Back to News for Developers

Upgrade to PHP SDK v3.0.0

May 20, 2011ByJerry Cain

As part of our Developer Roadmap update requiring all apps to use OAuth 2.0 and HTTPS, we planned to make available an updated PHP SDK that uses OAuth 2.0. Although we originally planned to release the PHP SDK on July 1st, we moved fast and completed the update to version 3.0.0. This SDK is now available for download on GitHub.

The new PHP SDK (v3.0.0) is a major upgrade to the older one (v2.2.x):

  • Uses OAuth authentication flows instead of our legacy authentication flow
  • Consists of two classes. The first (class BaseFacebook) maintains the core of the upgrade, and the second one (class Facebook) is a small subclass that uses PHP sessions to store the user id and access token.

If you’re currently using the PHP SDK (v2.2.x) for authentication, you will recall that the login code looked like this:

$facebook = new Facebook(…);
$session = $facebook->getSession();
if ($session) {
  // proceed knowing you have a valid user session
} else {
  // proceed knowing you require user login and/or authentication
}

The login code is now:

$facebook = new Facebook(…);
$user = $facebook->getUser();
if ($user) {
  // proceed knowing you have a logged in user who's authenticated
} else {
  // proceed knowing you require user login and/or authentication
}

Download the full example here. The red text below indicates changes from the earlier example.php (v2.2.x):

<?php

require 'facebook.php';

// Create our application instance
// (replace this with your appId and secret).
$facebook = new Facebook(array(
  'appId'  => 'YOUR_APP_ID',
  'secret' => 'YOUR_APP_SECRET',
));

// Get User ID
$user = $facebook->getUser();

// We may or may not have this data based 
// on whether the user is logged in.
// If we have a $user id here, it means we know 
// the user is logged into
// Facebook, but we don’t know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }
}

// Login or logout url will be needed depending on current user state.
if ($user) {
  $logoutUrl = $facebook->getLogoutUrl();
} else {
  $loginUrl = $facebook->getLoginUrl();
}

// This call will always work since we are fetching public data.
$naitik = $facebook->api('/naitik');

?>
<!doctype html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
  <head>
    <title>php-sdk</title>
    <style>
      body {
        font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
      }
      h1 a {
        text-decoration: none;
        color: #3b5998;
      }
      h1 a:hover {
        text-decoration: underline;
      }
    </style>
  </head>
  <body>
    <h1>php-sdk</h1>

    <?php if ($user): ?>
      <a href="<?php echo $logoutUrl; ?>">Logout</a>
    <?php else: ?>
      <div>
        Login using OAuth 2.0 handled by the PHP SDK:
        <a href="<?php echo $loginUrl; ?>">Login with Facebook</a>
      </div>
    <?php endif ?>

    <h3>PHP Session</h3>
    <pre><?php print_r($_SESSION); ?></pre>

    <?php if ($user): ?>
      <h3>You</h3>
      <img src="https://graph.facebook.com/<?php echo $user; ?>/picture">

      <h3>Your User Object (/me)</h3>
      <pre><?php print_r($user_profile); ?></pre>
    <?php else: ?>
      <strong><em>You are not Connected.</em></strong>
    <?php endif ?>

    <h3>Public profile of Naitik</h3>
    <img src="https://graph.facebook.com/naitik/picture">
    <?php echo $naitik['name']; ?>
  </body>
</html>

When to upgrade

If you are only using the PHP SDK for authentication, please upgrade now. If you are using the JavaScript SDK for login in conjunction with the PHP SDK, you will want to wait for the JavaScript SDK upgrade (coming in 4 weeks). Version 3.0.0 of the PHP SDK won’t cooperate with the current JavaScript SDK due to the cookie format changing.

Below is a table to help you remember when to begin upgrading:

Login FlowUpgrade
PHP SDK for login and API callsNow
JS SDK for login and PHP SDK for API calls4 weeks
JS SDK for login and API calls4 weeks

To learn more about the OAuth 2.0 flow and how to implement OAuth with CSRF protection, please read our Authentication Guide. All apps must utilize the new OAuth flows by October 1.

If you have any questions or feedback on this release, please leave them in the Comments Box below.


Tags: