post.php

<?php

	$app_id = "APP_ID";
	$app_secret = "APP_SECRET";
	$my_url = "MY_URL";

	session_start();

	$code = $_REQUEST["code"];

	if(empty($code)) {
	 $_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
	 $dialog_url = "https://www.facebook.com/dialog/oauth?client_id=" 
	   . $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
	   . $_SESSION['state'] . "&scope=publish_actions";

	 echo("<script> top.location.href='" . $dialog_url . "'</script>");
	}

	if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state'])) {
     $token_url = "https://graph.facebook.com/oauth/access_token?"
       . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
       . "&client_secret=" . $app_secret . "&code=" . $code;

     $response = file_get_contents($token_url);
     $params = null;
     parse_str($response, $params);

     $_SESSION['access_token'] = $params['access_token'];

     $graph_url = "https://graph.facebook.com/me/feed?access_token=" 
       . $params['access_token'];

	 $postdata = http_build_query(
 					array(
                          'message' => "Test Message",
                          'name' => "A Publish Test",
                          'description' => "Description about the publish",
                          'link' => "http://phwd.github.com",
                          'picture' => "http://cvcl.mit.edu/hybrid/cat2.jpg"
                      )
	 );
	
	 $opts = array('http' =>
         array(
          'method'=> 'POST',
          'header'=>
            'Content-type: application/x-www-form-urlencoded',
          'content' => $postdata
          )
         );

	$context  = stream_context_create($opts);
        $result = json_decode(file_get_contents($graph_url, false, 
           $context));    
 
	echo("Result " . $result->id);
   }
   else {
     echo("The state does not match. You may be a victim of CSRF.");
   }	

?>