Last year, I posted about how to show certain content to fans, and other content to non-fans using FBML. As FBML becomes deprecated, however, it’s time to show you the updated way using the Open Graph, the PHP SDK and IFRAMES.
The practice of showing some content to fans and other content to non-fans is generally called “like-gating”, and it’s a pretty common practice for large and small brands alike.
The reason for like-gating is that you’re asking the user to give you permission to send messages into their newsfeed (which will be the case if they “like” the page) in return for whatever is hidden behind your like-gate. Hopefully, whatever it is you’re giving fans-only feels like it’s worth it to your users – otherwise, like-gating can come off pretty as pretty sleazy. Be mindful of your users.
First off, we start the application normally, by requiring the Facebook PHP SDK. Obviously you have to have the Facebook SDK uploaded to a sub-directory of your app root, in a dir called ‘facebook-php-sdk’, and you have to change your AppID and your Secret to whatever Facebook gave you for the app you’ve created:
[php] ‘XXXXXXXXXXXXXXXXX’,‘secret’ => ‘XXXXXXXXXXXXXXXXXXXXXXX’,
‘cookie’ => true,
));[/php]
Facebook will return a signed request for every logged in user that loads your fan page tab. The signed request isn’t human readable, but is easily parsed using a simple function that unencodes it.
[php]function grokSignedRequest() {if (isset($_REQUEST[‘signed_request’])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode(‘.’, $_REQUEST[‘signed_request’], 2);
$sig = base64_decode(strtr($encoded_sig, ‘-_’, ‘+/’));
$data = json_decode(base64_decode(strtr($payload, ‘-_’, ‘+/’), true));
return $data;
}
return false;
}[/php]
If you do a print_r()
on that signed request after it’s been run through the function, you’ll see something like this:
stdClass Object
(
[algorithm] => HMAC-SHA256
[issued_at] => 1307627872
[page] => stdClass Object
(
[id] => 116633947708
[liked] => 1
[admin] => 1
)
[user] => stdClass Object
(
[country] => us
[locale] => en_US
[age] => stdClass Object
(
[min] => 21
)
)
)
As you can see, they don’t give you a whole lot of information about the user – and understandably so, since the user hasn’t authorized your application by granting an “allow” yet. In fact, you can’t even get their Facebook ID or name from the signed request. What can CAN get is:
- Page ID (which you probably already knew anyway)
- Whether the viewing user has liked the page
- Whether the viewing user is an admin of the page
- Country and language (“locale”) of the user – this can be helpful with contents where the contest is only available in certain countries due to specific laws, or to provide content in multiple languages
- Whether the user meets the criteria used in age-gating – over 13, 21+, etc
To access this data that you’ve just retrieved, you would do something like this:
[php]// call the function to parse the signed request$sr_data = grokSignedRequest();
// check like status
if ($sr_data->page->liked==1) {
echo ‘you are a fan’;
} else {
echo ‘you are not a fan.’;
}
// check admin status
if ($sr_data->page->admin==1) {
echo ‘
}[/php]
While this method takes a bit more code, it’s actually better, IMHO. Previously, the fb:visible-to-connection
FBML tag used CSS to hide and show content based on fan status. That means that clever people with just a basic level of web skills could view the source of the fan page or app and see the hidden content. This made the fan/no-fan model less than ideal for certain thing.
In the IFRAME version, the fan/no-fan status is being determined on the server-side, so there’s no opportunity for user shenanigans. They can view the source until their fingers bleed, and they will won’t have access to your like-gated content unless they like the page. (Odds are, that jerk is probably going to un-like your page immediately after getting your exclusive fan-only content, though.)