Get user name and basic detail without using facebook graph api - database

I am working on a website, I have one problem ..
I have facebook users id in my database, now I want to get their names using their ids but without using graph api..
Is there any way to do so..

I assume you want to do this programaticaly... Short answer is - you can't.
If you want to do it manually you can simply navigate to this url: https://facebook.com/profile.php?id={USERS_ID}It will give you the users profile page where you can see their name IF their profile is publicly available.
Essentially you should request the users names and store them in your database when the users authenticate your application.

Related

Create a post on facebook on users behalf using new Sharing Products feature

My scenario:
I have an application within which users keep their own journals. For some of the journal records, i want to enable them to post to their facebook timeline.
It was rather straightforward with an old api (obtaining token and posting) but with a new Sharing Product, it seems impossible because its intended to use ograph data and backlink from facebook post to the page within the app but since the journal post itself is for logged user only, i don't see a way how could it work.
So, the question is:
How to enable users to share (actually, "replicate" is more accurate word) content from their authorization protected area within my application to their facebook timeline?
PS.
I am aware of solutions like: Auto post (user behalf) on facebook but that's an old api.
You can not create new content like this any more in any automated way, you can only let your users share links.
But you can point the Share button to any URL you like (parameter href), it does not have to be that of the current page.
Facebook will follow whatever you have set as og:url or canonical, so that would have to be the version without authorization then.
That would also be the URL that users clicking on the link in that post would be redirected to.

What's the best way to save user data that's login from plugin(facebook or google)?

I have my own login form for my website. In addition I have also added google and facebook login.
My question is should I add those user data that's login from (fb or google) into my own userdata table or create a different one each for google and facebook.
1) If I add to my existing one, the password column would be left blank(as fb do not provide one) and anyone who knows the email will be able to access it easily.
2) And if I make different table then I think it will become little complicated or slower when trying to access a user data from across the different table.
What's the best choice of doing it or any other method that's better than this?
Make sure users have to enter a password when they login with Facebook/Google, or make sure regular users do not use a blank password - users without a password can only login with the Facebook/Google API.
DonĀ“t create a separate table, it will only get more complicated. Extend the existing one with IDs (from Facebook and Google).

Does exposing a user's uid in the url pose a security threat for Firebase?

I've got a small review system built in AngularJS and Firebase and the only way to identify which review is made by which user is via the uid of the user. The idea is when you then click on the user's name, you should be taken to the profile of that user.
So I would then create a route looking like /profile/{{review.author.uid}} which could translate into /profile/facebook:123234243 for example.
My question is, does it pose a security threat showing the uid in the url like this? Can it be used for any malicious actions against a user's third party account etc?
I've tried looking through their website but I can't find anything on this subject.
EDIT: Note that I need a Firebase specific answer, not a generic one about database id:s.

How do I integrate the FB Javascript API with custom database

I am new to Facebook development.
Is it possible to have a website login with Facebook + a non-FB database?
Specifically I would like my users to access Facebook information similar to Sociogram (http://coenraets.org/blog/2013/02/sociogram-a-sample-application-exploring-the-facebook-sdk-and-the-graph-api/) which I have gotten working with my own website app, but also tie in additional user information that Facebook does not keep - so that my users only have to have one login.
Any info on where to start researching would be helpful.
As you are talking about having your own database, i can guide you like this.
Use facebook javascript login to get premissions from user and save them to your database in which you may have other details to be added later for your website purpose
When you save details once from first login, you dont need to save them on next login. So Write code so that on first login check your database for user existance and if not then add him to database.
And in that database you can add extra field that facebook wont save like his height for example.
For this to happen you must have server side scripting knowledge to store the details to database. If you need further more details, i am here to answer.

Lack of security for force.com sites?

I am exposing a page with a standardcontroller="account" to a force.com site facing the public. This page displays account specific data to the clients. Now when a customer logs in to my website I want him to have access to his account's data and only his account data. Here is the problem; the url for a page with a standardcontroller has a Id field, such as "https//www.myforcesite.force.com/AccountViewPage?Id=a82347dod". If a user changes a few keys on the Id, it is very easy for him to access other people's account page and bypass the login process. How can I prevent that.
I opened a ticket with salesforce but they told me its working as intended. I don't think a vulnerability to a trivial brute force attack should be intended so I want to know if there are any fixes?
Create one StandardController extension and check if the logged user in your website has the permission to view that account.
http://www.salesforce.com/us/developer/docs/pages/Content/apex_pages_standardcontroller.htm
What you are looking for is URL rewriting for force.com site.
For example, let's say that you have a blog site. Without URL rewriting, a blog entry's URL might look like this: http://myblog.force.com/posts?id=003D000000Q0PcN
With URL rewriting, your users can access blog posts by date and
title, say, instead of by record ID. The URL for one of your New
Year's Eve posts might be:
http://myblog.force.com/posts/2009/12/31/auld-lang-syne

Resources