“Fill out this form to apply for consideration in our program allowing a limited number of businesses to use Google+. We will be using this small experiment to see the effect of including brands in the Google+ experience.”

Having been an early fan of Google, naturally I tried to figure out if I could join Google+ in the beta. It wasn’t very difficult to do and when I did I happened to be logged in with my fredl@dutchie.org Google Profile and all was well.

So being busy with this, I decided to check out some other pains from the past (mind you, I specifically said ‘my fredl@dutchie.org Google Profile, meaning that this was NOT my Google Apps fredl@dutchie.org account; I found out I could create an @dutchie.org Google Profile next to my @dutchie.org Google Apps account years ago, unfortunately quite a while after already having created a fred.leeflang@gmail.com profile *sigh*)

So I logged in to my fred.leeflang@gmail.com profile and checked out my Picasa. Well wow, FINALLY Google had created a simple way to migrate my Picasa albums to my other account, the fredl@dutchie.org Google Profile. Whoohoo, that meant… could it be true… that I could share my Picasa pictures on Google+ now! Testing this confirmed it and I was happy as a pig in snot. Encouraged by this success, I noticed the window that said my fredl@dutchie.org Google Profile would be forcefully moved under the management of my @dutchie.org Google Apps administrator, somewhere in July 16th if I remember correctly. So I decided what the heck and moved stuff aheas of time.

BIG MISTAKE! Trying to log back in on Google+ after the migration, I suddenly get this message saying Google Profiles is not supported under Google Apps. I had to login on Google using my (now) incomplete temp account.

So then I went to — google — for any news on this subject and it turns out Google has announced in March that it would be a few weeks before Google Profiles would be available on Google Apps. In May they announced it would be ‘a few more months’. So much for Google promises, I hope their promises on privacy will be more reliable.

But then this morning something interesting happened. I was reading a Google group and decided I’d comment on a post. For that, you have to join the group first. And what do you know..

Of course, this is in Dutch, but it says there under ‘Google-profiel’ ‘Bied een link naar mijn dutchie.org-profiel’ (give a link to my dutchie.org profile). The only thing I see different now than the first time I tried this is that my profile picture is now not my dutchie.org profile picture (which I think it was the first time I tried this).

Update:

Well, I just checked the ‘Bied een link naar mijn dutchie.org-profiel’ which did make my Google Apps profile picture show up.

Mind you, it also shows a link to my profile!! Clicking on the link however results in a message saying:

This service is not available

Profiles is not available for dutchie.org. Learn more about Google products you can use with fredl@dutchie.org.

If you are the Google Apps administrator, please read these articles to learn more about controlling user access to Google Apps services and turning services on/off for certain users.

Did you use this product with a different Google Account? Sign out of your current Google Account and then sign in to the account you want.

Looking for something just a little different on your vacation this year? Check out Scooba-Doo’s new line of underwater scooters!

The obvious advantage of the ingenious design is the enclosed head area – the need for a mask or mouthpiece is eliminated by the constant replenishment of air into the clear dome that enables normal breathing. There’s also no need to wear weight-belts or an air tank.

Add the ability to cruise at a rate of 2.5 knots, or remain stationary while feeding the fish and you have a unique underwater experience open to a wider range of people than conventional diving – those who are not strong swimmers or who have minor disabilities can still ride the bike and you can wear your spectacles or contact lenses without difficulty. Even young children can easily use a Scuba-Doo.

It also comes in 5 cool colors:

Check it out at Scuba-Doo

Now you, too, can look like a Manly man while serving up your favorite snack, with the Pizza Boss 3000 circular saw pizza cutter.

Here at perpetualkid.com

Whatever you want to do… There’s an app for that. That’s right. Whether you want to buy movie tickets, read the news, write a review, pay a tip, catch a taxi, or even train your dog, there’s an app to help you out.

But what if you want to hang a photo on the fridge, leave a note on the microwave, or save that Chinese take-out menu in a place where you can’t lose it? When it came to certain old-school tasks, the apps were coming up short.

A little reverse innovation was needed. Well, good news, everyone… Now there’s an app for that, too. All 18 individual epoxy coated App Magnets measure a substantial 7/8″ x 7/8″ and are waiting to hold that next photo or coupon!

Available at perpetualkid.com

We’re all familiar with traditional bubbles. You know how it goes, you stick the wand in, blow, bubble forms, floats around for a bit and then falls to the floor and pops! How completely boring is that?

Introducing Touchabubbles! These bubbles really stick around! Blow them as you would ordinary bubble soap, but instead of popping, these harden up when exposed to air, making them strong enough to stack, roll, even throw.

Great idea for a party!

Get yours at perpetualkid.com

The Internet Corporation for Assigned Names and Numbers (ICANN) has just given us all an entirely new gadget however. Despite, and perhaps because, raging debates about whether online pornography should be put under a .xxx extension, ICANN has just announced that it will now be possible to get your own domain extension, so sometime soon it may be possible to go to, say, http://cocacola

Getting your own domain extension will not be cheap however. The ICANN application fee alone is $185.000 with an ongoing fee of $25.000 to maintain the domain extension.

As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.

While arguably the whole statement sounds a bit immature, does LulzSec have a point? And are they as immature as the appear to be? Jack Koziol of the Infosec Institute says he’s quite sure they’re not and the members of the group are old school and masters in hiding their tracks. “I say these guys have been in the underground for years”, he claims.

As a brief note to myself and other who may experience the same problem: I use the “Simple Facebook Connect (SFC)” WordPress plugin on my site. It’s a very nice modularly written plugin but that’s all described very well on the site. My note is about using this plugin on a WordPress instance running multiple domains however.

While adding ‘like’ buttons to my second domain on the server, I noticed I started getting error message from Facebook saying:

The app ID specified within the “fb:app_id” meta tag is not allowed on this domain. You must setup the Connect Base Domains for your app to be a prefix of http://dutchie.org/rowan-lore/.

Further investigation showed that the <fb:like tag generated by plugin adds an href parameter which contains the http://dutchie.org/rowan-lore/ URL.

As http://dutchie.org is really running on http://dutchie.3dn.nl but mapped on there with the domain mapping plugin, I figured I’d change the href parameter into http://dutchie.3dn.nl/rowan-lore. This can be done through a bit of an undocumented feature in SFC. I modify the theme files directly through putting an sfc_like() call in the theme file. When used without arguments, the sfc_like() function will generate the URL based on the get_permalink() WordPress API call. However, noticing the function also parses a $args parameter when provided, I decided to do:

$url = urlencode(str_replace('dutchie.org ', 'dutchie.3dn.nl ', get_permalink($id))); sfc_like_button(array('url' => $url));

While of course this little trick is handy to know and resulted in the desired effect, the error message remains.

I’ve also been looking into the FBML tags being put in the header:

<meta property='fb:app_id' content='100842573341270' />
<meta property=&quot;og:site_name&quot; content=&quot;Dutchie&quot; />
<meta property='og:url' content='http://dutchie.org/rowan-lore/' />

And manually tried to force sfc-base.php to generate dutchie.3dn.nl instead of dutchie.org in the og:url field. Alas, this also did not work. Otto, the developer of SFC assured me that there is no way of adding a second domain to a single FB application, but I’m still curious about this as http://dutchie.org is a second domain on the server indeed, but it’s *mapped* to http://dutchie.3dn.nl which is a subdomain of the facebook app.

[There is a video that cannot be displayed in this feed. Visit the blog entry to see the video.]

I will use this article as a scratchpad for those developers willing to learn more about the Facebook Graph API and the Facebook PHP SDK as I go, hoping that it will be useful.

Facebook PHP SDK 3.0.1

There’s a choice to be made here; We can develop a full WordPress plugin and embed the Facebook PHP API functionality in it or we can simply work on building a standalone Facebook IFRAMES app. I’ve chosen the latter for simplicity but I may later incorporate this into a WordPress plugin.

I’ll assume you have some basic understanding of how to create a facebook app and where to find the appid and the app secret.

So in the index.php of your app, start with setting up the following and add your own app ID, secret etc.:

$appId  = "[3DN APP ID]";
$secret = "[3DN APP SECRET";
$canvasurl = "http://3dn.nl/3dnfbcanvas/";
$canvas = "http://apps.facebook.com/driedncanvas/";
$scope  = "user_website,email,publish_stream,user_birthday,user_location,user_work_history,user_about_me,user_hometown,manage_pages,offline_access";
include_once "facebook-php-sdk/src/facebook.php"; # or wherever your source lives
$facebook = new Facebook (array(
  'appId' => $appid,
  'secret' => $secret,
  // 'cookie' => 'true',
));
$user = $facebook->getUser();
if ($user) {
    try {
        $user_profile = $facebook->api('/me');
    } catch (FacebookApiException $e) {
        $user = null;
}

if (!$user) {
    $loginUrl = $facebook->getLoginUrl(
        array(
            'scope' => $scope,
            'redirect_uri' => $canvas,
            // 'canvas' => .... ,
            // 'fbconnect' => .....,
            // 'next' => ....
        )
    );
print <<<EOM
  <script lang="javascript">
    top.location.href = '$loginUrl';
  </script>
EOM;
}

First we see some variables being set. The variables $appId and $secret get set to to the values Facebook assigned to your Facebook app.

Facebook literally defines a 'canvas' for which the URL sits on facebook.com. It's an empty canvas with the Facebook chrome around it. The canvas gets painted with the contents of the canvas URL, which in case of an iframe application typically sits on a non-Facebook site. Many people around the internet seem to label the canvas as the canvas URL; this is not the way Facebook's documentation speaks about it.

You may also have noticed that $cookie is commented out; Many facebook app writers used to include this in their code and filter some important settings out of the cookie value. This is no longer required per the 3.0.1 PHP SDK as everything is now part of the session layer.

Similarly but more importantly, the 'canvas', 'fbconnect' and 'next' options in the call to getLoginUrl() have been obsoleted as of version 3.0.1.

The $facebook->getUser() call checks if the user is logged in on our Facebook application, essentially through checking the session layer for the right variables to be in there and returning a non-null user-id if there are. Technically 'logged in on our Facebook application' is not the proper thing to say as there needs to be a combination of two things; Authentication (on facebook itself) and Authorization (of the app). getUser() may well have remembered something from an earlier access but in between anything may have happened. If getUser() returns a null user-id, we know for sure that the user has not authenticated yet. If it's non-null, we simply try to access the Facebook Graph API through calling a simple API function api('/me') to make sure the user is still authenticated in Facebook.

If the user is not authenticated in Facebook, we make sure that he does by calling $facebook->getLoginUrl() and redirecting the user to the URL returned by this function. Typically, getLoginUrl() will return the URL of our canvas along with some parameters to give our app the proper authentication AND authorization. This authentication is defined by the 'scope' parameter; furthermore we give getLoginUrl() the redirect_uri so it knows where to send the user to when authorization is done.

So after this code segment, we know authorization is done (otherwise Facebook won't send the user back to the redirect_uri, which contains our code; We could of course also send the user back to another page but we've made sure to return him to the canvas so we stay inside the Facebook chrome)

WordPress

Now, what I really want this app to do is to give people the opportunity to create their user account on the 3DN Politics site fully automated. This is also not a very difficult thing to do as there is a WordPress API call for it which requires only three arguments, username, password and email address.

As this Facebook app will not be a WordPress plugin as of yet, we need to apply a little trick and add the following to the source:

define('WP_USE_THEMES', false);
require('../wp-blog-header.php');
status_header(200);

This will give us access to the entire WordPress API, including the wp_create_user() function. One thing of particular interest is the status_header() call. As I'm writing the code partially as a WordPress plugin I've decided to simply make a folder under the WordPress plugin directory and 'Alias' the Facebook application to '/3dnfbcanvas/'. The funny thing is that when we include the WordPress API, it will check if /3dnfbcanvas/ is a valid page in WordPress; as it is not, WordPress will log a 404 error and the outcome seems to be different per browser. Through forcing WordPress to log a 200 (everything's okay!), the outcome becomes predictable again.

Now it's time to see if we can actually first get the user information. We do this by using an FQL query:

try {
  $fql = "select name, hometown_location, sex, pic_square, email from user where uid=" . $user;
  $param = array (
    'method' => fql.query,
    'query' => $fql,
    callback => '');
  $fqlResult = $facebook->api($param);
} catch (Exception $o) {
  error($o)
}

Here, error() is just a function to display an error message, implement that any way you wish. After this snippet of code, $fqlResult now holds the values of the user's name, hometown location, sex, pic_square and email which we can all stuff into our WordPress database.

We do a little bit of filtering on the user's name:

    $wpusername = strtolower($fqlResult[0]['name']);
    $wpusername = str_replace(' ', '', $wpusername);
    $wpusername = str_replace('.', '', $wpusername);
    $wpusername = str_replace('-', '', $wpusername);
    $email = $fqlResult[0]['email'];

WordPress Plugin

While working on this project I’ve gradually come to realize that it must have at least two parts to it:

• A wordpress plugin part
• A facebook application part

While it’s easy to use the above Facebook stuff to do some stuff like signing up in a highly automated manner, thus lowering the threshold, at some point it also becomes necessary to give associates a more fine grained control over their setup. So I have now created a Subversion repository which holds a few files for the WordPress plugin as well as the facebook application.

Using this we can now give the user a selection form for which Associates enabled site to sign up for:

    $associates_sites = $wpdb->get_results("SELECT blog_id FROM wp_blogs");
    if (!$associates_sites) {
        echo 'there was an error querying the WordPress database';
        exit;
    } else {
        echo '<select>';
        foreach ($associates_sites as $associates_site) {
            $the_blog_id = (int)$associates_site->blog_id;
            $info = get_blog_details($the_blog_id);
            switch_to_blog($the_blog_id,true);
            $associates_settings = get_option('associates_settings');
            restore_current_blog();
            if ($associates_settings['associates_enabled']) {
                echo '<option value="' . $info->blog_id . '">' . $info->blogname . '</option>';
            }
        }
        echo '</select>';

Simple Facebook Connect

I’ve used the Simple Facebook Connect plugin for a little while already and am quite happy with it. It adds functionality for people so login using their facebook login. As I want people to use their Facebook login for Associates, I will use this plugin’s method of ‘connecting a facebook user to a wordpress user’. This way I won’t have to implement login buttons myself and the intended value of SFC stays unchanged.

Inspecting the code of SFC’s sfc-login.php:

<td><p><fb:login-button perms="email" v="2" size="large" onlogin="sfc_login_update_fbuid(0);"><fb:intl><?php _e('Connect this WordPress account to Facebook', 'sfc'); ?></fb:intl></fb:login-button></p></td>

This fragment adds a button to the user’s profile in WP allowing them to ‘connect their WP account to Facebook’. On clicking it a bit of JS sfc_login_update_fbuid(0) is executed. Inspecting the JS function sfc_login_update_fbuid() a little closer:

        function sfc_login_update_fbuid(disconnect) {
            var ajax_url = '<?php echo admin_url("admin-ajax.php"); ?>';
            if (disconnect == 1) {
                var fbuid = 0;
            } else {
                var fbuid = 1; // it gets it from the cookie
            }
            var data = {
                action: 'update_fbuid',
                fbuid: fbuid
            }
            jQuery.post(ajax_url, data, function(response) {
                if (response == '1') {
                    location.reload(true);
                }
            });
        }

So we see here that all that’s happening here is to POST some data, ‘action’ and ‘fbuid’ to admin-ajax.php, which should be easy to do from our Facebook application as well. It is in fact much easier even than having to use Ajax and such, as the Ajax code gets executed by SFC when the user clicks the connect link in SFC to connect their WordPress account with their Facebook account. All we need to do as we will make this choice for the WordPress user is:

update_user_meta($wpuid, 'fbuid', $user);

I also decided that I don’t really want people who signed up as associates, and who will therefore automatically have had their Facebook uid connected to their WP user, to disconnect, so I made this impossible by setting:

define('SFC_ALLOW_DISCONNECT', false);

in wp-config.php. (Note to self: quotes around true or false DO matter)

Facebook token

What happens under water with all the Facebook authentication and authorization going on is really that there is an Oauth authorization going on. The Facebook PHP API hides this, fortunately, from our view but what happens in the process is that an Oauth ‘token’ gets created on the Facebook site. This token has an expiration time and typically gets used only during the user’s session.

What the Associates application wants to do however is to share articles by Associates to the walls of other Associates on clever timing! Clever timing is not always to share it ‘right away’ when an Associate has finished their article. We have to keep in mind that a group of facebook friends is really a geographically very broad group and… timezones become important!

So what we’ve done in the getLoginUrl() is to add an ‘offline_access’ authorization to the scope. This will cause Facebook to generate a token that does not expire. We need this token to post on the user’s behalf when the user is not physically logged in. So after the user has authenticated/authorized, we will store this permanent authorization token in a safe place:

update_user_meta($wpuid, 'fb_token', $facebook->getAccessToken());

Checking ‘Associates enabled’ sites

Now we get into the more WordPress specific stuff. After we have created the user’s login on the 3DN network, we need to determine which sites to list and make selectable for the user in the selection box.

First of all, for a user to sign up as associate on an associates enabled site is that we need to check IF a site is associate enabled. So we start with cycling through all our available 3DN network sites using:

// Build list of current user's friend ID's
$friends = $facebook->api('/me/friends');
$friendsdata = $friends['data'];
$friendlist = array();
foreach ($friendsdata as $friend) {
    $friendlist[$friend['id']] = (int)$friend['id'];
}

$associates_sites = $wpdb->get_col("SELECT blog_id FROM wp_blogs");
foreach ($associates_sites as $associates_site) {
    $wpblogid = (int)$associates_site;
    $info = get_blog_details($wpblogid);
    switch_to_blog($wpblogid,true);
    $associates_settings = get_option('associates_settings');
    restore_current_blog();
    if ($associates_settings['associates_enabled']) {
        ....
    }
}

Here we do a query for blog_id of all the blogs running on the 3DN network, we switch the context to each blog with switch_to_blog() and we fetch $associates_settings through using get_option(‘associates_settings’). The associates_settings option is created when the Associates plugin has been activated on the site. Through the administrative interface of the plugin we also have the opportunity to temporarily enable/disable Associates even when the plugin is activated, so we check the value of the ‘associates_enabled’ field to see if the Associates plugin is both active and enabled on the site.

The plugin on activation has also created a table to keep track of the so called ‘prime users’ for every site. Between the switch_to_blog() and restore_current_blog() calls we can find the name of this table with $wpdb->prefix.’associates_prime_users’. Querying this table and comparing the results with the earlier found $friendlist array, we can now check if the current user is a facebook friend of one of the prime users for this site:

$prime_usertable = $wpdb->prefix.'associates_prime_users';
$prime_users = $wpdb->get_col("SELECT um.meta_value FROM $prime_usertable pu, wp_usermeta um WHERE pu.user_id=um.user_id AND um.meta_key='fbuid'");
$prime_userlist = array();
$prime_friend = false;
foreach ($prime_users as $prime_user) {
    if (in_array((int)$prime_user,$friendlist)) {
        $prime_friend = true;
    }
}

So we can now user the $prime_friend variable to determine if we should disable the Associates site in the selection box.

Add Some Javascript and AJAX

I want the selection box to have a little check mark next to every site where the user is already an associate and to have this checkmark be toggled when the user clicks on the site, so in order to create the selection box:

echo '<select name="associates_sites[]" multiple size=5 cols="20">';
...
if ($wpuid) {
    $onit = array_key_exists($wpblogid, get_blogs_of_user($wpuid));
} else {
    $onit = 0;
}
$onit = ($onit)?'&#x2713':'';
...
if ($associates_settings['associates_enabled']) {
    print "<option value=\"{$info->blog_id}\" onclick=\"toggleAssociate({$wpuid})\"";
    if (!$prime_friend) {
        print " disabled";
    }
    print ">{$info->blogname} {$onit}</option>";
}

Here we introduce some javascript toggleAssociate() as well, which should:

• Retrieve the option value from the listing
• Send the option value as well as the user ID to an AJAX handler
• Process the value returned from the AJAX handler and update the listing

The function toggleAssociate() can be implemented easily:

    wp_print_scripts (array('sack'));
?>
<script lang="javascript">
function toggleAssociate(wpuid) {
    var clicked;
    clicked = sites_form.associates_sites.options[sites_form.associates_sites.selectedIndex].value;
    var mysack = new sack ('/3dnfbcanvas/canvasajaxhandler.php');
    mysack.method = 'POST';
    mysack.setVar ("action", "toggleassociate");
    mysack.setVar ("blog_id", clicked);
    mysack.setVar ("wp_uid", wpuid);
    mysack.runAJAX();
}
</script>

Here we use WordPress’ included SACK library to create an AJAX object and POST both blog_id and wp_uid to it when the user clicks an option in the select box.

In the actual AJAX handler we need to verify that the wp_uid actually has the fbuid set so we know at least that this user is connected to a real facebook profile. Additionally, when a user toggles his/her associates status on a site we will try posting a short status update to his/her wall using the permanent token.

// Check if user is on selected blog already
$his_blogs = get_blogs_of_user($wpuid);
$isonit = false;
foreach ($his_blogs as $his_blog) {
    if ($his_blog->userblog_id == $new_blog_id)
        $isonit = true;
}

// Set up some facebook stuff
appId  = "....";
$secret = "....";
$canvasurl = "http://3dn.nl/3dnfbcanvas/";
$canvas = "http://apps.facebook.com/driedncanvas/";
require "facebook-php-sdk/src/facebook.php";
$facebook->setAccessToken($fb_token);
if ($isonit) {
    // Try posting a status update using the user's token. If this fails we know they weren't really an associate
    // to begin with and we can fail quietly.
    try {
        $facebook->api("/$fbuid/feed", "post", array(
            "message" => "Stopped being an associate"));
         remove_user_from_blog($wpuid, $new_blog_id);
    } catch (Exception $e) {
        dbg("ERROR", $e);
    }
} else {
    // Try posting a status update using the user's token. If this fails we know they weren't really an associate
    // to begin with and we can fail quietly.
    try {
        $facebook->api("/$fbuid/feed", "post", array(
            "message" => "Became an associate"));
        add_user_to_blog($new_blog_id, $wpuid, 'author');
    } catch (Exception $e) {
        dbg("ERROR", $e);
    }
}