Whats wrong with my facebook php script

[wright67uk]

The below script generates an infinate loop, hangs, and creates hundeds of mysql records (all duplicates), can you see anything that stands out in my script, that coul dbe causing this?

 

I want to see wether or not I should rule out the script as the cause.

 

index.php

<?php

session_start();

if (!empty($_SESSION)) {
    header("Location: index.php");
}
mysql_connect(CONNECTS FINE) or die(mysql_error());
mysql_select_db('DBNAME') or die(mysql_error());

# require library
require("facebook.php");

# Creating the facebook object
$facebook = new Facebook(array(
            'appId' => 'appid', //hidden for forum
            'secret' => 'secretnumber', //hidden for forum
            'cookie' => true
        ));

# check active session
$session = $facebook->getSession();


if (!empty($session)) {
    # session active, get user id (getUser()) and user info (api->('/me'))
    try {
        $uid = $facebook->getUser();
        $fb_access_token=$session['access_token'];
        $url = $facebook->getLoginUrl(array(
            'req_perms' => 'email,status_update,publish_stream'
                ));
        $user = $facebook->api('/me');
        $photolink = 'http://graph.facebook.com/'.$user['id'].'/picture?type=square';
        $param = array(
            'method' => 'users.getInfo',
            'uids' => uid,
            'fields' => 'pic_big'
        );
        $users_getinfo = $facebook->api($param);
    } catch (Exception $e) {

    }

    if (!empty($user)) {
        # active session, check if already registered the user
        $query = mysql_query("SELECT * FROM users WHERE oauth_provider = 'facebook' AND oauth_uid = " . $user['id']);
        $result = mysql_fetch_array($query);


        # If not, add it to the database
        if (empty($result)) {
            $query = mysql_query("INSERT INTO users (oauth_uid, oauth_provider, username, first_name, last_name, email, pic_square) VALUES ('facebook', {$user['id']}, '{$user['name']}', '{$user['first_name']}', '{$user['last_name']}','{$user['email']}', '".$photolink."')");
            $query = mysql_query("SELECT * FROM users WHERE id = " . mysql_insert_id());
            $result = mysql_fetch_array($query);
        }


        // variables in the session 
        $_SESSION['id'] = $result['id'];
        $_SESSION['oauth_uid'] = $result['oauth_uid'];
        $_SESSION['oauth_provider'] = $result['oauth_provider'];
        $_SESSION['username'] = $result['username'];
    } else {
        # if error, kill the script
        die("There was an error.");
    }

    $api_call = array(
        'method' => 'users.hasAppPermission',
        'uid' => $uid,
        'ext_perm' => 'publish_stream'
    );
    $can_post = $facebook->api($api_call);
    if ($can_post) {
        # post it! 
        $facebook->api('/' . $uid . '/feed', 'post', array(
            'message' => 'This is intercake test message',
            'name' => 'Random Contest',
            'description' => 'Participate in Random Contest and Win prizes.',
            'caption' => 'WIN prizes by suggesting us a Slogan for our new Random App!',
            'picture' => 'http://www.masudonline.net/camry/headar.jpg',
            'link' => 'http://apps.facebook.com/camryslgn/'
        ));
        echo 'Posted!';
    } else {
        die('Permissions required!');
    }
} else {
    # no active session, generate one
    $login_url = $facebook->getLoginUrl();
    header("Location: " . $login_url);
}

?>

[Psycho]

if (!empty($user)) {
        # active session, check if already registered the user
        $query = mysql_query("SELECT * FROM users WHERE oauth_provider = 'facebook' AND oauth_uid = " . $user['id']);
        $result = mysql_fetch_array($query);


        # If not, add it to the database
        if (empty($result)) {
            $query = mysql_query("INSERT INTO users (oauth_uid, oauth_provider, username, first_name, last_name, email, pic_square) VALUES ('facebook', {$user['id']}, '{$user['name']}', '{$user['first_name']}', '{$user['last_name']}','{$user['email']}', '".$photolink."')");
            $query = mysql_query("SELECT * FROM users WHERE id = " . mysql_insert_id());
            $result = mysql_fetch_array($query);
        }

 

I don't see what would be causing the infinite loop, but the above certainly looks wrong. You do a SELECT query looking for a match where:

    oauth_provider = 'facebook' AND

    oauth_uid = $user['id']

 

If such a record does not exist you create a new record setting those two fields to

    oauth_provider = $user['id'] AND

    oauth_uid =  'facebook'

 

So, no matter how many times you insert the record there will never be a match on a subsequent run.

[cpd]

I would handle the exception to ensure its working fine; just var_dump($e); inside the catch section.

 

I also noted you've written 'uids' => uid - assumed $uid - inside the try statement.

 

 

Just to simplify slightly what Phsyco said. How can you expect to set $_SESSION['id'] and the rest of them when $result is empty?