Login in my system through Facebook using PHP

Question

I am working on a member ordering system and I would like to let the user without register, they can directly login with Facebook.

The problem is, what is the data flow in this approach? For example, do Facebook return the user account / ID/ email or any other information so that I can insert them in my system, or it is just a session that indicate he/she is logged in?

Also, I would like to collect their phone number(for order confirmation). If the visitor did not specific it in their Facebook account, how to handle the case?

Below is the code after my research but it seems only member ID can be returned?

<?php

    define('YOUR_APP_ID', 'YOUR APP ID');

    //uses the PHP SDK.  Download from https://github.com/facebook/php-sdk
    require 'facebook.php';

    $facebook = new Facebook(array(
      'appId'  => YOUR_APP_ID,
      'secret' => 'YOUR APP SECRET',
    ));

    $userId = $facebook->getUser();

    ?>

    <html>
      <body>
        <div id="fb-root"></div>
        <?php if ($userId) { 
          $userInfo = $facebook->api('/' . $userId); ?>
          Welcome <?= $userInfo['name'] ?>
        <?php } else { ?>
        <fb:login-button></fb:login-button>
        <?php } ?>


            <div id="fb-root"></div>
            <script>
              window.fbAsyncInit = function() {
                FB.init({
                  appId      : 'YOUR_APP_ID', // App ID
                  channelUrl : '//WWW.YOUR_DOMAIN.COM/channel.html', // Channel File
                  status     : true, // check login status
                  cookie     : true, // enable cookies to allow the server to access the session
                  xfbml      : true  // parse XFBML
                });
            FB.Event.subscribe('auth.login', function(response) {
              window.location.reload();
            });
              };
              // Load the SDK Asynchronously
              (function(d){
                 var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0];
                 if (d.getElementById(id)) {return;}
                 js = d.createElement('script'); js.id = id; js.async = true;
                 js.src = "//connect.facebook.net/en_US/all.js";
                 ref.parentNode.insertBefore(js, ref);
               }(document));
            </script>

      </body>
    </html>

Answer 1

Well has you have noticed on your line where you have this:

<?php if ($userId) { 
      $userInfo = $facebook->api('/' . $userId); ?>
      Welcome <?= $userInfo['name'] ?>
    <?php } else { ?>
    <fb:login-button></fb:login-button>
    <?php } ?>

Instead of using the $userId you can do this:

$userInfo = $facebook->api('/me','GET');

This will give you the info about the current logged user.

Now the data that is returned by the facebook API it depends on the permissions you request to the user, when the user is granting permission to your site. Here you can find a list of the User object data, that is returned and the respective permission for that, in case of need. https://developers.facebook.com/docs/reference/api/user/

Since some of the data required by you, like the mobile number or email address, it's not mandatory on facebook, maybe the best approach for you is to use the registration form: https://developers.facebook.com/docs/plugins/registration/

The registration plugin lets people easily sign up for your website with their Facebook account. The plugin is a simple iframe that you can drop into your page. When logged into Facebook, people see a form that's prefilled with their Facebook information, where appropriate.

The registration plugin gives you the flexibility to ask for additional information that's not available through the Facebook API (for example, someone's favorite movie). The plugin also lets people who do not have a Facebook account — or do not wish to sign up for your site using Facebook — to use the same form as those who are connecting with Facebook. This eliminates the need for you to provide two separate login experiences.

Answer 2

You can use the following URL to see what all information you can get from the Facebook.

https://developers.facebook.com/tools/explorer

it is easy to understand the information that we can get from Facebook.

My personal suggestion is to stick with the java-script API for Facebook integration, i found it more useful. To use Facebook graph API for getting information about any user you will need an access token, so the flow should obviously start from there, then initialize each of your requests, if the phone number is not there with the Facebook account after processing the response you should request phone numbers in an alternate way, I hope the above URL will help you understand what all information about a user you can request to Facebook.