 |
 Greece
|
Hossa has goal, assist in Hawks' win over Flames
|
CHICAGO – Marian Hossa had a goal and an assist, and Chicago's Joel Quenneville became the 10th coach to earn 600 NHL victories as the Blackhawks beat the Calgary Flames 4-2 on Sunday night for their fifth straight win. Steve Montador, Niklas Hjalmarsson and Patrick Kane also scored for the Blackhawks, who got 22 saves from Ray Emery. Chicago vaulted past Minnesota into first place in the NHL standings with a league-leading 46 points. The Blackhawks are 7-0-1 in their last eight games. Calgary's Olli Jokinen and Curtis Glencross scored power-play goals in the third period, and both had an assist. Miikka Kiprusoff made 21 saves. Emery, who has taken over for struggling No. 1 goalie Corey Crawford, started and won for the fifth straight game while improving to 9-1-2 overall. He has played in seven straight, including six starts. Crawford hasn't played since a start on Dec. 5 against Phoenix when he was pulled early in the second period after allowing three goals on 16 shots. Blackhawks defenseman Brent Seabrook sustained an undisclosed upper body injury late in the first period and didn't return. The Flames finished a four-game road trip at 0-2-2. The Blackhawks have won eight straight at home against Calgary, dating to a loss in March 2008. Montador scored at 9:23 for the only goal in the first period. After the Blackhawks had controlled the puck in the Calgary zone for a nearly a minute, Montador fired in a low shot from the top of the right circle. With 4:35 left in the first, Seabrook was slammed headfirst into the glass from behind by Flames forward Rene Bourque, who received a major penalty for boarding and was ejected. He remained on the ice face down for a minute before he was helped up and skated to the bench on his own. The Blackhawks failed to capitalize on the ensuing power play. Hjalmarsson made it 2-0 at 5:15 of the second with his first goal of the season. He took a pass at the top of the slot and fired a shot through a screen in front of Kiprusoff. The puck hit traffic and curled slowly into the net. Kane's power-play goal with 5:05 left in the second extended Chicago's lead to 3-0. Kane moved in on right wing and beat Kiprusoff with a high screened shot from the slot. Jokinen cut it to 3-1 with a power-play goal at 2:35 of the third, but Hossa restored Chicago's three-goal edge during a 5-on-3 power play midway through the period. Glencross completed the scoring with a power-play goal with 3:35 left on a rebound of his own shot. NOTES: Chicago's Patrick Sharp had an assist to run his career-high point streak to nine games. ... Flames C Matt Stajan left the game late in the second period with an ankle injury and didn't return. Chicago LW Dan Carcillo sat out a second game with an undisclosed upper body injury. Both are day-to-day. Blackhawks LW Jeremy Morin played after being recalled from Rockford of the AHL earlier Sunday. Flames captain Jarome Iginla, who has 496 NHL goals, was held to one point.
|
|
| December 19, 2011 | 9:49 AM |
|
|
|
|
US online holiday shopping climbs 15 pct to $30.9B
|
U.S. shoppers spent 15 percent more in online holiday buying compared to last year, after what may have been the busiest week of the season, said research firm comScore on Sunday. Shoppers have spent $30.9 billion online from Nov. 1 through Dec. 16, up from $26.9 billion at the same point last year, said the Reston, Va., company, which tracks Web use. Online sales surpassed $1 billion on four days last week. Total sales for the week climbed 15 percent to $6.31 billion compared to last year. The five days that ended on Friday "will almost certainly be the heaviest week of the online holiday shopping season," said comScore chairman Gian Fulgoni. Online spending will begin to slow as Christmas draws closer, he said. But "Cyber Monday," the Monday after Thanksgiving, is still the largest online shopping day ever, according to comScore. Sales for that day rose 22 percent from last year to $1.25 billion. Cyber Monday sales topped $1 billion for the first time last year. The holiday shopping season can make up to 40 percent of retailers' annual revenue. The online sales data point to Americans' growing comfort with using their personal computers, tablets and smartphones to shop for the holidays. Discounting and promotions have also boosted shopping this year. ComScore said on Sunday that shoppers have received free shipping on at least half of all their purchases in each week of this year's holiday shopping season.
|
|
| December 19, 2011 | 9:42 AM |
|
|
|
|
Aussie dad says dingo will be blamed for lost baby
|
CANBERRA, Australia – The father of a baby who infamously vanished in the Australian Outback more than 30 years said Monday that he was confident a new inquiry into the tragedy will officially rule that a dingo took his daughter. The disappearance of 9-week-old Azaria Chamberlain on Aug. 17, 1980, from a campsite near Ayers Rock, the red monolith in the Australian desert now known by its Aboriginal name Uluru, divided Australians between those who believed a native dog known as a dingo killed her and those who believed she was murdered by her mother, Lindy Chamberlain. The tragedy and the legal drama that ensued became the subject of the 1988 movie "A Cry in the Dark" for which Meryl Streep earned an Academy Award nomination for her portrayal of Lindy Chamberlain, who has since remarried and taken the name Chamberlain-Creighton. Chamberlain-Creighton received a life sentence for her daughter's murder and spent four years in prison in the 1980s before the conviction was overturned. Northern Territory Coroner Elizabeth Morris announced Sunday that a fourth inquest into the tragedy will begin in February to review the open finding of the third inquest that in 1995 failed to determine a cause of death. Morris said in statement that she would examine new evidence provided by Azaria's parents that dingoes attack children. Michael Chamberlain, who was given a suspended sentence in 1982 for being his wife's accessory in his daughter's murder but has since been cleared of any crime, said he is confident that the legal process would turn full circle by reaching the same conclusion as the original coroner Denis Barritt did in 1981 — that a dingo took the baby. "I don't think people open inquests without thinking there's good reason for it and that means there'd have to be a change from the status quo of the open finding that was in 1995," Chamberlain told The Associated Press. "It's now looking at dingoes, not people, as to the cause of death," he added. But Chamberlain said he was prepared to ask the Northern Territory Supreme Court to overturn the 1995 coroner's finding if Morris had not agreed to reopen the case. "I am pleasantly surprised and very grateful that at long last there's a meaningful attempt ... to determine the proper cause and truth about how my daughter died," he added. John Lawrence, a senior lawyer involved in a separate federal government inquiry that in 1987 exonerated both parents over the tragedy, agreed that the new inquest would be a final legal chapter that concluded a dingo was responsible. Previous inquiries were provided with no record of dingoes ever attacking children. But in 2001, a 9-year-old boy was mauled to death on Fraser Island, the last wild habitat of purebred dingoes off eastern Australia, and two girls aged 4 and 3 have since survived dingo attacks on the same island. "I think that the void will be filled by the new evidence on the dingo," Lawrence told Australian Broadcasting Corp. radio. "The inquest will come to a conclusion very much similar to Mr. Barritt's ... and that should really put it to bed," he added. Chamberlain-Creighton could not be immediately contacted for comment on Monday. But last year on the 30th anniversary of Azaria's disappearance, she pleaded in an open letter posted on her website for her daughter's death certificate to state that a dingo was to blame. "She deserves justice," Chamberlain-Creighton wrote. John Bryson, a lawyer who wrote the definitive book about the tragedy "Evil Angels" upon which the 1988 movie was based, said the new inquest showed that the Northern Territory legal establishment was moving beyond lingering biases against the parents. "They're entitled to their verdict," Bryson said of the parents. "They've been through a nightmare."
|
|
| December 19, 2011 | 9:35 AM |
|
|
|
|
Havel, leader of "Velvet Revolution," dies
|
PRAGUE (Reuters) – Vaclav Havel, an anti-Communist playwright who became Czech president and a worldwide symbol of peace and freedom after leading the bloodless "Velvet Revolution," died at the age of 75 on Sunday. The former chain smoker died at his country home in Hradecek, north of Prague, of a long respiratory illness after surviving operations for lung cancer and a burst intestine in the late 1990s that left him frail for more than a decade. The diminutive playwright, who invited the Rolling Stones to medieval Prague castle, took Bill Clinton to a smoky Prague jazz club to play saxophone and was a friend of the Dalai Lama, rose to fame after facing down Prague's Communist rulers. "His peaceful resistance shook the foundations of an empire, exposed the emptiness of a repressive ideology, and proved that moral leadership is more powerful than any weapon," President Barack Obama said in a statement. "He played a seminal role in the Velvet Revolution that won his people their freedom and inspired generations to reach for self-determination and dignity in all parts of the world." His plays were banned for two decades and he was thrown into prison three times after launching Charter 77, a manifesto demanding the Communist government adhere to international standards for human rights. "I am extremely moved," an emotional Prime Minister Petr Necas told Czech Television when told of Havel's death. "He was a symbol and the face of our republic, and he is one of the most prominent figures of the politics of the last and the start of this century. His departure is a huge loss. He still had a lot to say in political and social life." Just six months after completing his last jail sentence, Havel led hundreds of thousands of protesters in Prague's cobblestone streets in a peaceful uprising in November 1989 that ended Soviet-backed rule. Just over a month later, he was installed in Prague Castle as president of Czechoslovakia. Swedish Foreign Minister Carl Bildt said on Twitter: "Vaclav Havel was one of the greatest Europeans of our age. His voice for freedom paved the way for a Europe whole and free." RELUCTANT PRESIDENT Dismayed at the looming breakup of Czechoslovakia into separate Czech and Slovak states, he quit as president in 1992, but soon became leader of the newly-created Czech Republic. As a symbol of peaceful transition to democracy, he helped the small country of 10 million to punch well above its weight in international politics. "Truth and love will overcome lies and hatred" was Havel's trademark slogan that many Czechs recall from the revolution. In later years, those words were often quoted in sarcasm as Czechs' early enthusiasm towards free market democracy collided with the reality of economic reforms and corrupt politics. Havel lost some of his allure in the later years of his time at the castle. As president-philosopher, he struggled to uphold morality in a tumultuous era of economic transformation and murky business deals. "He did not want to be a president," said Petruska Sustrova, a prominent Czech dissident and one of the first to sign Charter 77. "Ideally, he wanted to sit in a pub and reconcile quarrels. He was not very keen to enter politics, he thought it would cut him off from the normal world." On Sunday, two soldiers stood to attention beside a picture of Havel at the castle in Prague as scores of mourners quietly lit candles and paid their respects. Thousands more gathered on Prague's central Wenceslas Square, the site of the main protests of the Velvet Revolution. They waved a huge, 20-metre Czech flag and lit candles. Some wept as prominent Czechs spoke and sang prayers to the crowd. The government planned to hold a meeting to decide on declaring an official day of mourning. Havel's remains were to be displayed on Wednesday and Thursday, the president's office said, and news agency CTK said the funeral could be on Friday. "We will miss him," said 57-year-old Vlasta Lopatova. "People like him are hard to find, especially these days." Born in 1936, the son of a rich building contractor, Havel was denied a good education after the Communists seized power in 1948 and stripped the family of its wealth. Despite having no higher degree, he began writing literary criticism in 1955. The first of his absurdist plays, whose characters often struggled to communicate in the empty language of communist-era rhetoric, debuted in 1963 in a more liberal era that was crushed by tanks in the 1968 Soviet-led invasion. Havel's plays then disappeared in censors' vaults, and the author was forced into menial jobs such as rolling beer barrels. STRUGGLE FOR THE SOUL That changed when Havel moved to the castle, a building he found so big that he and his staff used scooters to get around, an illustration of the euphoria of many newly free Czechs. But he struggled to uphold his ideals. Much of his two terms were cast as a struggle for the soul of democratic reforms against right-wing economist Vaclav Klaus, who eventually replaced Havel as president in 2003. When Klaus was prime minister, Havel launched a stinging attack against him, which many thought was a step too far. His popularity had declined steeply when he finally left office. But human rights stayed high on his agenda, as did anxiety about the environment and the pursuit of moral values in the globalizing world, and he was nominated several times for the Nobel Peace Prize. "He was a great and well-deserving man and will be greatly missed. May he rest in peace," said Polish dissident leader Lech Walesa, himself a Nobel laureate. "He certainly deserved a Nobel Peace Prize, but in this world not everything is just. He was above all a theoretician who fought with the word and pen." Havel repeatedly irked Chinese communists by hosting the Dalai Lama, the exiled Tibetan spiritual leader, most recently this month. He also met Burmese dissident Aung San Suu Kyi, who won the 1991 Nobel Peace Prize on Havel's nomination. "I spent a few years in prison, but perhaps I would be there three times as long if ... not for international solidarity," Havel said at a seminar on Myanmar in late 2007. Havel returned to writing, and published a new play, "Leaving," which won rave reviews, premiered in 2008 and was later turned into a film. When asked in an interview that year if he wanted to be remembered as a politician or playwright, he said: "I would like it to say that (he) was a playwright who acted as a citizen, and thanks to that he later spent a part of his life in a political position." Havel was resuscitated twice, once after life-saving surgery to repair an intestine that ruptured during a holiday. Those scares followed cancer surgery in 1996 to remove two small, malignant tumors and half his right lung. He also suffered from pneumonia and chronic bronchitis. He was last hospitalized for the disease in March and had been very frail, since then, using a wheelchair during the Dalai Lama's visit. Giving condolences for the meek, well-loved man, who could sometimes be seen walking his dog near his former Prague Castle office, global leaders hailed his example and highlighted his role in reuniting Europe after the fall of communism. "The man has died but the legacy of his poems, plays and above all his ideas and personal example will remain alive for many generations to come," said European Commission President Jose Manuel Barroso. "As he said himself in 1975 in an open letter to Gustav Husak, then president of the Communist regime: 'Life cannot be destroyed for good, neither can history be brought entirely to a halt.'" (Additional reporting by Robert Muller, Michael Kahn and Jan Korselt; Writing by Michael Winfrey; Editing by Peter Graff)
|
|
| December 19, 2011 | 9:28 AM |
|
|
|
|
Next wave of GPS promises stronger signals
|
DENVER – The future of the U.S. Global Positioning System is taking shape in a vast white room south of Denver, where workers are piecing together the first of more than 30 satellites touted as the most powerful, reliable and versatile yet. The new generation of satellites, known as Block III, will improve the accuracy of military and civilian GPS receivers to within three feet, compared with 10 feet now, according to the Congressional Budget Office. Block III will also have additional signals for civilian use — one brand new, others already in the first stages of deployment — offering more precision and making more navigation satellites available to civilian receivers. "It's a really big jump," said Col. Harold "Stormy" Martin of the Air Force Space Command. "With these additional signals, the additional power it's going to bring, it's quite a leap from the other systems." Block III may not be a bigger advance than previous generations of GPS satellites were, said Glen Gibbons, editor of the website and magazine Inside GNSS, which tracks global navigation satellite systems. "But I'm completely comfortable saying that it will be a very substantive advance," Gibbons said in an email to The Associated Press. GPS has spread into nearly every corner of civilian and military life. Farmers use it for precision mapping and banks use it to record the precise time of transactions. It has found wide use in transportation, guided weapons, emergency response and disaster relief. Block III satellites, which will begin replacing older orbiting GPS satellites in 2014, offer a new, internationally agreed-upon civilian signal that other nations' navigation satellites will also use. That would allow civilian receivers to tap into Europe's budding Galileo navigation system and others. "So all of a sudden you've got 70, 80, 90 satellites up in orbit," compared with 30 operational satellites in the U.S. system today, Gibbons said in an interview. "It's giving you a much greater number of satellites to be receiving." GPS receivers need signals from at least four satellites to establish their position, so having more satellites to tune into would improve accuracy. It also makes it easier for a receiver to find enough satellites. Military receivers could also use the international signal, as well as the other civilian signals and the encrypted, military-only signals the satellites transmit, the Air Force said. Block III will add to the number of satellites transmitting two other relatively new civilian signals. One will likely be used for such high-precision activities as surveying, Gibbons said. The Federal Aviation Administration's GPS-based NextGen air traffic control system, which is still under development, could benefit from at least one of the new signals. But the system could also work with the older, existing civil systems, said Hans Weber, president of TECOP International Inc., an aviation technology management firm. It's not yet clear when enough satellites will be transmitting the international signal and the other new civilian signals to make them usable. It typically takes 18 satellites transmitting a signal to reach initial operation and 24 to reach full capability, Gibbons said. Block III will also widen the availability of two new, encrypted military-only signals already being transmitted from a few satellites. The Air Force says they will have more power than older military signals, making them harder for enemies to jam and allowing them to penetrate deeper into urban canyons formed by skyscrapers, as well as through dense foliage. Nine of the 30 GPS satellites currently in operation transmit the new military signals, but the Defense Department is still testing it before putting it into wide use. Gibbons said it could be 2018 or 2020 before the military can take full advantage of the military-only signals. The Air Force, which controls all the U.S. GPS satellites from Schriever Air Force Base, Colo., plans to buy and launch 32 of the new Block III satellites over several years at a cost of about $5.5 billion, including upgraded ground control systems. The Congressional Budget Office, which issued a report on GPS in October, estimated the total costs much higher — $22 billion by 2025 — in part because CBO says the Air Force will need 40 satellites, not 32, to take advantage of all the capabilities planned for later GPS III models. The CBO suggested the Air Force could save up to $3 billion by foregoing some of those later advancements and upgrading receivers instead. The Air Force responded that it's still studying the CBO report. Bethesda, Md.-based Lockheed Martin was awarded a $1.5 billion contract to build a non-flying prototype of the GPS III satellites and the first two flight versions, with options to build 10 more. The last component of the prototype arrived at Lockheed Martin's $80 million GPS facility south of Denver last week. In a sparkling white clean room nearly as big as a football field, it will undergo final assembly and months of testing designed to find and correct any problems before they make it into any flying satellites. The prototype will also help find any bugs in the assembly and testing process, said Keoki Jackson, Lockheed Martin's program director for GPS III. "This (prototype) has allowed us to check out all of the designs, the interfaces, all the test equipment," Jackson said. "It allows us to find any issues long before they become any issues with flight hardware." The Air Force plans to eventually begin launching two GPS III satellites on the same rocket, Jackson said. A satellite launch typically costs about $250 million, and doubling up will bring significant savings, he said. GPS III satellites are designed to operate for 15 years, compared to seven to 12 years for many military satellites, Jackson said. ___ Follow Dan Elliott at http://twitter.com/DanElliottAP
|
|
| December 19, 2011 | 9:18 AM |
|
|
|
|
Implementing Facebook Authentication, PHP
|
Several benefits exist in adopting decentralized authentication schemes – reduction in the number of clicks required for authentication, increased conversion rates and easy user-specific customization of services . This article discusses how you can log in users to your website using Facebook (decentralized) authentication schemes and the PHP SDK found on the Facebook developers website. To get a clearer picture, you can read the prequel articles follows on Decentralized Authentication and How Facebook Authentication Works.
- Setup a Facebook App Account. Obtain your App id, App secret
- Download and extract the Facebook PHP SDK into your php project folder .https://github.com/facebook/php-sdk/ . It contains 3 folders – examples (containing a brief sample on which this tutorial is built), src (contains the main php Facebook class), and tests (test cases).
- Create a single php (fbbutton.php) to generate the login request link and in .
Contents of fbbutton.php is given below
- Create another file fbconnect.php to which the user will be redirected after authentication via Facebook. Contents
The Facebook login button can be downloaded here
|
|
|
|
|
|
Implementing Facebook Authentication using PHP
|
Several benefits exist in adopting decentralized authentication schemes –
reduction in the number of clicks required for authentication, increased conversion rates and easy user-specific customization of services . This article discusses
how you can log in users to your website using Facebook (decentralized) authentication schemes and the PHP SDK found on the Facebook developers website. To get a
clearer picture, you can read the prequel articles on Decentralized
Authentication and How Facebook Authentication Works.
- Setup a Facebook App Account. Obtain your App id, App secret
- Download and extract the Facebook PHP SDK into your php project folder .href="https://github.com/facebook/php-sdk/">https://github.com/facebook/php-sdk/ . It contains 3 folders – examples (containing a brief sample on which this
tutorial is built), src (contains the main php Facebook class), and tests (test cases).
- Create a php file. fbconnect.php to generate the login button and displaythe details of the authenticated user.
FbConnect.php
<?php
// Include the Facebook sdk base file.
require 'fb/src/facebook.php';
// Create our Application instance
$facebook = new Facebook(array(
'appId' => '*****Your Appid*********',
'secret' => '***Your App Secret*******',
));
// Get User ID if user is logged in
$user = $facebook->getUser();
// Given that this page is redirected after user login,
// We should have the required code/permission to request user details
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
//Request current users details hopefully he allowed the app 
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email',
)
);
?>
<?php if ($user) {?>
<a href='<?php echo $facebook->getLogoutUrl(); ?>'>Logout</a><br />
<?php } else { ?>
<a href='<?php echo $loginUrl; ?>'><img src='http://vidicorp.org/images/fblogin.png' width='149' height='22' alt='Login With Facebook' /></a><br />
<?php
}
// Display User detials.
if ($user ):
echo $user_profile['first_name'] . "<br />";
echo $user_profile['last_name'] . "<br />";
echo $user_profile['name'] . "<br />";
echo $user_profile['id'] . "<br />";
echo "<br /><br /> Full User Profile <br />" ;
print_r($user_profile) ;
echo "<br /><br />Available Permission <br />" ;
$user_permissions = $facebook->api('/me/permissions');
print_r($user_permissions) ;
echo "<br /><br />User Notes (if shared) <br />" ;
$user_permissions = $facebook->api('/me/notes');
print_r($user_permissions) ;
// Set up User session and redirect to appropriate home page ;
//$logoutGoTo = "/profilespage";
//header("Location: $logoutGoTo");
//exit;
else:
// If user is not logged in, print out error message
if(isset($_REQUEST['error'])) {
if ( $_REQUEST['error_reason'] == 'user_denied') {
echo "<br />Oops! You have declined to login using Facebook. ";
}else {
echo "<br />Oops! Facebook Error." . $_REQUEST['error_description'] ;
}
} else {
echo "<br />You are not Logged in" ;
}
endif
?>
The Facebook PHP SDK simplifies much of the authentication process using simple calls on the main facebook class. First we include the main facebook.php file (found in
the src folder of the downloaded facebook php sdk). Next, we create an application instance using your Appid and App Secret (more about that in previous article)..
remember to enter them correctly.
$facebook = new Facebook(array(
'appId' => '**** AppId *************',
'secret' => '******App Secret***********',
));
A login URL is generated using the getLoginURL() method.
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email',
)
);
The getLoginURL() method also generates a state session variable which is checked to counter CSRF attacks. The scope parameter specifies permission request for the
user data you want to access. An optional redirect_uri parameter (not shown above) could also be specified to indicate the page to which the user is redirected after
authentication is completed via facebook. When it is not explicitly specified as above, the user is redirected back to the same page (fbconnect.php). Remember that the
more permissions you request, the less likely users will Allow your app. Finally, use the generated url as a login link.
<a href='<?php echo $loginUrl; ?>'><img src='http://vidicorp.org/images/fblogin.png' width='149' height='22' alt='Login With Facebook' /></a><br />
The user is redirected to back the same fbconnect.php page after authentication via the facebook OAuth dialog. If authentication has been successful, an authorization
code URL variable should be available now. The api() method simply uses this code (obtained from the URL) to request an access token, verifies correctness of the state
session variable (to guard against CSRF attacks) and calls the facebook graph api in order to receive the users details in return. The method call
$user_profile = $facebook->api('/me');
is equivalent to accessing
https://graph.facebook.com/me&access_token=**************
https://graph.facebook.com/users_username
with the appropriate access token.
The result of the api method can then be accessed to obtain user details
echo $user_profile['first_name'] ;
. A logical step in your application after obtaining these details would be to create the user’s record (registration) in your database using the obtained details and
start a session (login) for the authenticated user.
More information about a user can be obtained by making the api calls e.g
$facebook->api(‘/me/notes’); — Users Notes
$facebook->api(‘/me/friends’); — Users Friends
$facebook->api(‘/me/permissions’); — Users Available Permissions
Full list of available information via the graph api can be found here .
NOTE : You need to explicitly get the users permission in order to view their detail. E.g you should add user_notes to your scope
scope => email,user_notes,
parameter in order to successfully obtain the user’s email and notes information via the graph api. It may be available without requesting permissions only if the user
shares this information with everyone under his/her privacy settings.
Full list of permissions can be found here
Download the Facebook login button image.
Download fbconnect.php here .
A live demo can also be found here. .
|
|
|
|
|
|
Facebook Authentication – A Simple PHP Implementation
|
Several benefits exist in adopting decentralized authentication schemes – reduction in the number of clicks required for authentication, increased conversion rates and easy user-specific customization of services . Now, this article discusses how you can log in users to your website using Facebook (decentralized) authentication schemes and the PHP SDK found on the Facebook developers website.
How it Works
Facebook Authentication is built using OAuth2.0 framework and supports two main OAuth flows. – Server side and Client Side .The server side flow which is discussed in detail in this tutorial is used when the authentication call is made from your web server .e.g your php script, jsp script etc . The client side flow is used when the authentication call is made from the client browser running Javascript or a native mobile or desktop application. These authentication calls are handled by the Facebook Graph API (http://developers.facebook.com/docs/reference/api/) which provides access to all social objects (people, pages, groups, photos). In order to utilize the Facebook Authentication, you must create an App on the Facebook developer apps page. After this you obtain an App id, API Key, and App Secret which is used in the authentication process.
The Server Side Authentication Flow
From your website or app, a user clicks the “Login with Facebook” link and is redirected to the Facebook OAuth dialog where user authentication and app authorization takes place. When invoking the OAuth dialog, you must pass in your App id (the client_id parameter) and a url (the redirect_uri parameter) to which the users browser is redirected after app authorization is concluded .The redirect_uri must be within the same domain as the Site URL you specify in Web site tab of the Developer App.
-
<span class="Apple-style-span" style="font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px; white-space: pre;">https://www.facebook.com/dialog/oauth?</span><span class="Apple-style-span" style="font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px; white-space: pre;">client_id=YOUR_APP_ID&redirect_uri=YOUR_URL</span>
If the user is already logged in, Facebook validates the login cookie stored on the user’s browser, authenticating the user. If the user is not logged in, they are prompted to enter their credentials:
Once the user is successfully authenticated, the OAuth Dialog will prompt the user to authorize the app:
By default, the user is asked to authorize the app to access basic information that is available publicly or by default on Facebook. If your app needs more than this basic information to function, you must request specific permissions from the user. This is accomplished by adding a scope parameter to the OAuth Dialog request followed by comma separated list of the required permissions. The following example shows how to ask for access to user’s email address and their news feed:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream
A full list of permissions is available here permissions reference. There is a strong inverse correlation between the number of permissions your app requests and the number of users that will allow those permissions. The greater the number of permissions you ask for, the lower the number of users that will grant them; it is recommended that you only request the permissions you absolutely need for your app.
If the user presses Don’t Allow, your app is not authorized. The OAuth Dialog will redirect (via HTTP 302) the user’s browser to the URL you passed in the redirect_uri parameter with the following error information:
http://YOUR_URL?error_reason=user_denied&
error=access_denied&error_description=The+user+denied+your+request.
If the user presses Allow, your app is authorized. The OAuth Dialog will redirect (via HTTP 302) the user’s browser to the URL you passed in the redirect_uri parameter with an authorization code:
http://YOUR_URL?code=A_CODE_GENERATED_BY_SERVER
With this code in hand, you can proceed to the next step, app authentication, to gain the access token you need to make API calls.
In order to authenticate your app, you must pass the authorization code and your app secret to the Graph API token endpoint at
https://graph.facebook.com/oauth/access_token
. The app secret is available from the Developer App and should not be shared with anyone or embedded in any code that you will.
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
If your app is successfully authenticated and the authorization code from the user is valid, the authorization server will return the access token:
In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter)
Implementation
- Setup a Facebook App Account. Obtain your App secret
- Download and extract the Facebook PHP SDK into your php project folder .https://github.com/facebook/php-sdk/ . It contains 3 folders – examples (containing a brief sample on which this tutorial is built), src (contains the main php Facebook class), and tests (test cases).
- Create a single php (fbbutton.php) to generate the login request link .
Contents of fbbutton.php is given below
- Create another file fbconnect.php to which the user will be redirected after authentication via Facebook. Contents
The Facebook login button can be downloaded here
Drawbacks to Facebook Login
|
|
|
|
|
|
How Facebook Authentication Works
|
Facebook Authentication is built using OAuth2.0 framework and supports two main OAuth flows. – Server side and Client Side .The server side flow which is discussed in detail in this tutorial is used when the authentication call is made from your web server .e.g your php script, jsp script etc . The client side flow is used when the authentication call is made from the client browser running Javascript or a native mobile or desktop application. These authentication calls are handled by the Facebook Graph API (http://developers.facebook.com/docs/reference/api/) which provides access to all social objects (people, pages, groups, photos). In order to utilize the Facebook Authentication, you must create an App accont on the Facebook developer apps page. After this you obtain an App id, API Key, and App Secret which is used in the authentication process.
The Server Side Authentication Flow
From your website or app, a user clicks the “Login with Facebook” link and is redirected to the Facebook OAuth dialog where user authentication and app authorization takes place. When invoking the OAuth dialog, you must pass in your App id (the client_id parameter) and a url (the redirect_uri parameter) to which the users browser is redirected after app authorization is concluded .The redirect_uri must be within the same domain as the Site URL you specify in Web site tab of the Developer App.
-
https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID& redirect_uri=YOUR_URL
If the user is already logged in, Facebook validates the login cookie stored on the user’s browser, authenticating the user. If the user is not logged in, they are prompted to enter their credentials:
 Facebook OAuth Dialog Source : http://developers.facebook.com/docs/authentication/
Once the user is successfully authenticated, the OAuth Dialog will prompt the user to authorize the app:
 Facebook App Authorization Source : http://developers.facebook.com/docs/authentication/
By default, the user is asked to authorize the app to access basic information that is available publicly or by default on Facebook. If your app needs more than this basic information to function, you must request specific permissions from the user. This is accomplished by adding a scope parameter to the OAuth Dialog request followed by comma separated list of the required permissions. The following example shows how to ask for access to user’s email address and their news feed:
-
https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID& redirect_uri=YOUR_URL& scope=email,read_stream
A full list of permissions is available here permissions reference. There is a strong inverse correlation between the number of permissions your app requests and the number of users that will allow those permissions. The greater the number of permissions you ask for, the lower the number of users that will grant them; it is recommended that you only request the permissions you absolutely need for your app.
If the user presses Don’t Allow, your app is not authorized. The OAuth Dialog will redirect (via HTTP 302) the user’s browser to the URL you passed in the redirect_uri parameter with the following error information:
-
http://YOUR_URL?error_reason=user_denied& error=access_denied& error_description=The+user+denied+your+request.
If the user presses Allow, your app is authorized. The OAuth Dialog will redirect (via HTTP 302) the user’s browser to the URL you passed in the redirect_uri parameter with an authorization code:
-
http://YOUR_URL? code=A_CODE_GENERATED_BY_SERVER
With this code in hand, you can proceed to the next step, app authentication, to gain the access token you need to make API calls.
In order to authenticate your app, you must pass the authorization code and your app secret to the Graph API token endpoint at
-
https://graph.facebook.com/oauth/access_token
. The app secret is available from the Developer App page and should not be shared with anyone or embedded in any code that you will distribute.
-
https://graph.facebook.com/oauth/access_token?
-
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
-
client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
If your app is successfully authenticated and the authorization code from the user is valid, the authorization server will return the access token.In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter). Finally this accesstoken can then be used to make requests to the graph api and return details on the user who has just been authenticated.
An implementation of this process using PHP is provided in the next article
Drawbacks to Facebook Login
|
|
|
|
|
|
Decentralized Authentication Schemes
|
It has become a common trend to see large websites sporting a “Login with Facebook”, or “OpenID” button. Both of these Login/ Authencation technologies are examples of decentralized authentication. This article aims to discuss motivations for decentralized authentication, how it works, and the above mentioned authentication schemes as they are used today.
(P.S these schemes are routinely updated and this article is current as of July 2011)
Birth of decentralized Authentication
Authentication is simply the process of establishing the identity of a given user. Usually in web applications that provide customized/user-specific services, we usually want to authenticate each person and provide services suited to his/her preferences.
Classic standalone authentication schemes include a registration process (where you fill a long form .. username, password, first name, last name etc), a confirmation process (via email) and finally a login process. Given that email addresses are unique identifiers (two different people usually DON’T own the same email address), they serve very well as digital identifiers for each internet user. The confirmation process simply to ensure that each user has access to the email address provided (so that you don’t register using my email address and masquerade as me :) ). However there is significant inverse correlation between the length of the registration forms and conversion rates (number of people that actually complete the registration process without giving up) – users generally hate long registration forms . It is indeed a tiring (bordering on frustrating) scenario to visit 10 websites in a day and have to fill in 10 different “long” registration forms for each website to access their services! That being said, consider a scenario where you log into just one website, and you can ask that website to tell all other websites who you are, complete with your profile details in a secure manner. This scenario pretty much sums up what decentralized authentication is all about. Several smooth decentralized authentication schemes (e.g Openid, Facebook Authentication) have been developed to achieve easy authentication across several websites. The basic idea behind these is that you authenticate yourself with one main system, which (with your permission) authenticates you to other systems.
Open ID
OpenID is an open standard that describes how users can be authenticated in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities (wikipedia)
In the case of OpenID a “provider” is the main system that authenticates users. As shown in the figure, a user is provides an OpenID value (a URL or XRL) to an external website where he/she wishes to login. The website contacts the provider which notifies the user of the exact information the external website is requesting. The user has the choice to authorize the authentication and information sharing. If yes, the external website obtains the users information (registration details and all) and saves the user the task of entering this information all over again. Several security measures are built into this elaborate process and more can be found on the OpenID website.
Facebook Authentication
Face book authentication simplifies the authentication process in a manner similar to OpenID. Users simply log into Facebook (authenticate), and now can ask Facebook to authenticate them with other external websites/services that require their information.
Facebook utilizes an IETF protocol OAuth 2.0 to selectively grant external websites/apps access to your information based on your permissions and for a given duration.
As explained on the Facebook developers website, Facebook Authentication is accomplished in 3 steps.
- First, Facebook needs to authenticate the user. This ensures that the user is who they say they are.
- Second, Facebook needs to authenticate the external website. This ensures that the user is giving their information to the intended external website and not someone else.
- Lastly, the user must explicitly authorize the external website to access their information. This ensures that the user knows exactly what data they are disclosing to the site.
Is decentralized authentication a good idea?
Yes, it sure is! From the users point of view, decentralized authentication schemes definitely make a big difference by speeding up the registration and login process on multiple websites. From website owners point of view, decentralized authentication could mean higher conversion rates and with the introduction of a robust package like Facebook Authentication, it is easy to customize pages and provide a rich social experience. OpenID and Facebook Authentication are both secure and always notify the users on the exact information that will be shared with any external website. Users reprise the rights to share any of their information.
Good old registration pages?
Under some scenarios where privacy is paramount (e.g an intranets, payment solutions etc) or where you have no choice it may be better to stick with the traditional standalone registration form. An approach to make this more usable is to collect only basic information during registration and allow users update their profiles later. A good example is twitter – Username, email, password … and voila you’ve got an account!
An interesting discussion on number of fields in a registration form and conversion rates from the marketing perspective can be found here .
|
|
|
Video Contest Win $500 from the IP Confederation
Related to country: Palestine
|
Create a 3-minute video appealing, persuading both Israelis and Palestinians to participate in the 2012 elections.The message must havea positive and light note plus promote peace and coexistence. The deadline for the Video Contest is June 15, 2011. Read Constitution, electionrules, meet the presidential and parliamentary candidates at http://ipconfederation.org/. Credit: Voice Talent: Kleo Nikolaidis Script: Vicki and Kleo Nikolaidis Copyright: Creative Commons Deed Attribution-Non-Commercial Ver. 3.0 (Please share. For free.)
|
|
|
Downtown Vancouver Hotel
|
Vancouver’s downtown boutique hotel, the Loden hotel, is located in Coal Harbour, downtown Vancouver’s most sought after community. Inspired by the area’s dynamic mountains, theirr contemporary boutique hotel uniquely captures the surrounding environment and fuses it with modern design and cultivated services, rendering it the perfect setting for an urban boutique hotel in Vancouver.
|
|
|
SEO Dallas
|
Globe Runner is a top-level seo dallas company that offers Search Engine Optimization, search marketting, social media campaigns, link building and website design. Globe Runner is the SEO Consultant that Puts You on the Map SEO Maximizes your Revenue Potential. Every day, millions of consumers search online for the services or products you sell. Search engine optimization (SEO) elevates
|
|
|
Medical Scrubs
|
BlueSkyScrubs.com is the only scrub store you need for scrubs, laboratory coats and nursing uniforms. They know you spend a lot of time in your medical scrubs, so they try to offer fashionable, easy scrubs for you to wear at your medical office, dental office or school of medicine. They provide exclusively medical scrubs that are low-cost, operational and stylish.
Their goal is to run
|
|
|
|
|
|
Gas Prices Rising and Protests in Oil-Rich Countries: How Did We Get Here?
Related to country: Saudi Arabia
available in: (original) |
|
Gas Prices Rising and Protests in Oil-Rich Countries: How Did We Get Here?
COMMENTARY | "Wadi Al-Uyoun: An outpouring of green amid the harsh, obdurate desert, as if it had burst from within the Earth or fallen from the sky. It was nothing like its surroundings, or rather had no connection with them, dazzling you with curiosity and wonder: how had water and greenery burst out in a place like this?" -- From "Cities of Salt" by Abdelrahman Munif. Translation by Peter Theroux
I often feel that many of us who love most of all the place where we were born that we have crisp, intense memories of that place. The greenest greens of summer-leaved trees, the most intense scent of wildflowers, and the unique purity of the drinking water.
With the passing of time, sadly, that reality no longer remains for others to enjoy. We only have our words to communicate the beauty Mother Nature can provide when her resources are respected.
Would you please continue reading my commentary at the following link?
http://news.yahoo.com/s/ac/20110308/pl_ac/8020508_gas_prices_rising_and_protests_in_oilrich_countries_how_did_we_get_here_1/
400 Bad request
Your browser sent an invalid request.
Automatically translated into German thanks to WorldLingo
400 Bad request
Your browser sent an invalid request.
|
|
|
Change Language
Categorized Archive
|
|
