As communicated on our Developer Roadmap, the PHP SDK has been updated to version 3.1.1 to leverage recent changes to the JavaScript SDK. The JavaScript SDK sets a cookie that identifies the connected user (if the cookie parameter is set to true). The PHP SDK can easily access this cookie when used in the same domain. This allows you to connect the user to your site or app using the JavaScript SDK (FB.login or the Login Button) and then call Platform APIs from server-side PHP without doing additional work.

The example below shows how the PHP SDK and JavaScript SDK work together:

<?php

require 'php-sdk/src/facebook.php';

$facebook = new Facebook(array(
  'appId'  => 'YOUR_APP_ID',
  'secret' => 'YOUR_APP_SECRET',
));

// See if there is a user from a cookie
$user = $facebook->getUser();

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
    $user = null;
  }
}

?>
<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
  <body>
    <?php if ($user_profile) { ?>
      Your user profile is 
      <pre>            
        <?php print htmlspecialchars(print_r($user_profile, true)) ?>
      </pre> 
    <?php } else { ?>
      <fb:login-button></fb:login-button>
    <?php } ?>
    <div id="fb-root"></div>
    <script>               
      window.fbAsyncInit = function() {
        FB.init({
          appId: '<?php echo $facebook->getAppID() ?>', 
          cookie: true, 
          xfbml: true,
          oauth: true
        });
        FB.Event.subscribe('auth.login', function(response) {
          window.location.reload();
        });
        FB.Event.subscribe('auth.logout', function(response) {
          window.location.reload();
        });
      };
      (function() {
        var e = document.createElement('script'); e.async = true;
        e.src = document.location.protocol +
          '//connect.facebook.net/en_US/all.js';
        document.getElementById('fb-root').appendChild(e);
      }());
    </script>
  </body>
</html>

Reminder: Migrate to OAuth 2.0 and HTTPS by October 1, 2011

With this update to the PHP SDK, all apps can now easily migrate to OAuth 2.0.

By October 1, 2011, we require that all website and canvas apps must exclusively support OAuth 2.0 (draft 20). All canvas apps must use the signed_request parameter. This also implies that old, previous versions of our SDKs will stop working, including the old JavaScript SDK.

You can ensure that you have migrated by:

  • Implementing the OAuth 2.0 authentication system. For more details, please see our Authentication Guide.
  • Using the latest SDKs (the JavaScript SDK with the oauth:true parameter and the PHP SDK v.3.1.1)
  • Enabling the OAuth migration in the Developer App to use the encrypted access token
  • For Canvas Apps, verifying that your app is using the signed_request parameter.

In addition, an SSL Certificate is required for all Canvas and Page Tab apps by October 1. Contrary to some feedback we’ve heard, acquiring an SSL certificate is relatively inexpensive, and the ongoing cost of supporting SSL for most apps is low. The sooner your app supports HTTPS the more secure our platform will become. A warning will be issued in the Developer App if you do not have the appropriate Secure URLs filled.

Please let us know if you have any questions or feedback in the Comments below.