb_sig_in_new_facebook] => 1
    [fb_sig_time] => 1241186552.3593
    [fb_sig_added] => 0
    [fb_sig_page_id] => 23723437969
    [fb_sig_page_added] => 1
    [fb_sig_profile_user] => 23723437969
    [fb_sig_profile_id] => 23723437969
    [fb_sig_in_profile_tab] => 1
    [fb_sig_api_key] => XXXXXXXXXXXXXXX
    [fb_sig_app_id] => 80733941547
    [fb_sig] => 96e4d17436b85ef71683b9e6df406b3a
    )

  • Facebook User

    Looks like FB just updated how page tabs and the publisher work.
    Woooo.

    http://developers.facebook.com/news.php?blog=1&story=243

  • Looks like FB just updated how page tabs and the publisher work.
    Woooo.

    http://developers.facebook.com/news.php?blog=1&story=243

  • Kill me now. Please.

  • Kill me now. Please.

  • hi, i’m facing the same problem as you described. but still i don’t find any solution. user id is grabbed when the application tab profile is added in user’s own profile. but when the application is added in a facebook pages’s tab profile then i don’t find the user id @ $_REQUEST. My problem is, i’ve to detect whether the viewing user is a fan of the page or not, it’s possible in application’s canvas page or user’s profile page as facebook pass user’s id and session key. if you know any solution how could i detect fan in facebook page please post it. thanks a lot.

    Array
    (
    [fb_sig_in_canvas] => 1
    [fb_sig_request_method] => GET
    [fb_sig_is_admin] => 0
    [fb_sig_type] => LOCAL_BUSINESS
    [fb_sig_is_fan] => 0
    [fb_sig_locale] => en_US
    [fb_sig_in_new_facebook] => 1
    [fb_sig_time] => 1242633535.5921
    [fb_sig_added] => 0
    [fb_sig_page_id] => XXXXXXXXX
    [fb_sig_page_added] => 1
    [fb_sig_profile_user] => XXXXXXXXX
    [fb_sig_profile_id] => XXXXXXXXX
    [fb_sig_in_profile_tab] => 1
    [fb_sig_api_key] => XXXXXXXXX
    [fb_sig_app_id] => XXXXXXXXX
    [fb_sig] => XXXXXXXXX
    )

    Last blog post: prepare yourself for zce exam

  • hi, i’m facing the same problem as you described. but still i don’t find any solution. user id is grabbed when the application tab profile is added in user’s own profile. but when the application is added in a facebook pages’s tab profile then i don’t find the user id @ $_REQUEST. My problem is, i’ve to detect whether the viewing user is a fan of the page or not, it’s possible in application’s canvas page or user’s profile page as facebook pass user’s id and session key. if you know any solution how could i detect fan in facebook page please post it. thanks a lot.

    Array
    (
    [fb_sig_in_canvas] => 1
    [fb_sig_request_method] => GET
    [fb_sig_is_admin] => 0
    [fb_sig_type] => LOCAL_BUSINESS
    [fb_sig_is_fan] => 0
    [fb_sig_locale] => en_US
    [fb_sig_in_new_facebook] => 1
    [fb_sig_time] => 1242633535.5921
    [fb_sig_added] => 0
    [fb_sig_page_id] => XXXXXXXXX
    [fb_sig_page_added] => 1
    [fb_sig_profile_user] => XXXXXXXXX
    [fb_sig_profile_id] => XXXXXXXXX
    [fb_sig_in_profile_tab] => 1
    [fb_sig_api_key] => XXXXXXXXX
    [fb_sig_app_id] => XXXXXXXXX
    [fb_sig] => XXXXXXXXX
    )

    Last blog post: prepare yourself for zce exam

  • Hi Mahmud – When I last spoke to Facebook, they told me to use this functionality: http://wiki.developers.facebook.com/index.php/Fb:visible-to-connection

    “Use this tag to display the content inside the tag on a user’s or a Facebook Page’s profile only if the viewer is a friend of that user or is a fan of that Facebook Page. ”

    It’s *supposed* to work on a fan page, but I haven’t personally tested it, and knowing Facebook, it could be completely biffed.

  • Hi Mahmud – When I last spoke to Facebook, they told me to use this functionality: http://wiki.developers.facebook.com/index.php/Fb:visible-to-connection

    “Use this tag to display the content inside the tag on a user’s or a Facebook Page’s profile only if the viewer is a friend of that user or is a fan of that Facebook Page. ”

    It’s *supposed* to work on a fan page, but I haven’t personally tested it, and knowing Facebook, it could be completely biffed.

  • oh snipe, how could i give you thanks. THANK YOU very much. i was stuck on the following problem more than 2 days. thanks your solutions is now working for me.

    🙂

    Last blog post: prepare yourself for zce exam

  • oh snipe, how could i give you thanks. THANK YOU very much. i was stuck on the following problem more than 2 days. thanks your solutions is now working for me.

    🙂

    Last blog post: prepare yourself for zce exam

  • Heh – great, I’m thrilled to hear it worked!

  • Heh – great, I’m thrilled to hear it worked!

  • Umair Jabbar

    hey alison, I sent you a mail too, and now posting my problem here

    I read some posts on your blog when i was searching for a solution to my issue. I have to add a profile tab for my application, i enabled the profile tab from app settings, gave a the page url of a simple page containing nothing but “Hello World” written it, nothing else at all, the page is saved by the extension of .php but it has no php tags, no html tags just hello world
    and now when i click on the profile tab after adding it, it shows me a blank page
    the application is hosted on my Local Server for now, as for development
    can you possibly help me out?

  • Umair Jabbar

    hey alison, I sent you a mail too, and now posting my problem here

    I read some posts on your blog when i was searching for a solution to my issue. I have to add a profile tab for my application, i enabled the profile tab from app settings, gave a the page url of a simple page containing nothing but “Hello World” written it, nothing else at all, the page is saved by the extension of .php but it has no php tags, no html tags just hello world
    and now when i click on the profile tab after adding it, it shows me a blank page
    the application is hosted on my Local Server for now, as for development
    can you possibly help me out?

  • Hi Umair – you need to cut me a little slack – I’m a very busy person. I try to help where I can, but my real life and job take precedence.

    Your problem is unrelated to the issue detailed here. Your tab isn’t even working when you’re not trying to get API data, so you more likely have a configuration issue.

    When you say the tabs page is hosted on your local server, what exactly do you mean? The tab url has to be accessible via a normal web browser, so if you’re testing locally on a webserver installed on your computer, that isn’t going to work. Facebook has to be able to load the tab url via http.

  • Hi Umair – you need to cut me a little slack – I’m a very busy person. I try to help where I can, but my real life and job take precedence.

    Your problem is unrelated to the issue detailed here. Your tab isn’t even working when you’re not trying to get API data, so you more likely have a configuration issue.

    When you say the tabs page is hosted on your local server, what exactly do you mean? The tab url has to be accessible via a normal web browser, so if you’re testing locally on a webserver installed on your computer, that isn’t going to work. Facebook has to be able to load the tab url via http.

  • Umair Jabbar

    thanks 🙂
    its working for me now

  • Umair Jabbar

    thanks 🙂
    its working for me now

  • hey guyz
    does any body here know how to get the ID of the user who has clicked to some profile tab
    as in I have my application profile tab installed on someones profile, and i want to get the facebook user ID of everyperson who clicks that profile tab

    when i try $_POST[‘fb_sig_profile_user’]
    it gives me the userID of the user on whose profile the tab is installed
    am I doing something wrong or is this thing genuinely left complex from facebook ?

  • hey guyz
    does any body here know how to get the ID of the user who has clicked to some profile tab
    as in I have my application profile tab installed on someones profile, and i want to get the facebook user ID of everyperson who clicks that profile tab

    when i try $_POST[‘fb_sig_profile_user’]
    it gives me the userID of the user on whose profile the tab is installed
    am I doing something wrong or is this thing genuinely left complex from facebook ?

  • I don’t *think* you can do that. I think FB is afraid of people triggering content based off of the viewer’s FBID that the profile owner is unaware of.

  • I don’t *think* you can do that. I think FB is afraid of people triggering content based off of the viewer’s FBID that the profile owner is unaware of.

  • alison does that mean we cant use a facebook tab as a normal application page.
    WEIRD !!

    i hope they can give this support soon;
    thanks anyways, i will try to workaround, will make such a profile tab which wont be having any information of the current viewer

  • alison does that mean we cant use a facebook tab as a normal application page.
    WEIRD !!

    i hope they can give this support soon;
    thanks anyways, i will try to workaround, will make such a profile tab which wont be having any information of the current viewer

  • Hey Alison,
    i have a lil problem[yet again :)]

    the flow for my profile tab is all complete and working for a user profile, but when it comes to pages it is incomplete, the page can be added on the page profile, but how will i get the page access my app, as there is no USER-PAGE mapping available too
    i want to reflect the page’s activity on my app onto the page’s tab,
    for user its easy but for a page it seems to be impossible for now.
    any suggestions ?

  • Hey Alison,
    i have a lil problem[yet again :)]

    the flow for my profile tab is all complete and working for a user profile, but when it comes to pages it is incomplete, the page can be added on the page profile, but how will i get the page access my app, as there is no USER-PAGE mapping available too
    i want to reflect the page’s activity on my app onto the page’s tab,
    for user its easy but for a page it seems to be impossible for now.
    any suggestions ?

  • Chris

    How do I add an app (that I created) to my fan page – if my app is not yet in facebook’s apps directory?

    In order to add an application as a new tab, I need to:
    1.) Add the app to the page
    2.) Make the app it’s own tab, rather than a box

    If I just browse to my app’s canvas page, and add the application, then it adds the application to my profile (the profile under which I created the page) – rather than to the page itself.

    I don’t know if I explained my problem very well. If you need clarification, let me know. BTW – you’ve answered a couple of my comments before and I really appreciate it. The info out there on how to do this is lacking severely…

  • Chris

    How do I add an app (that I created) to my fan page – if my app is not yet in facebook’s apps directory?

    In order to add an application as a new tab, I need to:
    1.) Add the app to the page
    2.) Make the app it’s own tab, rather than a box

    If I just browse to my app’s canvas page, and add the application, then it adds the application to my profile (the profile under which I created the page) – rather than to the page itself.

    I don’t know if I explained my problem very well. If you need clarification, let me know. BTW – you’ve answered a couple of my comments before and I really appreciate it. The info out there on how to do this is lacking severely…

  • Hi Chris,

    I believe you have to use the profile.setFBML call, but you include the page’s ID, NOT a user ID, in the ID parameter:

    $fanpageFBML = $facebook->api_client->profile_setFBML(null, ‘YOUR_NUMERIC_PAGE_ID’,$fbml_content, null, null,$fbml_content, “profile_box”);

    For the tab, you just need to make sure your app is configured (in the app settings) with a tab url.

  • Hi Chris,

    I believe you have to use the profile.setFBML call, but you include the page’s ID, NOT a user ID, in the ID parameter:

    $fanpageFBML = $facebook->api_client->profile_setFBML(null, ‘YOUR_NUMERIC_PAGE_ID’,$fbml_content, null, null,$fbml_content, “profile_box”);

    For the tab, you just need to make sure your app is configured (in the app settings) with a tab url.

  • Hi Alison,

    I am kinda in the place where i need the user id of the visiting user for my application on the Fan Page tab to work as it is supposed to. Has Facebook replied to you regarding this? Is there a work-around at all?

    Thanks,
    Dheepak

  • Hi Alison,

    I am kinda in the place where i need the user id of the visiting user for my application on the Fan Page tab to work as it is supposed to. Has Facebook replied to you regarding this? Is there a work-around at all?

    Thanks,
    Dheepak

  • Umair Jabbar

    Hey Dheepak,
    unfortunately this isnt possible till now

  • Umair Jabbar

    Hey Dheepak,
    unfortunately this isnt possible till now

  • Chris

    Snipe, you said:
    “I believe you have to use the profile.setFBML call, but you include the page’s ID, NOT a user ID, in the ID parameter:

    $fanpageFBML = $facebook->api_client->profile_setFBML(null, ‘YOUR_NUMERIC_PAGE_ID’,$fbml_content, null, null,$fbml_content, “profile_box”);

    For the tab, you just need to make sure your app is configured (in the app settings) with a tab url.”

    1.) What file does that code snippet go in? The index.php file of my application?

    2.) I found the application setting where I can pick a tab url, but I’m not sure what to put in it.
    Here’s how my other stuff is setup:
    Callback URL: http://theaquarx.com/chris/facebook/
    Canvas URL: http://apps.facebook.com/checkmywater/

    And the “tab” section already has the full canvas page URL built into it, should I be creating something like:
    apps.facebook.com/checkmywater/tab/index.php and put your code above in it?

    You can probably tell by my questions that I’m new to both PHP and Facebook.

  • Chris

    Snipe, you said:
    “I believe you have to use the profile.setFBML call, but you include the page’s ID, NOT a user ID, in the ID parameter:

    $fanpageFBML = $facebook->api_client->profile_setFBML(null, ‘YOUR_NUMERIC_PAGE_ID’,$fbml_content, null, null,$fbml_content, “profile_box”);

    For the tab, you just need to make sure your app is configured (in the app settings) with a tab url.”

    1.) What file does that code snippet go in? The index.php file of my application?

    2.) I found the application setting where I can pick a tab url, but I’m not sure what to put in it.
    Here’s how my other stuff is setup:
    Callback URL: http://theaquarx.com/chris/facebook/
    Canvas URL: http://apps.facebook.com/checkmywater/

    And the “tab” section already has the full canvas page URL built into it, should I be creating something like:
    apps.facebook.com/checkmywater/tab/index.php and put your code above in it?

    You can probably tell by my questions that I’m new to both PHP and Facebook.

  • Hi Chris,

    1) That code can go in the index.php if you want. Whatever makes sense for your app.

    2) Put in whatever you want. It has to be a subfile of your canvas, bt doesn’t need to be in its own dir. http://apps.facebook.com/checkmywater/tab.php would work just fine.

  • Hi Chris,

    1) That code can go in the index.php if you want. Whatever makes sense for your app.

    2) Put in whatever you want. It has to be a subfile of your canvas, bt doesn’t need to be in its own dir. http://apps.facebook.com/checkmywater/tab.php would work just fine.

  • Chris

    1.) Should ‘YOUR_NUMERIC_PAGE_ID’ be:
    -the application’s ID , or…
    -the Page ID of the Fan Page I’ll be adding the app to as a tab?

    If I understand correctly, you’re saying this line of code needs to be added to my APPlication’s code- so it would seem like it ought to be the apps id. But you code says “PAGE_ID”. I’m confused.

    Apps don’t have a “page id”, do they?

    2.) What do I put in the tab.php code? Just the same code as I’ve got in index.php? (canvas page)

  • Chris

    1.) Should ‘YOUR_NUMERIC_PAGE_ID’ be:
    -the application’s ID , or…
    -the Page ID of the Fan Page I’ll be adding the app to as a tab?

    If I understand correctly, you’re saying this line of code needs to be added to my APPlication’s code- so it would seem like it ought to be the apps id. But you code says “PAGE_ID”. I’m confused.

    Apps don’t have a “page id”, do they?

    2.) What do I put in the tab.php code? Just the same code as I’ve got in index.php? (canvas page)

  • Chris

    Before I bother asking any more technical questions, do you know if it’s possible to do this:

    I have a fan page for an Organization I’m working on. I wanted to create an application tab for the Fan Page that says “Join” on the Label, and then the content of the tab would be a form that:

    1.) When they filled it out and submitted it, it wrote to my mysql database
    2.) Posted to their feed that the Joined my Organization because “………..(their input here…..)”

    This is what one of the Admins over at the FB developer board replied:

    “I’m pretty sure that’s not possible. I’m pretty sure a tab for a Fan page is very much like a user’s profile tab for an app, and in the latter case there’s very minimal interaction with your server. FB asks your server for the content, and then manages the user experience after that. FB never tells you who the user is. Like I said, you basically display something nice on a tab without knowing who’s looking, and that’s about it. You can give them a link to your app’s canvas page where you have full control.”

    He said *PRETTY SURE* – not SURE. Don’t those people work for FB? Maybe not…

  • Chris

    Before I bother asking any more technical questions, do you know if it’s possible to do this:

    I have a fan page for an Organization I’m working on. I wanted to create an application tab for the Fan Page that says “Join” on the Label, and then the content of the tab would be a form that:

    1.) When they filled it out and submitted it, it wrote to my mysql database
    2.) Posted to their feed that the Joined my Organization because “………..(their input here…..)”

    This is what one of the Admins over at the FB developer board replied:

    “I’m pretty sure that’s not possible. I’m pretty sure a tab for a Fan page is very much like a user’s profile tab for an app, and in the latter case there’s very minimal interaction with your server. FB asks your server for the content, and then manages the user experience after that. FB never tells you who the user is. Like I said, you basically display something nice on a tab without knowing who’s looking, and that’s about it. You can give them a link to your app’s canvas page where you have full control.”

    He said *PRETTY SURE* – not SURE. Don’t those people work for FB? Maybe not…

  • Chris – what you’re looking to do is possible for an app, not possible for a static FBML box.

  • Chris – what you’re looking to do is possible for an app, not possible for a static FBML box.

  • Chris

    yeah – I know I was asking Q’s over at your post about static FBML boxes vs. apps. Just to clear things up – I am aware that I need an app – and I’ve already created the app.

    It works fine from it’s canvas page – but I cannot even see the option on my fan page to add it as an application tab.

    When I described WHY I was trying to do this (over at FB developer forum) – an admin gave me the reply I quoted above.

  • Chris

    yeah – I know I was asking Q’s over at your post about static FBML boxes vs. apps. Just to clear things up – I am aware that I need an app – and I’ve already created the app.

    It works fine from it’s canvas page – but I cannot even see the option on my fan page to add it as an application tab.

    When I described WHY I was trying to do this (over at FB developer forum) – an admin gave me the reply I quoted above.

  • Chris – these conversations are very fragmented this way.

    If you have not set up a tab in your settings (and have the appropriate code to trigger it, discussed in the other post), you won’t see an option to add to tab.

  • Chris – these conversations are very fragmented this way.

    If you have not set up a tab in your settings (and have the appropriate code to trigger it, discussed in the other post), you won’t see an option to add to tab.

  • Chris:

    “1.) Should ‘YOUR_NUMERIC_PAGE_ID’ be:
    -the application’s ID , or…
    -the Page ID of the Fan Page I’ll be adding the app to as a tab?

    If I understand correctly, you’re saying this line of code needs to be added to my APPlication’s code- so it would seem like it ought to be the apps id. But you code says “PAGE_ID”. I’m confused.

    Apps don’t have a “page id”, do they?”

    If your tab is meant to appear on a fan page, it needs to be your page ID. If its meant to appear in a user’s profile as a tab, you use the user’s profile ID.

    “2.) What do I put in the tab.php code? Just the same code as I’ve got in index.php? (canvas page)”

    $fanpageFBML = $facebook->api_client->profile_setFBML(null, ‘YOUR_NUMERIC_PAGE_ID’,$fbml_content, null, null,$fbml_content, “profile_box”);

    The $fbml_content here would be whatever content you want to appear in your tab. If the tab is to have the same content as the canvas page, then yes – you can use the same code. Or you can build the canvas page so that it stuffs all of its output into the $fbml_content variable, and then in your index.php, echo $fbml_content (for your canvas page) and then use the profile_setFBML call below it to set the tab box. Mind you, if you set the profile_setFBML in your index.php, you need to make sure index.php is the page you’ve specified in your application settings.

  • Chris:

    “1.) Should ‘YOUR_NUMERIC_PAGE_ID’ be:
    -the application’s ID , or…
    -the Page ID of the Fan Page I’ll be adding the app to as a tab?

    If I understand correctly, you’re saying this line of code needs to be added to my APPlication’s code- so it would seem like it ought to be the apps id. But you code says “PAGE_ID”. I’m confused.

    Apps don’t have a “page id”, do they?”

    If your tab is meant to appear on a fan page, it needs to be your page ID. If its meant to appear in a user’s profile as a tab, you use the user’s profile ID.

    “2.) What do I put in the tab.php code? Just the same code as I’ve got in index.php? (canvas page)”

    $fanpageFBML = $facebook->api_client->profile_setFBML(null, ‘YOUR_NUMERIC_PAGE_ID’,$fbml_content, null, null,$fbml_content, “profile_box”);

    The $fbml_content here would be whatever content you want to appear in your tab. If the tab is to have the same content as the canvas page, then yes – you can use the same code. Or you can build the canvas page so that it stuffs all of its output into the $fbml_content variable, and then in your index.php, echo $fbml_content (for your canvas page) and then use the profile_setFBML call below it to set the tab box. Mind you, if you set the profile_setFBML in your index.php, you need to make sure index.php is the page you’ve specified in your application settings.

  • Chris

    Okay, this is strange…

    The app (my form) works just fine – from the application canvas page.
    It takes the form data and submits it to my database just fine. All’s good there. FB appears to be happy 🙂

    Even if I screw up the data entered in the form (my form checks to make sure all fields are entered properly) the input data is remaining in the $_POST and $_SESSION variables, so it still there. All good.

    I even got the app added as tab to my fan page.
    When I click on the tab to see the form, it displays the form correctly.

    However, apparently FB is not happy.
    Beneath the form is the following message:

    “Errors while loading page from application
    Runtime errors:
    Cannot allow external script”

    I’ve tried both *allowing* and *commenting out* the following code that you gave me
    $fanpageFBML = $facebook->api_client->profile_setFBML(null, ‘121695312395’,$fbml_content, null, null,$fbml_content, “profile_box”);

    I added that code to the tab.php file, which is just a copy of my index.php file (canvas page code) – with the being that on tab.php I don’t require_login()

  • Chris

    Okay, this is strange…

    The app (my form) works just fine – from the application canvas page.
    It takes the form data and submits it to my database just fine. All’s good there. FB appears to be happy 🙂

    Even if I screw up the data entered in the form (my form checks to make sure all fields are entered properly) the input data is remaining in the $_POST and $_SESSION variables, so it still there. All good.

    I even got the app added as tab to my fan page.
    When I click on the tab to see the form, it displays the form correctly.

    However, apparently FB is not happy.
    Beneath the form is the following message:

    “Errors while loading page from application
    Runtime errors:
    Cannot allow external script”

    I’ve tried both *allowing* and *commenting out* the following code that you gave me
    $fanpageFBML = $facebook->api_client->profile_setFBML(null, ‘121695312395’,$fbml_content, null, null,$fbml_content, “profile_box”);

    I added that code to the tab.php file, which is just a copy of my index.php file (canvas page code) – with the being that on tab.php I don’t require_login()

  • Chris

    I was posting while you were. So I didn’t see what you said. I have NOT yet assigned anything to the $fbml_content variable in index.php. I would think that would mean that I would see nothing when I visit the Fan Page’s app tab, yet strangely I do.

    Are you sure I need to do that?

  • Chris

    I was posting while you were. So I didn’t see what you said. I have NOT yet assigned anything to the $fbml_content variable in index.php. I would think that would mean that I would see nothing when I visit the Fan Page’s app tab, yet strangely I do.

    Are you sure I need to do that?

  • Chris

    I just donated to your beer fund by the way. It was long overdue. You’ve been a lifesaver. Though my donation would buy a beer in Columbus, OH – not sure it would where you’re at…

  • Chris

    I just donated to your beer fund by the way. It was long overdue. You’ve been a lifesaver. Though my donation would buy a beer in Columbus, OH – not sure it would where you’re at…

  • Hi Chris – I’m sorry, you’re totally right. That’s what I get for multitasking too much. 🙁 The profile_setFBML is used for setting the content of profile boxes and boxes tab boxes. The tab stuff is handled, as you’ve discovered, just by specifying which page it should be pulling content from and then displaying whatever the output of that page is. Sorry for the confusion. It’s been a long few days.

    You should also note that the error you’re seeing from Facebook will likely not be displayed to users – so while it’s good to try to make it go away, if the app is working, then the error may not be what you think it is. Facebook won’t throw an error up and still let your app function with the offending part. If it doesn’t like it, it will prevent it from working. So your external script error may be something you’re not expecting. Definitely try to fix what its barfing on, but if the app is working, don’t lose too much sleep over it either. Most errors are not shown to users, only developers. Test it with a non-developer account to be sure though.

    Is your app set to FBML or Iframe?

    PS – thanks for the beer 😀

  • Hi Chris – I’m sorry, you’re totally right. That’s what I get for multitasking too much. 🙁 The profile_setFBML is used for setting the content of profile boxes and boxes tab boxes. The tab stuff is handled, as you’ve discovered, just by specifying which page it should be pulling content from and then displaying whatever the output of that page is. Sorry for the confusion. It’s been a long few days.

    You should also note that the error you’re seeing from Facebook will likely not be displayed to users – so while it’s good to try to make it go away, if the app is working, then the error may not be what you think it is. Facebook won’t throw an error up and still let your app function with the offending part. If it doesn’t like it, it will prevent it from working. So your external script error may be something you’re not expecting. Definitely try to fix what its barfing on, but if the app is working, don’t lose too much sleep over it either. Most errors are not shown to users, only developers. Test it with a non-developer account to be sure though.

    Is your app set to FBML or Iframe?

    PS – thanks for the beer 😀

  • Chris

    Well, “working” is a relative statement.

    When I view the app on it’s canvas page, the form looks exactly like it should. There are no error messages displayed next to the input fields unless the user has in fact not entered anything in them.

    However, when the app is viewed as a tab on the Fan Page, the form is displayed, but it already has error messages next to every field. This is what a user sees who has just visited it – and has NOT even entered anything yet. It’s like it’s already “running” and thinks the user has tried to submit, but didn’t put anything in – so it shows them the error message next to each input field.

    And i just looked at my fan page app tab from my buddy’s comp – you’re right – it doesn’t display the FB error message beneath the form.

    Though clearly, that doesn’t mean that it is suddenly allowing external scripts. When I try to submit the form via the fan page app tab, the canvas area fills with HostGator’s default 404 error page. It doesn’t do that when I submit from the canvas page (it works there).

    My app is an iFrame.

  • Chris

    Well, “working” is a relative statement.

    When I view the app on it’s canvas page, the form looks exactly like it should. There are no error messages displayed next to the input fields unless the user has in fact not entered anything in them.

    However, when the app is viewed as a tab on the Fan Page, the form is displayed, but it already has error messages next to every field. This is what a user sees who has just visited it – and has NOT even entered anything yet. It’s like it’s already “running” and thinks the user has tried to submit, but didn’t put anything in – so it shows them the error message next to each input field.

    And i just looked at my fan page app tab from my buddy’s comp – you’re right – it doesn’t display the FB error message beneath the form.

    Though clearly, that doesn’t mean that it is suddenly allowing external scripts. When I try to submit the form via the fan page app tab, the canvas area fills with HostGator’s default 404 error page. It doesn’t do that when I submit from the canvas page (it works there).

    My app is an iFrame.

  • I’m running out the door at the moment – off to martial arts class – but if you remind me where your app is located (assuming its published and I can see it) I can take a look and see if I can troubleshoot the 404. If the error is coming from HostGator, that means its technically working – its finding your site, and its not a Facebook error, but I can’t be more specific unless I can see it. I’ll be back online around 10:30 tonight.

  • I’m running out the door at the moment – off to martial arts class – but if you remind me where your app is located (assuming its published and I can see it) I can take a look and see if I can troubleshoot the 404. If the error is coming from HostGator, that means its technically working – its finding your site, and its not a Facebook error, but I can’t be more specific unless I can see it. I’ll be back online around 10:30 tonight.

  • Chris

    Have fun – try not to get so banged up this time.
    Ironically, I’ll be out drinking @ 10:30pm. I’ll have a Corona for you.

    I’ll be drinking and you’ll be trouble shooting MY app…? There’s no justice in this world.

    The canvas page apps.facebook.com/checkmywater/
    Where it is on a Fan Page: facebook.com/pages/NationalWaterCouncilorg/123778133712

    The app tab is called “Check My Water”

  • Chris

    Have fun – try not to get so banged up this time.
    Ironically, I’ll be out drinking @ 10:30pm. I’ll have a Corona for you.

    I’ll be drinking and you’ll be trouble shooting MY app…? There’s no justice in this world.

    The canvas page apps.facebook.com/checkmywater/
    Where it is on a Fan Page: facebook.com/pages/NationalWaterCouncilorg/123778133712

    The app tab is called “Check My Water”

  • Chris

    Okay, got the 404 error to go away.
    In the index.php canvas page file, my form’s action parameter was set to:

    So, for the tab.php form, I just changed it to action=”tab.php”

    It doesn’t work (i.e. doesn’t submit the data) but at least the 404 error is gone.

    As for the fact that the form shows “You have errors” when I haven’t even tried to submit anything…no idea. Do you see the statement above the form that says “There were errors in capture.php”?

    Here’s the relevant code in that capture.php that’s making that statement echo to the screen:

    if ($_SERVER[‘REQUEST_METHOD’] == ‘GET’) {
    #Form has not been attempted to submit yet, so no error messages should show
    $errors = array();
    }
    else {
    #Form HAS been submitted, check it for errors
    $errors = validate_index_form();
    if (count($errors)) {
    echo “There were errors in capture.php”;
    }
    Else { //submit the data because there’s no errors…bunch of fairly obvious code follows here…

    Here’s the code inside the function validate_index_form(){
    if (!isset($_POST[‘first’]) || (empty($_POST[‘first’])
    && !is_int($_POST[‘first’]))) {
    $errors[‘first’] = ‘* Required’;
    }else{
    $_SESSION[‘first’] = mysql_prep($_POST[‘first’]);
    }
    }
    And a bunch of identical conditional statements for each of the input fields.

  • Chris

    Okay, got the 404 error to go away.
    In the index.php canvas page file, my form’s action parameter was set to:

    So, for the tab.php form, I just changed it to action=”tab.php”

    It doesn’t work (i.e. doesn’t submit the data) but at least the 404 error is gone.

    As for the fact that the form shows “You have errors” when I haven’t even tried to submit anything…no idea. Do you see the statement above the form that says “There were errors in capture.php”?

    Here’s the relevant code in that capture.php that’s making that statement echo to the screen:

    if ($_SERVER[‘REQUEST_METHOD’] == ‘GET’) {
    #Form has not been attempted to submit yet, so no error messages should show
    $errors = array();
    }
    else {
    #Form HAS been submitted, check it for errors
    $errors = validate_index_form();
    if (count($errors)) {
    echo “There were errors in capture.php”;
    }
    Else { //submit the data because there’s no errors…bunch of fairly obvious code follows here…

    Here’s the code inside the function validate_index_form(){
    if (!isset($_POST[‘first’]) || (empty($_POST[‘first’])
    && !is_int($_POST[‘first’]))) {
    $errors[‘first’] = ‘* Required’;
    }else{
    $_SESSION[‘first’] = mysql_prep($_POST[‘first’]);
    }
    }
    And a bunch of identical conditional statements for each of the input fields.

  • This very thing hung me up for an entire day, until I finally resolved that it just wasn't possible. My single biggest hurdle with FB development has been the arbitrary limitations placed on app tabs for no apparent reason. I mean, it's the same damn app. I finally gave in and used the dreaded “click to enter app” gateway page. Feels just wrong.

  • ASAsa

    F%$KK FACEBOOK!
    its one big mistake.

  • Gurpal 2000

    HI Sniper – i came across this post and thought i was doing something wrong. I too, can't seem to get any useful info out of a Tab. Basically im trying to make a customized version of “Photo Album Strip” app. Basically it allows you to categorise your own Photos albums into sets. Now i have a tab, but i'm unable to call photos.getAlbums from my OWN profile let alone anyone else's. Do you know if i should be able to call photos.getAlbums on my own tab? Cheers, G

  • Hi Gurpal – is this on a Static FBML tab or a Facebook application?

  • Hi Gurpal – is this on a Static FBML tab or a Facebook application?

  • Guest

    I edited my facebook profile info in the new format and when i hit the button to save edits, my info went blank and now tab php shows up as a file to open and that's it. No infor shows at all. Please tell me how to get my info back!

  • Hi Snipe. I am new around here, but just wanted to ask you. Did you figured out how to get the ID of VISITOR, on a FB application, installed as a tab on a page ?
    Thanks

  • If you need to get the FBID of the user looking at an application tab, you should be able to use $_REQUEST['fb_sig_profile_id'];

  • if i print out this REQUEST['fb_sig_profile_id'] is the id of user who owns the profile or the page, not the visitor.

  • Ahh shit – you're right. Had forgotten that FB doesn't allow you to see the viewing user's FBID until the user interacts with the page in some way. If you trigger an ajax call on that page, you can get their FBID through that, but otherwise not.

  • Manjula

    Hi snipe- I need help with Application Tabs set up. I can see the application tab when logged in as myself but my friends can not see this tab. Is there any property that I can set to show it to everyone?
    Thanks in advance.

  • Check and make sure your app isn't in Sandbox mode. Edit Settings > Advanced > Sandbox Mode should be set to NO, unless you want to keep it private for testing and then add your friends as developers so they can see it.

  • Manjula

    Cool- the page is now visible. Thank you so much for helping out.

    I have two more questions for you if you dont mind-
    I created a page with static fbml but want to put in asp.net code in it. So I created a facebook application, but to use it in the page – I think I have to submit it to the active directory from where I can get that called onto a page. But I am not able to add it to the active directory as I dont have the required number of total users or monthly active users. Because it is not available to other users – I am not able to get this users number go up. What should I do?

  • Manjula

    sorry about the number of questions – I am very much confused in getting this work, working on this for the last two days- thanks again.

  • Mrunali

    hi snipe/manjula-
    I have the same issue- I'm not able to publish my facebook application as I dont have that many users with it. How to increase the number of users using this application?
    Thx

  • You don't need multiple users to publish an app, only to list it in the directory. Please see my response to Manjula.

  • Mrunali

    My application is not in Sandbox mode, but none of my friends are able to view this application. How can they use this application if it is not available in active directory?

  • You can send them a link to it.
    What's the app url?

  • Manjula

    Snipe – Can you help me in adding a button on a facebook application tab that posts back to itself? Thx

  • Mrunali

    My application URL is – http://www.facebook.com/mrunali.sing
    This is application tab.

    Can you also reply to Manjula's question about the button postback in the page. I have the same issue here. My button postbacks to itself but the tabs go missing.

  • That is your personal profile url, not your app url.

  • Mrunali

    This is the application – http://www.facebook.com/apps/application.php?id
    I made this application show up as tab in profile thinking that way my friends will know about this.

  • I can see the app, so it's not in sandbox mode. When I try to add it as an app tab to one of my test pages, it doesn't work. It's either a Facebook glicth, or there's something bonkers with your tab code.

  • Mrunali

    I asked my friend to do the same as you did – she could add it to her test page, here is the link to her page-
    http://www.facebook.com/pages/MyCars/1336510899

    So I think you are right- until I pass the application id – my friends should be able to see the application and when the user count reaches the required number, I can then publish this page or the application to all to see.

    I think now my thoughts are in the right direction.

    Can you take a look at this page – cars tab? The tabs disappear when I click on the search button. What is that I am missing here?

  • For the THIRD time – the user count has NOTHING to do with whether or not people can see the app. It only pertains to whether or not it gets listed in the app directory. If your friends cannot see your app tab then either Facebook is acting buggy or there is something wrong with your app.

  • Will

    HOW TO ADD YOUR CUSTOMIZED APPLICATION TAB IN YOUR FAN PAGE:

    To add a Tab (Button) into your managed Fan Page that is connected to your customized Application, view your Application Profile page. At the left side menu, click “Add to Page” then select your Fan Page wherein you want to add your Application to. Go to your corresponding Fan Page and on it's public Tab menu, locate the “+” button. Click it to add your Tab for your customized Application. Then click “>>” to order your Tabs so your customized Application's Tab button will appear within the first 6 Tab button limits.

  • Will

    EXTERNAL SCRIPT ERROR:

    Hope this helps: I discovered when I removed the ff. codes from my external PHP page, the “External Script Error” reported on the bottom of my Fan Page's admin view, disappeared.

    <div id=”FB_HiddenIFrameContainer” style=”display:none; position:absolute; left:-100px; top:-100px; width:0px; height: 0px;”></div>

    <script src=”http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php” type=”text/javascript”></script>

    <script type=”text/javascript”> FB_RequireFeatures([“CanvasUtil”], function(){ FB.XdComm.Server.init(''.$general['docroot'].'/facebook/'); FB.CanvasClient.startTimerToSizeToContent(); }); </script>

    The script above was given by Facebook to be used in combination with the “xd_receiver.htm” file that is related to the iFrame height viewable section on your actual Application's page. Including that file together with the codes above removes the vertical scrollbar from appearing when you've set your Application's Canvas Settings to “resize” instead of “smart size”.

    Thanks for the many articles in this site that have also helped me. 🙂

  • I posted a video walkthrough several months ago:
    http://www.youtube.com/watch?v=l9bbCVsS9Gg

  • I'm a little confused – app tabs can only be FBML, not IFRAME, so you wouldn't use an xd_receiver there.

  • Will

    When I created my Application, I got confused and never realized that adding it is similar to adding the “Static FBML” app. The non-searchability of my App (because it hasn't been “liked” by many people yet) also contributed to my confusion. hahaha I do not really want my app to be visible in search as it will just act as a Microsite page within a Fan Page. Upon reading this entire thread, I thought the other guy was also asking the same question hence I posted my findings. But thanks for the link and the many useful tutorials. 🙂

  • Will

    I use my customized Application, which has iFrame, as a Tab within my Fan Page since I think I cannot use iFrame within a “Static FBML” Tab. My customized App is just a simple page that grabs dynamic data from an external website. I just call it as an Application because that is the procedure I went through: Created an Application in Facebook to act as a dynamic page. Since I don't know FBML that well yet (I just know PHP & some MySQL) and I don't have enough time to dedicate to the project, I opted to use an iFrame placed inside a Tab page within a Fan Page. Sorry if my post is confusing. Hope this clarifies it. 😀

  • Not really, but i appreciate you trying 🙂 Even in an IFRAME application, the app tab itself is still FBML. If you try to put IFRAME into an app tab, you'll usually get an error.

  • insightcanada

    I'm having a similar issue. I'm trying to pull content from our site and load that into an application that sits as a tab on a page of ours.The actual canvas page of the app works, but its throwing that error when set as a tab.
    Snipe, do you have any ideas of what i might need to do to get a tab that can pull dynamic content from an external site? i thought an iframe would be the magic i needed 😛

  • You can pull dynamic content from an external site, but it's gotta be written as an FBML app would be written. Load server-side scripted data, and then call updated information using mock ajax/FBJS.

  • Thanks for this usefull info “don't lose too much sleep over it either. Most errors are not shown to users, only developers” :^)

  • Bart

    Hi there.
    Totally agree with you after spending hours and hours trying to solve this problem.
    If I'll get it working – I'll let you know as well.

  • Hi,
    I am able to get the user_id of a user on a tab IF the tab posts to an external URL, AND the user has authorized the application. I then quickly do the dirty work on my server and then redirect back to the tab. This is useful for having forms on an application tab, anyway.
    Authorizing is the tricky part. I used to just be able to do requireLogin=1, but that no longer works. fb:if-is-app-user isn’t allowed either, I get that ugly “forbidden by flavor TabFBMLFlavor” error.
    I got it to work from this solution:
    http://forum.developers.facebook.net/viewtopic.php?pid=215120#p215120
    The script:
    function formDone() {
    document.getElementById(‘my_form’).submit();
    }
    function submitForm() {
    FB.Connect.showPermissionDialog(“”, formDone);
    }

    and then put onsubmit=”submitForm();return false;” in the form.

    • If the tab posts anywhere (outside url or otherwise), you can get the fbid. The user just has to interact with the tab in some way, at which point you can get the fbid.

By snipe
Snipe.Net Geeky, sweary things.

About Me

I’m a tech geek/dev/infosec-nerd/scuba diver/blacksmith/sword-fighter/crime fighter/ENTP/warcrafter/activist. I run Grokability, Inc, and run several open source projects, including Snipe-IT Asset Management. Tweet at me @snipeyhead or read more

Get in Touch