Ahhh, there’s nothing like a conference box lunch. Thankfully so.

The example app Tyler wrote to share: Why Are You Awesome? (and source and db schema ql) (will also be posted at Tyler’s blog)

Store session keys in db and you can use them as unique user ID for stats, being sure the user’s got the latest update of your app, etc.

All the internal FB API calls are built on top of FQL, so writing your app in FQL where possible will give better performance. Ari: “The goal of FQL is not to hide any of the complexity of what we’re going to have to do […] Just to be clear: these queries aren’t just run on a DB server; they’re processed first.”

FQL supports nested selects; they’re resolved as individual ops, innermost to outermost.

Template stuff in a separate file as just FBML. (fbml.inc.php)

Interesting files:

  • index.php: the main landing for users
  • logic.inc.php:
  • fbml.inc.php: template stuff including mock AJAX

Mock AJAX can be done from a link with three properties:
<a clickrewriteid=”<div_to_rewrite>” clickrewriteurl=”<query_url>” cickrewriteform=”<form_from_dom_to_send_data_from>” …>FOO!</a>

Don’t call require_login for mock AJAX calls. Duh.

Mock AJAX returns are quite literally pushed into that div, errors included. Catch exceptions aggressively.

Security-wise, don’t access the fb_sig_{user,profile} . You can use Firebug to check how secure your calls are … if you could use Firebug to change the internals of the call and post as someone else, etc, that’d be bad, now, wouldn’t it? (Tyler did this once to Superwall a bunch of people as Mark Zuckerberg, inviting them to go shopping for NorthFace jackets. Go figger.)

Make a legit FB test account each for your dev, staging, and live apps. Make your dev, staging apps visible only to you or only to a network of folks who’re helping you. You really don’t want your dev server buried by viral adoption.

Tyler pushes with rsync and –exclude fu to keep things configurationally close.

Integrating with your existing app:

  • Add a column to track their FB id with your user id
  • Notice cookies (FB, yours, etc) and let that influence your app’s behavior

Profile Action Links (the links beneath profile pix) is more a function of the viewer than the person whose profile is being viewed.

Remember that co-developers can remove you as a developer. Choose wisely. You’re limited to 5 other than you.

All in all, was less of a “Let’s make an app!” and more “Here’s a tour of an app.” That’s fine; I wasn’t looking forward to reliving PHP4. Next: Launching and distribution

blog comments powered by Disqus


07 October 2007


facebook graphing.social hacking social networks