Which Facebook SDK to use with PHP 5.3?

Question

Unfortunately I\'ve reached a bit of a dead end. Due to various legacy and other reasons, I can\'t upgrade a system to PHP 5.4. And according to Facebook, I need 5.4 to run

Answer 1

A year 2020 update to my answer -

I am sick of Facebook first deprecating the PHP version, then its complete PHP SDK and I have also noticed, that with Facebook Javascript SDK it is possible to pass a fake Facebook user id to my Facebook Canvas web app.

So I have written a pure PHP solution for fetching basic user information - on the server side and without using any external libraries.

My script is based on the fact that Facebook POSTs a signed_request parameter to all Canvas web apps.

You can see it if you add the following line at the top of the PHP script:

error_log(print_r($_POST, TRUE));

By parsing the "signed_request" parameter you get an "oauth_token", which can be used to fetch the "/me" GRAPH API page.

Here is my script and remember to replace the APP_ID and APP_SECRET by the values from the Facebook dashboard:

const APP_ID     = '1234567890';
const APP_SECRET = 'abcdefghijk';

$data            = parse_signed_request($_POST['signed_request']);
$oauth_token     = $data['oauth_token'];
$user_id         = $data['user_id'];
$photo           = "https://graph.facebook.com/$user_id/picture?type=large";

$me = json_decode(file_get_contents("https://graph.facebook.com/me?access_token=$oauth_token"), true);
list($given_name, $family_name) = explode(' ', $me['name'], 2);

# TODO use the $user_id, $given_name, $family_name, $photo in your web app!

function parse_signed_request($signed_request) {
    list($encoded_sig, $payload) = explode('.', strtr($signed_request, '-_,', '+/='), 2);

    $sig  = base64_decode($encoded_sig);
    $data = json_decode(base64_decode($payload), true);

    $expected_sig = hash_hmac('sha256', $payload, APP_SECRET, true);
    if ($sig !== $expected_sig) {
        exit('Wrong sig');
    }

    return $data;
}