Facebook Cookbook - Jay Goldman [92]
Discussion
This tag will only work on a Canvas page, so you can’t use it in a Profile. It’s a bit of an awkward tag, since it will immediately redirect to a new URL when someone hits it, which means you’ll need to wrap it in some page logic if you don’t want the page it’s on to just send them on their way. You might, for example, use it inside a tag such as fb:if-is-group-member:
Private content goes here
Painless Image Submitting
Problem
I’ve spent hours making beautiful image buttons that I want to use to submit forms, but I can’t get them to work. Help!
Solution
Help is on the way. Use the fb:submit tag to wrap your images:
Discussion
Image buttons are all well and good, but make sure that they actually look clickable, or people are going to have a whole lot of nasty things to say about your app when they can’t make it work.
Hunting for Robots: CAPTCHA in Your App
Problem
I’m worried that people will use scripts to hack their way into my app! How can I verify that my users are real people?
Solution
Use the fb:captcha tag to display a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) on your page. The simplest form is:
which will give you something like Figure 6-61.
Figure 6-61. Facebook CAPTCHA
Discussion
CAPTCHAs were originally created in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper (all of Carnegie Mellon University), and John Langford (then of IBM). The general idea is to present users with a distorted image of a word, which computers would find very difficult to decipher but which people should be able to read quite easily. Early CAPTCHAs were quickly defeated by sophisticated algorithms, but more modern ones have surpassed all but the most dedicated of hackers (or hackers smart enough to outsource the work of cracking them to people in places such as Russia, who are reputedly paid $3/hr to interpret image after image). The acronym is an extension of the concept of a Turing test, first proposed by Alan Turing and postulated as the ultimate test for artificial intelligence: the ability to convincingly pass as human (i.e., to demonstrate intelligence). This is almost a reverse Turing test in that it’s really designed to separate the people from the machines rather than to unite us all under the Skynet banner.
When a form containing a correct CAPTCHA is submitted, you’ll find an extra POST parameter called fb_sig_captcha_grade, which will be set to 1. The parameter doesn’t show up when the CAPTCHA is false, so make sure you’re checking for it to exist rather than for it to be true or false.
The Facebook CAPTCHA is smart enough not to display itself to verified users by default (i.e., users who have logged into their account and already proven to Facebook that they’re human), but you can force them to by adding the showalways parameter:
I wouldn’t suggest adding these on every page of your app—they get annoying pretty quickly—but if you’re doing anything that people might want to automate (entering contests, signing up for free stuff, etc.), you’re entirely justified in sticking one in your form.
NOTE
Facebook’s CAPTCHAS are actually provided by a really interesting service called reCAPTCHA, which is a Carnegie Mellon project. According to their website, people around the world solve over 60 million CAPTCHAs a day, which at about 10 seconds each adds up to over 150,000 hours of lost time. They realized that human processing time could be used for something valuable, and so their CAPTCHA images are actually text that various