I'm using the Facebook PHP SDK for simple login with extended permissions. I'm using the example code from the SDK docs, but I found that I need to manually clear out the FB session data otherwise if($user) comes back as true even though the
user is logged out. I have the app going to logout.php upon logout; this page clears out the session vars and redirects to the app home page.
Once I clear out the FB session data, log in/log out works fine. However, it stops working if I pass $params to the getLoginUrl function. Once I pass any params (I've tried several), the login breaks, either by not bringing up the second extended permissions screen or by refreshing the app page w/out login success.
index page and logout page code follow.
index.php
<?php
require 'services/facebook-php-sdk/src/facebook.php';
$facebook = new Facebook(array(
'appId' => '[APP_ID]',
'secret' => '[SECRET]',
));
// Get
User ID
$user = $facebook->getUser();
if($user) {
try {
// Proceed knowing you have a logged in
user who's authenticated.
$user_profile = $facebook->api('/me');
$params = array('next' => 'http://'.$_SERVER["SERVER_NAME"].'/logout.php');
$logout_url = $facebook->getLogoutUrl($params);
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
} else {
$login_url = $facebook->getLoginUrl($params = array('redirect_uri' => 'http://'.$_SERVER["SERVER_NAME"].'/', 'scope' => 'read_stream'));
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
</head>
<body>
<?php if($user) { ?>
<p><a href="<?php echo($logout_url); ?>">Log out</a></p>
<?php } else { ?>
<p><a href="<?php echo($login_url); ?>">Log in</a></p>
<?php } ?>
</body>
</html>
logout.php
<?php
session_start();
$fb_app_id = '[APP_ID]';
unset($_SESSION['fb_'.$fb_app_id.'_code']);
unset($_SESSION['fb_'.$fb_app_id.'_access_token']);
unset($_SESSION['fb_'.$fb_app_id.'_user_id']);
unset($_SESSION['fb_'.$fb_app_id.'_state']);
header('Location: http://'.$_SERVER["SERVER_NAME"].'/');
?>
