Persistent flag that user is on facebook?

103 views Asked by At

I'm in the middle of designing a mobile site for our main ecommerce site. Because the site is composed of inflexible legacy code I've opted to look up the users user agent string and identify them as a mobile user each page request. That way no changes to the url structure are needed. This seems to be working nicely so far.

However, I thought it may be kind of cool to use this mobile version so that users can browse our ecommerce site on facebook via iframe (the dimensions are perfect). But, unlike the mobile browsers, I am having trouble finding a persistent way to identify the user as a facebook user. I know facebook sends a $_POST variable the first time a page is viewed via iframe, and I could simply just store that in a session variable and be done with it. The issue that arises though is that what if the user visits with facebook, gets marked as a facebook user in their session, then visits our regular ecommerce site? Well, they'd still be identified as a facebook user and get served the facebook version, which is not ideal.

2

There are 2 answers

1
Jarrod Christman On

Not sure if it's proper etiquette to answer my own question but I found an answer which is a combo of Hassou's answer and a javascript php detection script.

The script I altered is from here: http://snippets.bluejon.co.uk/check4-js-and-cookies/check4-js-enabled-v2-phpcode.php

Essentially the idea is to use javascript to submit a form referencing the current url, the result tells you if javascript is enabled... However, the idea can easily be altered to submit a form only if javascript returns true for being in an iframe. You can then pass in the $_POST data into the form so that the $_POST data is carried over (only needed if the $_POST data is referenced within the display layer of your application). Here's the basic idea:

<?php
/* Include head of your application goes here, this should do whatever
session handling code you have and all processing done to the $_POST variables */

// ~~~~~~Full Url Function - Works With Mod_Rewrite~~~~~~~~~ //
// important thing is function will grab all $_GET vars
function fullurlnav()
{
$fullurlsortnav = 'http';
$script_name = '';
  if(isset($_SERVER['REQUEST_URI']))
  {
  $script_name = $_SERVER['REQUEST_URI'];
  }
  else
  {
  $script_name = $_SERVER['PHP_SELF'];
    if($_SERVER['QUERY_STRING']>' ')
    {
    $script_name .=  '?'.$_SERVER['QUERY_STRING'];
    }
  }

  if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
  {
  $fullurlsortnav .=  's';
  }

$fullurlsortnav .=  '://';

  if($_SERVER['SERVER_PORT']!='80')
  {
  $fullurlsortnav .=
  $_SERVER['HTTP_HOST'].':'.$_SERVER['SERVER_PORT'].$script_name;
  }
  else
  {
  $fullurlsortnav .=  $_SERVER['HTTP_HOST'].$script_name;
  }

return $fullurlsortnav;
}
// ~~~~~~~~~~~End Full URL Function~~~~~~~~~ //
?>
<html>
<body>
<?php
// Only run this check if user has been identified as a facebook user in their session
// or if they've been identified via the $_POST['signed_request'], which facebook sends
// upon first request via iframe.
// Doing this removes the check when it's unneeded.
if (!isset($_POST['inIframe']) && ( isset($_SESSION['inIframe']) || isset($_POST['signed_request']) ) )
{   
?>
    <form name="postJs" action="<?php echo fullurlnav(); ?>" method="post">
    <input type="hidden" name="inIframe" value="1">
    <?php
    // Carry over $_POST
    foreach($_POST as $key => $value)
    {
    echo '<input type="hidden" value="'.$value.'" name="'.$key.'" />';
    }
    ?>
    </form>
    <script type="text/javascript">
            <!--
          // If in an iframe
          if (top !== self)
          {
          document.postJs.submit();
          }
        //-->
    </script>
  <?php
}
elseif(isset($_POST['inIframe']) && ( isset($_SESSION['inIframe']) || isset($_POST['signed_request']) ) )
{
$_SESSION['inIframe']=1;
}
else
{
$_SESSION['inIframe']=0;
}

if ($_SESSION['inIframe']== 1){
echo 'IS in an Iframe';
}else{
echo 'IS NOT in an Iframe';
}

// echo out rest of your template code
?>
</body>
</html>

It gets a little tricky skating around your page display code output and it's workings, but that's the basic idea i have so far. Technically one could separate the form generation block from the elseif else statements below, and use those above your code before any display output, that may be easier to handle. Note that the above code is untested, just given to provide the basic idea for others with the same issue.

1
Soufiane Hassou On

Maybe you can tackle the problem for another angle and test if the website is loaded from a frame or not?

This is possible with javascript:

if (top === self) { 
   //not a frame 
} else { 
   //a frame 
}