This article is for Facebook developers or wannabes. If you’re not at least a programmer, you probably shouldn’t be reading this.

I got an email asking me how to use Flash and PHP with a validated session correctly. Someone wants their Flash applet to talk to a server page via getURL, and they want that server page to be able to access the respective user’s Facebook session. The difficulty here is that Flash will not, by default, pass all the signed Facebook variables to requested PHP (or other) server pages. So, what are we to do?

IFramed Applications

If your application runs in an IFrame, you do not have access to the handy <fb:swf> tag that Facebook offers. The only difference here is that you have to construct the query string containing all signed variables yourself. This is easy enough.

On a side note, you should always use swfobject.js to embed SWF into an HTML page. It’s readily available everywhere on the Internet, and it allows an SWF to be loaded upon page load without first requiring a user click.

To use it, insert a <div> object in your HTML page, and in an onLoad Javascript callback for your page, write something like this:


function makeFlash(flashvars) {
  var flash_object = new SWFObject("swf/rateme.swf", "swf_object_id", "190", "70", "8", bgcolor);
  flash_object.addParam("flashvars",flashvars);
  flash_object.write(objid);
}

Where objid is the ID of the div object on your page. The key here is the Flashvars parameters. This is where you need to pass in all the fb_sig* variables that Facebook passed to you.

In PHP, to create this string (for the Flashvars), you’ll have code something like the following:

$fbsigstring = array();
foreach($_REQUEST as $key=>$value) {
  if(strpos($key,"fb_sig") === 0)
    $fbsigstring[] = $key . ‘=’ . urlencode($value);
}
$fbsigstring = implode(’&’,$fbsigstring);

This will construct the string you need to pass to your makeFlash() function when your page has completed loading.

FBML Apps

If your application uses FBML, then you can use <fb:swf>. This will create a Flash object that already has all the signed Facebook variables passed to it via Flashvars, so there’s no need for you to do anything. Read on.

Finally..

Inside your Flash object you need to use these variables and pass them back to your server. This can be done in a similar fashion as in PHP, but just in Actionscript. See:

var fb_sign_vars:String = "";
var fb_userpresent:Boolean = false;
var keyStr:String;
var valueStr:String;
for (keyStr in _root) {
  if(keyStr.indexOf("fb_sig") == 0) {
    if(keyStr == "fb_sig_user")
      fb_userpresent = true;
    valueStr = String(_root[keyStr]);
    fb_sign_vars += keyStr + “=” + valueStr + “&”;
  }
}
…
getURL(”myURL.php?somevariable=stupid&” + fb_sign_vars);

Simple. Also, if what you’re doing is only server-communication (as is often the case– user performs some task, record that in the server, send back some updated result, for instance..) you may want to talk to the server with XML. This is extremely easy to work with in PHP, but what about Actionscript? Even easier. (This code partially from Rate Me application at http://apps.facebook.com/ratemeapp )


var transmitXML:XML = new XML();
var recieveXML = new XML();
transmitXML.ignoreWhite = recieveXML.ignoreWhite = true;
recieveXML.onLoad = function() { /* process results from server right here! */ };
transmitXML.parseXML("<?xml version='1.0' standalone='yes'?>" +
  "<rateme-request action='savevote'><savevote raterid='" + this.myRaterId +
  "' value='"+(idx+1)+"'/></rateme-request>");
transmitXML.sendAndLoad(this.serverURL + "?" + this.signVars, recieveXML);

There you go. Now your PHP server pages will get the full set of signed Facebook variables and creating your Facebook() object should work just dandy.