SELECT * FROM twisted_mind ORDER by RAND ()

This code will get the viewer’s myspace id, authenticate them, and then open the results in an iframe, then it checks to make sure it is the same user in the iframe. This lets you safely and securely display user specific details inside your app surfaces, allowing for more complex and social based apps.

This code is written for php 5.2.3, so your results may very if you aren’t using it.

First up is the code you plug into the ”edit app source” section. you will need to change the auth.php and user.php urls to ones that correspond to your server. This code gets the viewers id, and opens up a user.php page into the iframe with a $_GET variable “id” that contains the user’s myspace id. the script also sends the myspace Oauth data to auth.php, which contains a security routine to make sure the user id in the $_GET variable is actually the real user.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

<iframe FRAMEBORDER="0" FRAMEBORDER="0" FRAMEBORDER="0" ID="frame" NAME="frame" WIDTH="790" HEIGHT="1000" FRAMEBORDER="0" FRAMEBORDER="0" FRAMEBORDER="0" FRAMEBORDER="0"></iframe>
<script TYPE="text/javascript">      
function init() {      
MYOS_TRACE = true;       
var os = opensocial.Container.get();      
var dataReqObj = os.newDataRequest();      
var viewerReq = os.newFetchPersonRequest(opensocial.DataRequest.PersonId.VIEWER);      
dataReqObj.add(viewerReq);      
dataReqObj.send(dataLoadCallback);      
}        
 
var serverURL='http://www.yourdomain.com/auth.php';  //change to your domain and page      
 
function dataLoadCallback(dataResponse) {      
var viewerData = dataResponse.get(opensocial.DataRequest.PersonId.VIEWER).getData();      
var viewerName = viewerData.getField(opensocial.Person.Field.ID);      
 
    var params = {};      
    params[opensocial.ContentRequestParameters.METHOD] = opensocial.ContentRequestParameters.MethodType.GET;      
    params[opensocial.ContentRequestParameters.CONTENT_TYPE] = opensocial.ContentRequestParameters.ContentType.HTML;      
    params[opensocial.ContentRequestParameters.AUTHENTICATION] = opensocial.ContentRequestParameters.AuthenticationType.SIGNED;      
    opensocial.Container.get().makeRequest(serverURL, loadiframe, params);      
//change to your user page and domain      
document.getElementById('frame').src="http://www.yourdomain.com/user.php?id=" mce_src="http://www.yourdomain.com/user.php?id="+ viewerName;      
 
function loadiframe() {      
//here if wanted but needed due to my crappy js skills      
}      
 
}      
 
init();      
 
</script>

Up next is the auth.php page, that actually  does the authentication process. You will need to change some of the vars to correspond to your app. the skeleton_key var is used to encrypt the data so only people who have that key can decrypt it. This key can be anything, a string of text, numbers, whatever you can think of, just don’t tell anyone.
The script takes all the vars sent by Myspace, and checks to make sure the user is valid using Oauth. If everything is kosher, a file is written, on your server named the same as the user id. This file contains the user id, the given Oauth sig, the checked Oauth sig, and an encrypted version of the user id. This file can then be read and parsed by the user.php page code below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

$this_url = strtolower('http://www.yourdomain.com/auth.php'); //the url to this page 
$myspace_secret="YOUR MYSPACE SECRET KEY"; //your myspace secret key 
$skeleton_key="xxxxxx"; //your encryption key can be changed to whatever 
$test_mode =0; //change to 1 if you want to print out ids to test script    
 
$opensocial_viewer_id=$_GET[opensocial_viewer_id]; 
$oauth_signature=$_GET[oauth_signature];    
 
// check the sigs and make sure its  the real deal 
$remote_signature = $_GET['oauth_signature']; 
unset($_GET['oauth_signature']); 
ksort($_GET); 
$url=urlencode($this_url); 
$g_me=urlencode(http_build_query($_GET)); 
$base_string = "GET&$url_me&$g_me"; 
$secret = "$myspace_secret&"; 
$local_signature = base64_encode(hash_hmac("sha1", $base_string, $secret, TRUE));    
 
//if its real do it 
if ($remote_signature == "$local_signature"){ 
$token=mcrypt_ecb(MCRYPT_3DES, $skeleton_key, $opensocial_viewer_id, MCRYPT_ENCRYPT); 
//if we are in testing mode 
if($test_mode =='1'){ 
$test=mcrypt_ecb(MCRYPT_3DES, $skeleton_key, $token, MCRYPT_DECRYPT); 
$feed=fopen($opensocial_viewer_id,"w"); 
fwrite($feed,"$opensocial_viewer_id|$oauth_signature|$local_signature|$token|$test"); 
fclose($feed); 
}else{ 
//now its live mode 
$feed=fopen($opensocial_viewer_id,"w"); 
fwrite($feed,"$opensocial_viewer_id|$oauth_signature|$local_signature|$token"); 
fclose($feed); 
} // end modes 
} // end if its the real deal

This is pretty simple, using the $_GET var id, we can read the user id file, into a string, explode it into an array, and decrypt the data, and check to make sure the user is who they say they are. Make sure your skeleton_key var is the same as in your auth.php.

1
2
3
4
5
6
7
8
9
10
11

//#################################search user##############################// 
$user=$_GET[id]; 
$skeleton_key="xxxxxx"; //your encryption key must be the same as on auth.php 
$file=file_get_contents($user); 
//echo $file; //uncomment to test output 
$user_info_array=explode("|",$file); 
//print_r($user_info_array); //uncomment to test output 
$token=mcrypt_ecb(MCRYPT_3DES, $skeleton_key, $user_info_array[3], MCRYPT_DECRYPT); 
//echo "$token - $user"; //uncomment to test output 
if($token != "$user"){die ("you are not authorized");} 
//#################################search user##############################//

I can’t take credit for all of this, the javascript code and Oauth codes were modified and mashed up from these
forum posts. http://developer.myspace.com/Community/forums/t/426.aspx and http://developer.myspace.com/Community/forums/t/538.aspx

Also keep in mind the security routine is very basic and you would want to be even more thorough in your checks, to ensure your user is who they are telling you they are. I know i do

• � Comments (2)

Well I’m probably going to make some FB purists mad with this, but in my opinion, the MySpace opensocial platform is probably going to “beat” the Facebook platform. Granted this is only after creating 1 and 3/4 apps for MySpace vs. 18 or 19 for FB and assuming MySpace gives devs signed iframes like they are promising. Also MySpace isn’t live yet, so who knows what will be their version of a FB timeout and their patented weekly app breakers, err I mean code updates, But like the title says it’s a first look….

1. Ease of creating apps
If you know the html code to create an iframe and a webpage, you can basically make an app. And the webpage can be your existing blog, website etc. no need to learn FBML. Yes I know fb:iframe exists and use it extensively, but by using it you lose all the good FBML tags that make the FB platform worthwhile, so you can only use them in certain places. Within an hour or two a company could create a semi-dynamic app (without API calls) to drive traffic to their main site. 3 webpages (or one using query strings) one for profiles, one for home pages, and one for the app “canvas” page is all that is needed. Within those 3 pages is where you make the app dynamic, filling them with data like you would any other dynamic webpage. Now this won’t be very effective for smaller brands, larger well known brands would be foolish not to spend the hour to set up a basic app. I spent about 2 hours porting over the Amber Alert system from FB to MySpace, and most of that was just spent “de-facebooking”.

2. 3 integration/touch points for apps
Your app has 3 different ways for users to interact with it instead of the 2 FB allows. There’s the profile box and a “canvas” page as usual, but there is also a homepage box, where you can display app data right on the first page a user sees after login, and arguably the page a user spends their most time at. While I still use the classic skin and the standard profile I think the app boxes look better on MySpace than on Facebook.

3. More potential for monetizing with advertising
From my observations on having multiple apps on Facebook that also have MySpace counterparts that reside on “regular” webpages, Facebook users on the whole seem to have developed an ad blindness, their Myspace counterparts don’t have. I would think also with Google being the ad supplier for Myspace, Adsense targeting would improve, even for those not using the iframe option. There is also already a big ad market based on MySpace in Adwords, from products to widgets, and has been for 3-4 years, so devs won’t have to rely on selling installs or using unknown ad networks that come and go every other day. So even if targeting is off or your app isn’t targetable and all you get is run of network MySpace ads, there’s still millions of dollars in revenue up for grabs.

4. More open environment
MySpace’s more open environment should allow for apps to spread more widely and quickly than on FB. Since MySpace encourages finding new friends and usually strangers can look at each others profile’s, the chances of your app being seen are greatly increased. In fact I bet you will see users make money from selling application space on their profile, the first one? Probably tila tequila and slide lol. But even normal users that have high traffic profiles should be able to grab a few bucks. Of course all the fake profiles that spam, could end up with a steady income source and thus creating a funded spam machine.

5. Almost a year to learn from FB
Ever since FB launched their platform, MySpace has been able to sit back, watch and see what went wrong where and hopefully learn what not to do. They can also see what went right and use that as well. I expect them to have problems, but I also expect them to be different ones.

To show I’m not a Myspace or opensocial fanboy here are some issues I don’t like or don’t know about.

1. Fixed page size
Right now no matter what option you use, you are forced to use set page and box sizes. While the home and profile boxes limits are like FB with set widths, they also have a set height and scrollbars appear if you go past it. The main beef is with the “canvas” pages, while you get 800px width to work with instead of 645px, you are set at a maximum of 1000px height before the scrollbars appear. So you have to balance your page size and scrolling to fit in with the main browser window and it’s scrolling, kind of a pain.

2. Profiles displaying apps
I’m not sure how it’s going to look, or effect page load times when the normal MySpace user, piles on tons of apps on top of their already cluttered and slow-loading profiles. While it looks good on my default profile, with no other widgets, pictures, or applications, I’m probably the only MySpace user that has a profile like that. Also there doesn’t appear to be anyway to adjust the order of how the apps appear yet, nor switch sides of the profile, it’s going to be interesting to see how they deal with that.

3. API calls for users
With MySpace being so open, users have large number of friends, how will their API handle thousands of apps pulling thousands of friends and their associated data during peak traffic times? Especially in the beginning when everyone launches a top friends, entourage etc clones that will rely heavily on calls.

4. Spamming
With MySpace already infamous for spam, applications open up a whole new door to annoy their users. Each app has its own profile just like a user, separate logins, own home page with access to bulletins, images, etc. So an app appears to be able to act just like a normal user would add friends, posting bulletins. While this makes it easier to track abuse and kill an app and since the app is tied to your real user account they could kill it as well as any other apps you may have, you could still generate throwaway users and quiz apps and spam until you get banned, then rinse and repeat. Or most likely like I mentioned earlier, app devs will either take over the fake profile spam or hire it out. On the hot person’s profile instead or alongside of links to their “good pics”, you will see apps. You can’t ban the apps for it unless there’s obvious proof, spammers may just add them to make the profiles look more real, or get your competitor banned by spamming in their behalf.

5. App burn out
With there already being a ton of tools and widgets designed for MySpace already out there and being used, there really won’t really be a wow factor to cause a big rush like on FB, mostly apps will just make it easier for users, instead of copying and pasting a code for their image slideshow, they click a link. While there will be a newness factor that will cause users to shuffle thru and try as many apps as possible, it really won’t last long as all this stuff is old hat to MySpace users and the sheer volume of apps that will probably be available will make it hard for an app to stand out. Any app that has had a little success on FB, will be cloned(poorly) at least 5x and sitting there waiting for launch, with the thought that all you have to do is be the first one out, and you will be the next rockyou or slide.

• � Comments (0)