How to verify a users facebook id when making ajax posts to php in facebook app

Question

I am looking for a way to verify a users facebook id when posting user specific data using ajax.

I want to be able to verify that a facebook user id is correct when post

Answer 1

I know you want to avoid doing graph calls, but you can make a call client side as well and call the Facebook API:

FB.api('/me', function(response) {
  // Check that response.id matches the submitting user id
});

This will allow you to check against the logged in user's Facebook id. There's no way you can really modify anything in the javascript to 'fake' being a different logged in Facebook user.

Otherwise, I'm not sure how else you can verify the id unless you have a whole login system yourself, where by you can match session data to saved user data on the database on the server side.

Answer 2

In the end my solution was to grab the users facebook id via the php sdk and creating a hash of it by adding a salt and encoding it with md5. When posting the form I include both the facebook id and the hash. I can then use the same salt value to double check that the facebook idea is correct before using it. This seems to provide enough security for my needs.